?
Solved

your opinion about this .htaccess file?

Posted on 2013-12-20
8
Medium Priority
?
341 Views
Last Modified: 2013-12-30
Hi friends. I have a WordPress site that was compromised. Last night, someone made changes in the web site --disabling security plugins.

I am reviewing changed files. Here is the .htaccess file; what do you think of it? Does this look like nefarious code? Please give me your thoughts and wisdom, if you have time. Thank you as always.

Eric

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Open in new window

0
Comment
Question by:Eric Bourland
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 30

Accepted Solution

by:
Randy Downs earned 2000 total points
ID: 39732677
Looks like the standard file for perma links

http://wordpress.org/support/topic/i-destroyed-my-site-default-htaccess

ere is a very basic htaccess file using "pretty permalinks"

# BEGIN WordPress

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
0
 
LVL 3

Author Closing Comment

by:Eric Bourland
ID: 39732722
Very reassuring. Thank you very much, and happy holiday!

Eric
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 39732769
Of course, you still don't know how they got in and what other code has been messed with.  So I wouldn't be all that reassured :)
0
Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

 
LVL 3

Author Comment

by:Eric Bourland
ID: 39732785
I know. I have inherited a big mess. I might be back. =)

Peace.

Eric
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 39733018
Merry Christmas!

All kidding aside, run a free Sucuri scan on the site and see if it picks up a modified file.  If you find yourself doing this semi-often consider a subscription to Sucuri where they go in and clean it for you or StopTheHacker (similar service).
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 39746483
Jason,

I hope your holidays are treating you with peace and other good things.

Good advice about Sucuri. I still have a hacked site I am trying to unhack and secure. In the process I am learning a ton about WordPress. =)

I am curious to know how Sucuri or StopTheHacker can find all affected files -- they are .js files I think, but I also think that if these nefarious .js files are removed, they regenerate themselves. It would be so helpful to know just what Sucuri et al. does to remedy that.

I will run all of this past the client and see what he wants to do. A Sucuri investigation and report might be what I need to see next.

I have another WordPress question I will post here in a little while, after scratching my head about it for a few days.

Hope you are well.

Eric
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 39746938
I am curious to know how Sucuri or StopTheHacker can find all affected files -- they are .js files I think, but I also think that if these nefarious .js files are removed, they regenerate themselves. It would be so helpful to know just what Sucuri et al. does to remedy that.

Sucuri and StopTheHacker both offer two levels of service.  The basic level is the free site scans which simply sends a robot to access the page you tell them to access and analyzes the code returned by your server.  So if there is malicious code present in the JS files or the rendered HTML, the robot sees it and should be able to tell you which file is currently compromised which is helpful but doesn't help you fix it.

The true value is the paid service.  You usually have to give them SSH or SFTP access to your server but they will then go in and scan all WordPress files and look for files with different checksums than what is expected from normal.  Since almost every file in the WordPress core (except for themes and plugins, really) don't change after installation, the checksums can be used to determine if a file has been modified.  If so, you look at the file for injected code and from there identifying the malware and removing it is pretty simple.  Sucuri and StopTheHacker can also change the files and server settings to remove common WordPress security holes that allow for malware to be inserted.  Sucuri also offers a plugin that works as both a file change log and IP blacklister which is kind of nice.  Not sure if StopTheHacker has a similar function.

If the client can afford it, a better option than Sucuri or StopTheHacker is the higher levels of service from VaultPress.  VaultPress backs up your entire WordPress site, files and database both, and also provides a complete log of changes made to files and databases.  If you pay for the second tier or higher of the service, they will alert you to malware infections and let you instantly roll back to a known, good state.
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 39747214
Jason, thank you as always. Very useful information. I will discuss this with the client.

Hope you're great.

All best,

Eric
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Now that you've installed WordPress 2.9 (http://www.experts-exchange.com/articles/Web_Development/Blogs/WordPress/WordPress-2-9-What-to-Expect-When-Upgrading-to-WordPress-2-9.html?) on your site, you need to install some plugins to get the most out …
WordPress has made it easy to create scalable sites based on their powerful CMS, but as great as WordPress is, there are some SEO issues that haven’t been addressed out of the box.  Fortunately these problems can be solved with a few plugins.  The f…
The purpose of this video is to demonstrate how to create a Printer Friendly PDF on a WordPress Page. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome Screenshot” Google Chrome Extension, and SmallPDF.com Log…
The purpose of this video is to demonstrate how to add AdSense Ads to a WordPress Website, and how to set up WordPress to automatically place Ads in Sidebars. This will be demonstrated using a Windows 8 PC. Log into your AdSense account. : Cli…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question