www.webdeveloper.com
Results 1 to 4 of 4

Thread: Need advice on preventing hacker attempt

Hybrid View

  1. #1
    Join Date
    Dec 2009
    Location
    West-Central, MN
    Posts
    41

    Need advice on preventing hacker attempt

    Hello,

    I'm not too sure this is the right forum section for this, since this is regarding managing the Web site hosted on a shared server.

    A web site I manage was just hacked today by having the .htaccess file completely rewritten and the home page had a HUGE string of characters in php tags added to the end page. My client was pretty freaked out - I was kinda too!

    Can the following prevent the .htaccess file from being accessed?
    Code:
    <Files .htaccess>
         deny from all
    </Files>
    How does this happen in the first place and what can I do to prevent an outside source from modifying a file's code?

    Thanks!

  2. #2
    Join Date
    Dec 2005
    Posts
    2,984
    Well, if you're server is running apache then it should already have the following measure preventing that from happening in the httpd.conf file:
    Code:
    <FilesMatch "^\.ht">
        Order allow,deny
        Deny from all
        Satisfy All
    </FilesMatch>
    Before you edit your .htaccess file, just try to access the .htaccess file using your browser now. There's no way you should be able to do it.

    Chances are, the site got hacked because either somebody obtained the username and password (i.e. login credentials) and FTP-ed their own stuff to the server, or they were able to upload malicious code (e.g. a file that contained server side code and could be executed by typing it's name in the browser).

  3. #3
    Join Date
    Dec 2009
    Location
    West-Central, MN
    Posts
    41
    There's more to the story:

    After having worked with the hosting tech support I found out that their system determined that the hack attempt came from my own computer!

    The odd thing is, the site owner received an email warning of a hack attempt before I even accessed the site today.

    Really weird...

  4. #4
    Join Date
    Dec 2005
    Posts
    2,984
    What dictates a hack attempt? Trying to guess the password?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles