Title: security: .htaccess exploit? php script inside? how?
Last modified: August 19, 2016
---
# security: .htaccess exploit? php script inside? how?
* [cocotu](https://wordpress.org/support/users/cocotu/)
* (@cocotu)
* [18 years, 1 month ago](https://wordpress.org/support/topic/security-htaccess-exploit-php-script-inside-how/)
* I didn’t know where to post this. I’m surprised with what happen at my host server!
Yesterday I couldn’t open my wordpress site:
* 500 Internal Server Error
* As I was investigating the logs I noticed something very strange at a line saying
some type of error at the .htaccess. Then when I go and open the .htaccess file
there is a 3000 line php script. These are the top lines:
* ’.getenv(“HTTP_HOST”).’ – ‘.$sh_name.'
* My security skills are limited, has anyone seen this before? In google I found
this guy from romania because at some of the lines there is his/her website which
downloads some file to my server. So, should I delete wordpress and re-install
it again? I have a backup. thanks
Viewing 4 replies - 1 through 4 (of 4 total)
* [whooami](https://wordpress.org/support/users/whooami/)
* (@whooami)
* [18 years, 1 month ago](https://wordpress.org/support/topic/security-htaccess-exploit-php-script-inside-how/#post-765395)
* thats a root shell. What are the permissions of your .htaccess? Ill bet they
are NOT 644. I’ll bet that you chmod’d your .htaccess to something looser to
allow WP to write to it (permalinks) and then you never chmod’d it back.
* To answer some of your questions re: what to do now..
* If I were you, I would be combing over my files and my database with a fine toothed
comb, after, and only after, I changed all of my passwords. And I do mean all.
* Thread Starter [cocotu](https://wordpress.org/support/users/cocotu/)
* (@cocotu)
* [18 years, 1 month ago](https://wordpress.org/support/topic/security-htaccess-exploit-php-script-inside-how/#post-765398)
* yes that was my mistake I had .htaccess 777! I’m going to remove everything!
* [jonimueller](https://wordpress.org/support/users/jonimueller/)
* (@jonimueller)
* [18 years, 1 month ago](https://wordpress.org/support/topic/security-htaccess-exploit-php-script-inside-how/#post-765400)
* And do please notify your web host, especially if you are in a shared hosting
environment. It may be that they got in through your account, but it could be
they got in through someone else’s hosting account. The shared server is only
as secure as the most lax person using it unfortunately.
* Look at the date and time stamps on the files and make note of them. Download
them to your computer and zip them up and send them to your web host. (I know
my web host likes to get the involved files when there’s been a breach.)
* Hope you sort it all out.
* Thread Starter [cocotu](https://wordpress.org/support/users/cocotu/)
* (@cocotu)
* [18 years, 1 month ago](https://wordpress.org/support/topic/security-htaccess-exploit-php-script-inside-how/#post-765411)
* I working on it! thanks
Viewing 4 replies - 1 through 4 (of 4 total)
The topic ‘security: .htaccess exploit? php script inside? how?’ is closed to new
replies.
## Tags
* [chmod](https://wordpress.org/support/topic-tag/chmod/)
* [exploit](https://wordpress.org/support/topic-tag/exploit/)
* [hacked](https://wordpress.org/support/topic-tag/hacked/)
* [hijacked](https://wordpress.org/support/topic-tag/hijacked/)
* [permissions](https://wordpress.org/support/topic-tag/permissions/)
* In: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/)
* 4 replies
* 3 participants
* Last reply from: [cocotu](https://wordpress.org/support/users/cocotu/)
* Last activity: [18 years, 1 month ago](https://wordpress.org/support/topic/security-htaccess-exploit-php-script-inside-how/#post-765411)
* Status: not resolved
## Topics
### Topics with no replies
### Non-support topics
### Resolved topics
### Unresolved topics
### All topics