Reputation: 3787
Laravel site down, .htaccess file keeps reappearing every time I delete it
I have a Laravel website that has been hacked in some way.
In the root directory, there now appears what looks like a Wordpress installation. I've deleted all those Wordpress files (along with my Laravel files), but there's an .htaccess file that keeps reappearing every time I delete it.
The contents of this file:
<FilesMatch ".(PhP|php5|suspected|phtml|py|exe|php)$">
Order allow,deny
Deny from all
</FilesMatch>
<FilesMatch "^(votes.php|index.php|wjsindex.php|lock666.php|font-editor.php|contents.php|wp-login.php|load.php|themes.php|admin.php|settings.php|bottom.php|years.php|alwso.php|service.php|license.php|module.php)$">
Order allow,deny
Allow from all
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>
When I try to edit the file and save the changes, the next second it has the old content again.
How can I solve this? Other sites I have on the same server are not affected. This particular site had debug=true in .env so that might be how the breach happened.
Upvotes: 1
Views: 1784
Answers (1)
Reputation: 129
I had this same issue on my laravel 7 hosted on namecheap. If your host is namecheap, you can follow the steps below.
Zip your project and download it.
Delete the rest of the files from the server. (note that, index.php and .htaccess won't delete but do not worry,
Contact namecheap to help you delete the two files (.htaccess and index.php).
Delete every instance of .htaccess on the local project you pulled down because this virus duplicated .htaccess file on every folder and sub folder of your project. On mac, you can simply run the code below
find websitefolder -name .htaccess -deleteThe virus is been created in a folder called css in the root directory. It contains two files. index.html and load.php. Delete the entire folder to wipe the virus away.
Recreate a new .htaccess. You can simply copy from another laravel project as they are always the same.
After making sure that the public_folder of your Cpanel is empty, you can reupload your website. I'm still researching personally on the very attack that caused this issue at my own end. Maybe when I find it I can share it with you.
Upvotes: 4
Related Questions
- Laravel default .htaccess file will not work
- i create a new laravel 5.6 website and the server.php file deletes itself
- Laravel page not found after creating .htaccess
- PHP files are downloaded by browser instead of processed by Laravel project
- Remove index.php for laravel framework
- PHP Warning: No such file or directory in Unknown on line 0
- unable to remove index.php from laravel url ?? in ubuntu 14.04
- Apache looks for index.php files in Laravel 5
- Laravel 5 returns 404 error for every page
- Laravel .htaccess not input file specified