htaccess - what code to prevent add files/replace files in site root - Apache Web Server forum at WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

htaccess - what code to prevent add files/replace files in site root

jovigor

9:50 am on Jul 22, 2014 (gmt 0)

can you help me to make htaccess file and make only read permission to root of web site folder (root folder is public_html and in that folder htaccess file will be placed)

i have problem my site was hacked.
They put/replace index.php and index.html in public_html
They replace index.php with their index.php, and put new file: index.html (those 2 files work together)
I have backup so it was solved.
But, is there a way with htaccess file to forbid files change (add files/replace files) only of root folder (public.html)

wilderness

12:29 pm on Jul 22, 2014 (gmt 0)

Use the Limit [httpd.apache.org], however and unfortunately that will not prevent changes to files by hackers via PHP vulnerabilities.

Which is likely what happen to you (and will continue unless you locate and correct the PHP flaw.

lucy24

2:43 pm on Jul 22, 2014 (gmt 0)

The long-term fix is to change hosts. Anything that can be done in htaccess can be done in the server config file (the opposite is not always true). Some behaviors should be blocked by default, and it's simply insane not to do so when your server is used by multiple sites, some of which don't know from htaccess.

not2easy

3:27 pm on Jul 22, 2014 (gmt 0)

Hi jovigor and welcome to the forums. You should not just replace the hacked files with the old versions that were in place when it was hacked and consider it "fixed". The same vulnerabilities that allowed it to happen may not have been addressed. You need to determine how it happened and make changes so that it doesn't repeat in the future. If your site is a blog that uses a database, you may still have the malicious code in your database.

Google offers help and a list of steps to take here: [support.google.com...]