htaccess file hacked | ww.wp.xz.cn

Resolved TH
(@th)

17 years, 9 months ago

The htaccess file on one of our sites was just hacked and its content replaced with the code:

‘<IfModule mod_rewrite.c>’
‘RewriteEngine On’
‘# RewriteBase /’
‘RewriteRule ^(.*)$ h**p://www.turkishdarbeteam.org/index/index.html$1’
‘</IfModule>’

It has permission 666 and is located in the site root.

Anything basic I can do to prevent this from happening again? I am now trying to run the site with the htaccess file set to permission 644. Could that be what is needed?

I’m afraid I haven’t been able to keep up with all the technical developements of WP and there is no money to hire someone to upgrade to each new version and to study security issues.

So I’m crossing my fingers that there may be a quick fix that I have overlooked. Thanks!

TH

Viewing 2 replies - 1 through 2 (of 2 total)

whooami
(@whooami)

17 years, 9 months ago

your .htaccess shouldnt be left at chmod 666. Thats in the docs.

http://codex.ww.wp.xz.cn/Using_Permalinks#Using_.22Pretty.22_permalinks

After applying the permalinks, you should change the permissions to something stronger like 660 or 644 to prevent others on the server from potentially having access to it.

The only time that file ever needs to be chmod 666 is when you are updating your permalinks, and there again, thats only if you are too ‘lazy’ to copy and paste the code out of the box into the .htaccess yourself.

Again, all covered in the docs.

Thread Starter TH
(@th)

17 years, 9 months ago

Great! I’ve completely missed that part. Thanks a lot for a quick and straight forward answer!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘htaccess file hacked’ is closed to new replies.

Tags

In: Fixing WordPress
2 replies
2 participants
Last reply from: TH
Last activity: 17 years, 9 months ago
Status: resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics