htaccess File Security issue

Reply·Subscribe
UTubeView
UTubeViewAdvanced
10 posts
0
 

We suspect a Malware Virus has infected our site by Manipulating the
.htaccess file. We have deleted the script several times. The Malware comes
back and reinstalls the code despite changing all our passwords and locking
down the site several times.  The sequence of events are provide as follows:


After changing all the passwords, we noticed a  change to the .htaccess file
at 12 midnight and  5am this morning. I have also seen the .htaccess added
to folders that normally don't have this file in it.

As a result, I have changed the read access to the file and also had the
Host lock the .htaccess file. But I want to find the Code that is either
running on my site or in a file some where in my server.

My programmer and I are the only two people authorized to access the site. I
have changed all passwords to the Entire site and the dolphin backend using
Military Grade Passwords. After performing all these security
countermeasures, the .htaccess file was still manipulated several hours
after locking down the site. I repeated this cycle Twice and the same event
happened twice. 

I hope this will work. I will update this posting if the file get moded
again.

Quote · 14 Nov 2011
rhimpr
rhimprBosun
638 posts
0
 

Make sure whatever computer(s) you are accessing your FTP/Cpanel with are not infected with Malware. If they are, when you access your ftp you are re-uploading malware.

Quote · 14 Nov 2011
mscott
mscottAdvanced
2088 posts
0
 

What rhimpr said is correct:

 

1. Run malwarebytes on your home computer and have your programmer do the same.

2. Check Cpanel for any extra ftp accounts you don't recognize.

3. Change the master CPanel password again.

 

They are either getting in through stolen passwords or if you're on shared hosting it's possible they are getting in through another users account.

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 15 Nov 2011
DosDawg
DosDawgPremium
3696 posts
0
 

if this is a VPS or Dedicated, its possible that you have been rooted, and you need to scan for rootkits, or backup your site, and reinstall the OS.

 

if this is a shared environment, then its possible the machine itself has been compromised. and that is something your hosting service provider is responsible for. 

 

i would presume that this is neither vps or dedicated, as you have made no mention of what the access logs have to say about this. 

When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support
Quote · 15 Nov 2011
Reply ›
 
 
Home
Features
Pricing
Hosting
Support
About
StartDemo
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.

Blogs

Dolphin.Pro News
BoonEx News
Our Journey
Social Software World
Community Voice

Help

Support Forums
Documentation
BoonEx at GitHub
Knowledge Base
Contact Support Team

Product

Dolphin.Pro Features
Live Demo & Sandbox
Download Packages
Pricing & Order
Contact Sales Team

Company

Contact Us
About BoonEx
Privacy Policy
Terms & Conditions
© BoonEx Pty Ltd