Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
jackflash Posted December 11, 2012 Posted December 11, 2012 My hosting company told me that hackers are getting in via the .httaccess file and to delete them. Do I need to actually have that file present in my file? Pros / Cons ?
Aiwa Posted December 11, 2012 Posted December 11, 2012 I've seen hackers edit .htaccess files to create rewrite rules and redirect to their site, but never have I seen an .htaccess file be the SOURCE of the intrusion.. .htaccess files serve their purpose and I wouldn't recommend you remove them... In fact, I'd recommend you put them in certain directories to keep certain file types from being executed.. You should be aware of what's in your .htaccess files... If one has been rewritten by a hacker, you should delete that one and replace it with a clean one...
Dmacleo Posted December 11, 2012 Posted December 11, 2012 how are they even getting at your htaccess file?
Aiwa Posted December 11, 2012 Posted December 11, 2012 how are they even getting at your htaccess file? Only way I can think of is a compromised server account, FTP, etc... If they have access to your server, you can delete .htaccess files all you want, they'll just recreate them...
3DKiwi Posted December 11, 2012 Posted December 11, 2012 Password protecting your admin directory creates a htaccess file. Since doing this I've haven't been hacked. I also use one for IP Content and furls.
jackflash Posted December 11, 2012 Author Posted December 11, 2012 I've seen hackers edit .htaccess files to create rewrite rules and redirect to their site, but never have I seen an .htaccess file be the SOURCE of the intrusion.. .htaccess files serve their purpose and I wouldn't recommend you remove them... In fact, I'd recommend you put them in certain directories to keep certain file types from being executed.. You should be aware of what's in your .htaccess files... If one has been rewritten by a hacker, you should delete that one and replace it with a clean one... what's good content to place into that file?
Aiwa Posted December 11, 2012 Posted December 11, 2012 ACP > Security Center. PHP / CGI .htaccess protection... Run it.. .htaccess in your forum root... the mod_rewrite IPS gives you in the system settings to remove the index.php... ACP > Security Center. IP.Board ACP .htaccess protection... Creates a secondary username and password to access the /admin directory... Make it whatever you want (does NOT have to be a valid IP.Board login)
jackflash Posted December 12, 2012 Author Posted December 12, 2012 ACP > Security Center. PHP / CGI .htaccess protection... Run it.. .htaccess in your forum root... the mod_rewrite IPS gives you in the system settings to remove the index.php... ACP > Security Center. IP.Board ACP .htaccess protection... Creates a secondary username and password to access the /admin directory... Make it whatever you want (does NOT have to be a valid IP.Board login) Got it and I will do these steps now. What information should be in that .htaccess file? Right now, it shows the below: # Use PHP5 Single php.ini as default AddHandler application/x-httpd-php5s .php Thanks for the help! :)
Aiwa Posted December 12, 2012 Posted December 12, 2012 You sure that's the only thing in it? Make sure you've scrolled all the way to the bottom of the file and make sure it's just those 2 lines... Those 2 lines are fine. You'd add the IP.Board mod_rewrite... It depends on where your board is installed on what it would be... ACP > System Settings > Search Engine Optimization.. It will tell you what to put in there...
jackflash Posted December 12, 2012 Author Posted December 12, 2012 Here's a screen shot of one of the sites. After looking at them, they all look the same. Not even sure if the settings are optimal?
Aiwa Posted December 12, 2012 Posted December 12, 2012 If you have Friendly URLs turned on in your conf_global.php file.. Set the top one and the third one to YES and put the <ifModule mod_rewrite.c> and the rest of the text there in your .htaccess file that's in your forums root directory.. If your board is installed in root, it will just be /index.php [L] If it's installed in /forums it would be /forums/index.php[L] That's the only reason I suggested you check your forum..
Dmacleo Posted December 12, 2012 Posted December 12, 2012 whats with the incorrect permalink setting? I don't have that setting.
jackflash Posted December 12, 2012 Author Posted December 12, 2012 I've tried this on a few sites, however, it produces a 500 server error. Forum is the root Config. file set to: $INFO['use_friendly_urls'] = '1'; htaccess file set to: # Use PHP5 Single php.ini as default AddHandler application/x-httpd-php5s .php <IfModule mod_rewrite.c> Options -MultiViews RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteRule .(jpeg|jpg|gif|png)$ /public/404.php [NC,L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule>
Aiwa Posted December 12, 2012 Posted December 12, 2012 Make sure you turn the setting next to all that text to YES when you put that ifModule in your .htaccess.
jackflash Posted December 12, 2012 Author Posted December 12, 2012 Make sure you turn the setting next to all that text to YES when you put that ifModule in your .htaccess. not sure I understand? can you PLEASE provide an example?
Aiwa Posted December 12, 2012 Posted December 12, 2012 Once you save your .htaccess file in your site root with the <ifModule mod_rewrite.c> stuff.. You HAVE to toggle the 'Use .htaccess mod_rewrite' setting to YES.
jackflash Posted December 12, 2012 Author Posted December 12, 2012 Got it - the file wasn't uploading properly. THANKS for your help on this!! :)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.