Need advice on preventing hacker attempt

[eventide]

Hello,

I'm not too sure this is the right forum section for this, since this is regarding managing the Web site hosted on a shared server.

A web site I manage was just hacked today by having the .htaccess file completely rewritten and the home page had a HUGE string of characters in php tags added to the end page. My client was pretty freaked out - I was kinda too!

Can the following prevent the .htaccess file from being accessed?

Code:

<Files .htaccess>
     deny from all
</Files>

How does this happen in the first place and what can I do to prevent an outside source from modifying a file's code?

Thanks!

[aj_nsc]

Well, if you're server is running apache then it should already have the following measure preventing that from happening in the httpd.conf file:

Code:

<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

Before you edit your .htaccess file, just try to access the .htaccess file using your browser now. There's no way you should be able to do it.

Chances are, the site got hacked because either somebody obtained the username and password (i.e. login credentials) and FTP-ed their own stuff to the server, or they were able to upload malicious code (e.g. a file that contained server side code and could be executed by typing it's name in the browser).

[eventide]

There's more to the story:

After having worked with the hosting tech support I found out that their system determined that the hack attempt came from my own computer!

The odd thing is, the site owner received an email warning of a hack attempt before I even accessed the site today.

Really weird...

[aj_nsc]

What dictates a hack attempt? Trying to guess the password?