Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

FrontPage files on the Apache server

Using info to hack into site...

5:54 pm on Oct 8, 2011 (gmt 0)

Preferred Member

5+ Year Member

joined:July 22, 2010
posts: 369
votes: 0

If your website resides on an Apache server using Linux, and you find FrontPage files in your site's folder that you didn't put there, would you assume someone other than you has access to the site's files?

I just moved my site to a new host. When I did, my htaccess file changed. The same changed htaccess file is also on the old host's server. I did not change it. It had this in it and only this. All my stuff was gone.:

# -FrontPage-

Options None

order deny,allow
deny from all
AuthName mywebsite.com
AuthUserFile /home/mysite/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/mysite/public_html/_vti_pvt/service.grp

The two files referenced reveal the correct administrator name and an encrypted password.

I have a developer helping me with the move. The developer does use FrontPage. They claim they did not change the htaccess file. The new site host, who moved my files, claims he did not change the htaccess file. I did not change it.

I have since removed all the FrontPage folders from the new server. But my concern is if the developer didn't do it and if the host didn't do it, and if I didn't do it, then who did?

In the event it was an interloper, what is the best way to be sure my site is secure? They now have the user name and password and could already have created a back door to the new server.

I am assuming FrontPage doesn't and can't change an htaccess file automatically. Someone had to go into the file and edit it.

I have already informed the new host of this. He does not seem to be concerned. Should I be?

6:20 pm on Oct 8, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 12, 2001
votes: 0

Every time you install or reinstall the FP Extensions, it automatically overwrites the htaccess file.