jackflash Posted December 11, 2012 Share Posted December 11, 2012 My hosting company told me that hackers are getting in via the .httaccess file and to delete them. Do I need to actually have that file present in my file? Pros / Cons ? Link to comment Share on other sites More sharing options...
Aiwa Posted December 11, 2012 Share Posted December 11, 2012 I've seen hackers edit .htaccess files to create rewrite rules and redirect to their site, but never have I seen an .htaccess file be the SOURCE of the intrusion.. .htaccess files serve their purpose and I wouldn't recommend you remove them... In fact, I'd recommend you put them in certain directories to keep certain file types from being executed.. You should be aware of what's in your .htaccess files... If one has been rewritten by a hacker, you should delete that one and replace it with a clean one... Link to comment Share on other sites More sharing options...
Dmacleo Posted December 11, 2012 Share Posted December 11, 2012 how are they even getting at your htaccess file? Link to comment Share on other sites More sharing options...
Aiwa Posted December 11, 2012 Share Posted December 11, 2012 how are they even getting at your htaccess file? Only way I can think of is a compromised server account, FTP, etc... If they have access to your server, you can delete .htaccess files all you want, they'll just recreate them... Link to comment Share on other sites More sharing options...
Dmacleo Posted December 11, 2012 Share Posted December 11, 2012 that what I was concerned about. Link to comment Share on other sites More sharing options...
3DKiwi Posted December 11, 2012 Share Posted December 11, 2012 Password protecting your admin directory creates a htaccess file. Since doing this I've haven't been hacked. I also use one for IP Content and furls. Link to comment Share on other sites More sharing options...
jackflash Posted December 11, 2012 Author Share Posted December 11, 2012 I've seen hackers edit .htaccess files to create rewrite rules and redirect to their site, but never have I seen an .htaccess file be the SOURCE of the intrusion.. .htaccess files serve their purpose and I wouldn't recommend you remove them... In fact, I'd recommend you put them in certain directories to keep certain file types from being executed.. You should be aware of what's in your .htaccess files... If one has been rewritten by a hacker, you should delete that one and replace it with a clean one... what's good content to place into that file? Link to comment Share on other sites More sharing options...
Aiwa Posted December 11, 2012 Share Posted December 11, 2012 ACP > Security Center. PHP / CGI .htaccess protection... Run it.. .htaccess in your forum root... the mod_rewrite IPS gives you in the system settings to remove the index.php... ACP > Security Center. IP.Board ACP .htaccess protection... Creates a secondary username and password to access the /admin directory... Make it whatever you want (does NOT have to be a valid IP.Board login) Link to comment Share on other sites More sharing options...
jackflash Posted December 12, 2012 Author Share Posted December 12, 2012 ACP > Security Center. PHP / CGI .htaccess protection... Run it.. .htaccess in your forum root... the mod_rewrite IPS gives you in the system settings to remove the index.php... ACP > Security Center. IP.Board ACP .htaccess protection... Creates a secondary username and password to access the /admin directory... Make it whatever you want (does NOT have to be a valid IP.Board login) Got it and I will do these steps now. What information should be in that .htaccess file? Right now, it shows the below: # Use PHP5 Single php.ini as default AddHandler application/x-httpd-php5s .php Thanks for the help! :) Link to comment Share on other sites More sharing options...
Aiwa Posted December 12, 2012 Share Posted December 12, 2012 You sure that's the only thing in it? Make sure you've scrolled all the way to the bottom of the file and make sure it's just those 2 lines... Those 2 lines are fine. You'd add the IP.Board mod_rewrite... It depends on where your board is installed on what it would be... ACP > System Settings > Search Engine Optimization.. It will tell you what to put in there... Link to comment Share on other sites More sharing options...
jackflash Posted December 12, 2012 Author Share Posted December 12, 2012 Here's a screen shot of one of the sites. After looking at them, they all look the same. Not even sure if the settings are optimal? Link to comment Share on other sites More sharing options...
Aiwa Posted December 12, 2012 Share Posted December 12, 2012 If you have Friendly URLs turned on in your conf_global.php file.. Set the top one and the third one to YES and put the <ifModule mod_rewrite.c> and the rest of the text there in your .htaccess file that's in your forums root directory.. If your board is installed in root, it will just be /index.php [L] If it's installed in /forums it would be /forums/index.php[L] That's the only reason I suggested you check your forum.. Link to comment Share on other sites More sharing options...
Dmacleo Posted December 12, 2012 Share Posted December 12, 2012 whats with the incorrect permalink setting? I don't have that setting. Link to comment Share on other sites More sharing options...
jackflash Posted December 12, 2012 Author Share Posted December 12, 2012 I've tried this on a few sites, however, it produces a 500 server error. Forum is the root Config. file set to: $INFO['use_friendly_urls'] = '1'; htaccess file set to: # Use PHP5 Single php.ini as default AddHandler application/x-httpd-php5s .php <IfModule mod_rewrite.c> Options -MultiViews RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteRule .(jpeg|jpg|gif|png)$ /public/404.php [NC,L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> Link to comment Share on other sites More sharing options...
Aiwa Posted December 12, 2012 Share Posted December 12, 2012 Make sure you turn the setting next to all that text to YES when you put that ifModule in your .htaccess. Link to comment Share on other sites More sharing options...
jackflash Posted December 12, 2012 Author Share Posted December 12, 2012 Make sure you turn the setting next to all that text to YES when you put that ifModule in your .htaccess. not sure I understand? can you PLEASE provide an example? Link to comment Share on other sites More sharing options...
Aiwa Posted December 12, 2012 Share Posted December 12, 2012 Once you save your .htaccess file in your site root with the <ifModule mod_rewrite.c> stuff.. You HAVE to toggle the 'Use .htaccess mod_rewrite' setting to YES. Link to comment Share on other sites More sharing options...
jackflash Posted December 12, 2012 Author Share Posted December 12, 2012 Got it - the file wasn't uploading properly. THANKS for your help on this!! :) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.