Htaccess injection

  • justeinmann

    (@justeinmann)


    7 years, 4 months ago

    Hi there,

    Had some issues with one of my sites as google found malware on it. I found some code injected into my htaccess file which likely was the cause of that.

    I also found some weird empty folders inside the wp_content directory. The below line was the name of one of those folders, along with 5 directories called “<?php”
    “$write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess”

    Not sure yet what happened there but kind of looks like someone found a way to execute php on my server and used a AIWS plugin function to override the htaccess file (?)

    Just wanted to report this for the unlikely case that this some security gap in the plugin.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor wpsolutions

    (@wpsolutions)

    7 years, 4 months ago

    Hi,
    Obviously it looks like you’ve been hacked.
    Once someone has installed a backdoor or has access to your backend, they can pretty much run whatever they want.

    I hope you have taken the steps to clean up your site thoroughly.
    There are plenty of resources out there to guide you but one that comes to mind to get you started is:
    https://codex.ww.wp.xz.cn/FAQ_My_site_was_hacked

    Thread Starter justeinmann

    (@justeinmann)

    7 years, 4 months ago

    Hey,

    Thanks for your prompt reply. Yes, definitely thought so too. It just seemed odd to me that if someone found a backdoor and was able to execute php, why would he then overwrite the htaccess file with a AIOWPS function rather than directly with php?

    Plugin Contributor wpsolutions

    (@wpsolutions)

    7 years, 4 months ago

    why would he then overwrite the htaccess file with a AIOWPS function rather than directly with php?

    Yes I agree that is odd.
    Also when one calls that function it will only write the rules nto your .htaccess file which are currently enabled in your AIOWPS plugin settings. The function doesn’t take any arguments and will not anything other than those rules.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Htaccess injection’ is closed to new replies.