11 {{ upvoteCount | shortNum }}
11 {{ upvoteCount | shortNum }}

Can htaccess be hacked?

by galisgos
9 replies
Hi,

I've been using htaccess to keep out referrer spam. Today I've logged in and I've found my Htaccess file with all the rules deleted and just this:


# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress


The question is, how could the file be changed? Could a plugin change it? How can I get the rules back to block URLS?

What precautions could I take to ensure saftey?
#hacked #htaccess
  • Profile picture of the author stereoboy
    Probably when you installed Wordpress it overwrote your .htaccess file.
    Any script could change the .htaccess files, Wordpress does it via PHP.
    If you still have your old copy, just paste the rules after '# END WordPress'.
    Then both should work.

    Changing permissions on the .htaccess file might prevent scripts editing it.
    {{ DiscussionBoard.errors[4438499].message }}
  • Profile picture of the author mattprince789
    They're probably doing it this way as they had detected an exploit in the web servers which allow them to add lines to text files. It takes a line added to .htaccess to redirect requests to the rogue site. This also has the added "benefit" of not alert the owner of the site too quickly as we are likely to visit it via a direct link, without sending referrer info.
    {{ DiscussionBoard.errors[4450963].message }}
  • Profile picture of the author Harrison_Uhl
    Use a sync, or FTP mirror script to compare your website files to an offsite 'master' copy. This can detect hacks (or accidents) and will also assure you that you have an offsite copy for quick restore.

    Harrison
    {{ DiscussionBoard.errors[4459980].message }}
  • Profile picture of the author Content Publisher
    Is probably a WordPress plugin doing it, yep.

    Either that or your actual hosting account/login has been comprimised. But if this was the case, the hackers would probably do more than simply deleting some commands out of .htaccess.

    So yep, is probably WordPress/a plugin.
    Signature
    Follow me as I build my content publishing business from $0 to a full time income.

    "The harder the conflict, the more glorious the triumph. What we obtain too cheaply, we esteem too lightly; it is dearness only that gives everything its value." - Thomas Paine
    {{ DiscussionBoard.errors[4460227].message }}
  • Profile picture of the author leppozdrav
    When the read/.write permissions of your .htcceess file is for a toss,it can be easily hacked by beginners too!!

    Make sure your read wite access is 455 to keep it safe!!
    Signature
    www.seorockstars.net
    {{ DiscussionBoard.errors[4461474].message }}
    • Profile picture of the author ian buckingham
      Originally Posted by leppozdrav View Post

      When the read/.write permissions of your .htcceess file is for a toss,it can be easily hacked by beginners too!!

      Make sure your read wite access is 455 to keep it safe!!
      Originally Posted by Harrison_Uhl View Post

      Use a sync, or FTP mirror script to compare your website files to an offsite 'master' copy.
      Harrison
      yes these two are exactly what i would have done.
      it is so easy to overwrite stuff I use filezilla and compare files i have overwritten id also make sure you haven't written all of your sub directories to "777" for instance when you did any CHMOD.
      Setting it to 455 as lepozdrav said is definitely the way forward for you.
      {{ DiscussionBoard.errors[4464397].message }}
  • Profile picture of the author dogmachris
    .htaccess can usually only be hacked by people having direct access to your FTP account. I don't think you have many other ways to access .htaccess, most CMS won't allow you to do that directly from the backend, so yeah, your problem might come from your WP-configuration.
    {{ DiscussionBoard.errors[4472116].message }}
  • Profile picture of the author Istvan Horvath
    That was not hacked and it was not a WP plugin.

    It was WordPress itself that over-wrote it when you set your "nice" permalinks.
    That's the price of letting scripts to handle your files instead of doing it manually...
    Signature

    {{ DiscussionBoard.errors[4473746].message }}

Trending Topics