My hosting company told me that hackers are getting in via the .httaccess file and to delete them.

Do I need to actually have that file present in my file? Pros / Cons ?

I've seen hackers edit .htaccess files to create rewrite rules and redirect to their site, but never have I seen an .htaccess file be the SOURCE of the intrusion..

.htaccess files serve their purpose and I wouldn't recommend you remove them... In fact, I'd recommend you put them in certain directories to keep certain file types from being executed..

You should be aware of what's in your .htaccess files... If one has been rewritten by a hacker, you should delete that one and replace it with a clean one...

how are they even getting at your htaccess file?

 

how are they even getting at your htaccess file?

Only way I can think of is a compromised server account, FTP, etc... If they have access to your server, you can delete .htaccess files all you want, they'll just recreate them...

that what I was concerned about.

Password protecting your admin directory creates a htaccess file. Since doing this I've haven't been hacked. I also use one for IP Content and furls.

 

I've seen hackers edit .htaccess files to create rewrite rules and redirect to their site, but never have I seen an .htaccess file be the SOURCE of the intrusion..

.htaccess files serve their purpose and I wouldn't recommend you remove them... In fact, I'd recommend you put them in certain directories to keep certain file types from being executed..

You should be aware of what's in your .htaccess files... If one has been rewritten by a hacker, you should delete that one and replace it with a clean one...

what's good content to place into that file?

ACP > Security Center. PHP / CGI .htaccess protection... Run it..

.htaccess in your forum root... the mod_rewrite IPS gives you in the system settings to remove the index.php...

ACP > Security Center. IP.Board ACP .htaccess protection... Creates a secondary username and password to access the /admin directory... Make it whatever you want (does NOT have to be a valid IP.Board login)

 

ACP > Security Center. PHP / CGI .htaccess protection... Run it..

.htaccess in your forum root... the mod_rewrite IPS gives you in the system settings to remove the index.php...

ACP > Security Center. IP.Board ACP .htaccess protection... Creates a secondary username and password to access the /admin directory... Make it whatever you want (does NOT have to be a valid IP.Board login)

Got it and I will do these steps now. What information should be in that .htaccess file? Right now, it shows the below:

# Use PHP5 Single php.ini as default
AddHandler application/x-httpd-php5s .php

Thanks for the help! :)

You sure that's the only thing in it? Make sure you've scrolled all the way to the bottom of the file and make sure it's just those 2 lines...

Those 2 lines are fine.

You'd add the IP.Board mod_rewrite... It depends on where your board is installed on what it would be...

ACP > System Settings > Search Engine Optimization.. It will tell you what to put in there...

Here's a screen shot of one of the sites. After looking at them, they all look the same.

Not even sure if the settings are optimal?

If you have Friendly URLs turned on in your conf_global.php file..

Set the top one and the third one to YES and put the <ifModule mod_rewrite.c> and the rest of the text there in your .htaccess file that's in your forums root directory..

If your board is installed in root, it will just be /index.php [L]

If it's installed in /forums it would be /forums/index.php[L] That's the only reason I suggested you check your forum..

whats with the incorrect permalink setting?

I don't have that setting.

I've tried this on a few sites, however, it produces a 500 server error.

Forum is the root

Config. file set to:

$INFO['use_friendly_urls'] = '1';

htaccess file set to:

# Use PHP5 Single php.ini as default
AddHandler application/x-httpd-php5s .php

<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .(jpeg|jpg|gif|png)$ /public/404.php [NC,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Make sure you turn the setting next to all that text to YES when you put that ifModule in your .htaccess.

 

Make sure you turn the setting next to all that text to YES when you put that ifModule in your .htaccess.

not sure I understand? can you PLEASE provide an example?

Once you save your .htaccess file in your site root with the <ifModule mod_rewrite.c> stuff..

You HAVE to toggle the 'Use .htaccess mod_rewrite' setting to YES.

Got it - the file wasn't uploading properly.

THANKS for your help on this!! :)