[ale] anybody got a stock .htaccess for read-only apache website
Joey Kelly
joey at joeykelly.net
Fri Aug 11 15:48:48 EDT 2017
> Apparently my Godaddy linux apache website has been hacked by someone
> who planted some bogus .php files, and overwrote my primary .htaccess.
>
> Godaddy discovered it.
A radical idea, I know, but why not purchase a Linode and give accounts to
trusted folks instead of paying evil corporations (or getting "free"
services) for less functionality and more fail? For a buck or two a month,
everyone knows what they're getting, etc..
--Joey
>
> I removed the offending .php files.
>
> I removed the clauses in the primary .htaccess which appeared to feed
> those bogus .php files.
>
> I have asked Godaddy to provide me with their recommended stock,
> restrictive .htaccess file for read-only websites. All of our static
> html is updated by me via ssh. I do not know how someone managed to
> alter my website. I would guess they used some tool Godaddy provides
> which isn't configured properly to restrict, or which has a default
> login.
>
> Thus far they are running around in circles.
>
> Does anyone have a best practices .htaccess file to start with? I'm
> guessing it would be something starting with...
>
> IndexIgnore .htpasswd .htaccess */.??* *~ *# */HEADER* */README*
> */_vti*
>
> <Limit POST PUT DELETE>
> require valid-user
> </Limit>
>
> AuthName webuser
> AuthUserFile /var/www/cgi-bin/.htpasswd
>
> AuthType Basic
>
>
>
> Regards,
>
> Neal Rhodes
> MNOP Ltd
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550
More information about the Ale
mailing list