I'm not too sure this is the right forum section for this, since this is regarding managing the Web site hosted on a shared server.
A web site I manage was just hacked today by having the .htaccess file completely rewritten and the home page had a HUGE string of characters in php tags added to the end page. My client was pretty freaked out - I was kinda too!
Can the following prevent the .htaccess file from being accessed?
deny from all
How does this happen in the first place and what can I do to prevent an outside source from modifying a file's code?
Well, if you're server is running apache then it should already have the following measure preventing that from happening in the httpd.conf file:
Deny from all
Before you edit your .htaccess file, just try to access the .htaccess file using your browser now. There's no way you should be able to do it.
Chances are, the site got hacked because either somebody obtained the username and password (i.e. login credentials) and FTP-ed their own stuff to the server, or they were able to upload malicious code (e.g. a file that contained server side code and could be executed by typing it's name in the browser).
I've switched careers...
I'm NO LONGER a scientist,
but now a web developer...