[ale] anybody got a stock .htaccess for read-only apache website

Neal Rhodes neal at mnopltd.com
Fri Aug 11 15:07:25 EDT 2017 

Thank you for the reply, but it totally baffles me.   This is totally
different from prior topic I raised on a different server. 

Someone is scanning all the godaddy hosted servers, and is
embedding .php files in them, and updating the .htaccess file, in an
apparent attempt to hijack innocent browser users accessing the sites
supported there, which for me is essentially the Lilburn Oktoberfest,
the Lloyd Shaw Dance foundation, and Maine Geneology. 

I have found and removed all the .php files they created.  Apparently
they attempted to rewrite rules to re-direct access to html file into
their duplicated .php files. 

I have removed the glop they added to the .htaccess, but don't know if
there are other restrictive measures I should be taking in there to
reduce the potential in the future.  

I do not see how this relates to rsync and ssh. 



On Fri, 2017-08-11 at 14:32 -0400, DJ-Pfulio wrote:

> I would assume a php addon has a security problem or some custom php code has
> some flaw.
> 
> Is there a reason rsync+ssh isn't used - or even git?  git cryptographically
> validates.  "Because we never needed to before" **is** a value answer.  ;)
> 
> 
> On 08/11/2017 02:12 PM, Neal Rhodes wrote:
> > Apparently my Godaddy linux apache website has been hacked by someone who
> > planted some bogus .php files, and overwrote my primary .htaccess.
> > 
> > Godaddy discovered it.
> > 
> > I removed the offending .php files.
> > 
> > I removed the clauses in the primary .htaccess which appeared to feed those
> > bogus .php files.
> > 
> > I have asked Godaddy to provide me with their recommended stock, restrictive
> > .htaccess file for read-only websites.    All of our static html is updated by
> > me via ssh.    I do not know how someone managed to alter my website.   I would
> > guess they used some tool Godaddy provides which isn't configured properly to
> > restrict, or which has a default login.
> > 
> > Thus far they are running around in circles.
> > 
> > Does anyone have a best practices .htaccess file to start with?  I'm guessing it
> > would be something starting with...
> > 
> >     IndexIgnore .htpasswd .htaccess */.??* *~ *# */HEADER* */README* */_vti*
> > 
> >     <Limit POST PUT DELETE>
> >     require valid-user
> >     </Limit>
> > 
> >     AuthName webuser
> >     AuthUserFile /var/www/cgi-bin/.htpasswd
> > 
> >     AuthType Basic
> >  
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20170811/65fd71b4/attachment.html>

More information about the Ale mailing list