CODEWITHSUNDEEP
phpjoomla
Churchill
Churchill

Reputation: 1607

Site keeps getting hacked and .htaccess changed

I have found that I have a similar attack to the one mentioned here

giant regex hack

The file keeps getting recreated and I cannot see from where its coming. How can I fix this? Anyone with a similar experience? I am running joomla 1.5.25

How can I trace the script that includes this file? How do I secure the site?

Upvotes: 3

Views: 6194

Answers (2)

linuxeasy
linuxeasy

Reputation: 6499

Its always recommended that you keep the permission of your .htaccess file as readable only.

chmod 0555 .htaccess

  • But regarding the hack being created again and again, there could be just numerous reasons. Like the host not properly configured, such that, on a shared hosting, a script running for a different domain can access scripts for your own domain.

  • Also check, what kind of files do you allow to upload, whether it's Admin or Frontend. Make sure, its not just any file upload is allowed. Executable files like PHP should not be allowed to be uploaded.

Upvotes: 3

Trev
Trev

Reputation: 851

Yikes, that's not a good situation. I've seen it happen a few times and more often than not the solution was to recreate the website from a clean Joomla install, copy over the data and reinstall components.

However first check that the permissions are ok (no 666, 777, etc) and definitely check the VEL to see if any of your extensions have know vulnerabilities http://docs.joomla.org/Vulnerable_Extensions_List

You could also check on the Inj3ctor database http://www.1337day.com/ . Most hacks like these happen via out of date extensions, open permissions, or as linuxeasy mentioned a poorly configured host.

Would highly recommend installing jhackguard or eyesite on the website. Eyesite will monitor your files and notify you when changes occur -http://extensions.lesarbresdesign.info/extensions/eyesite

Upvotes: 1

Related Questions