I’m recovering from having my site hacked by:
- creating a new user (call him MrClean)
- uploading my local backup site files to a directory on MrClean named MySite.com
- then directed my domain to the MrClean/MySite.com directory (control panel > manage domains > edit).
So far, so good.
I did not have a backup of the .htaccess file before the hack. The hacker added code to it, and I don’t know what I can/should remove besides a line that required a file that contained part of the hack.
Below is the hacked htaccess code. I did not write/add any of this. I did add a line enabling .html SSI using info from the DH wiki: http://wiki.dreamhost.com/Htaccess_file_overview#How_can_I_use_ssi_on_files_with_.html_extensions.3F
The lines about stats.php is definitely part of the hack.
Auto-generated .htaccess file start
RewriteEngine On
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{HTTP:Expect} ^$
RewriteCond %{REQUEST_FILENAME} !.(jpg|jpeg|gif|png|css|js|txt|xml|swf|ico|pdf|txt)$
RewriteCond %{REQUEST_FILENAME} !stats.php
RewriteRule ^(.*) /stats.php [L,NS]
Auto-generated .htaccess file end
Put your content after this line
Questions:
-
Do I need any of that above?
-
Is there a default .htaccess site file for basic site security? If so, what does it contain?
-
What permissions should the .htaccess file have?
-
I have a mirrored site and a secure certificate, if that matters for the htaccess file(s).
-
I’m using Transmit for FTP. It allows me to edit a blank htaccess file and set perms. Is that adequate, or to I need to telnet to write the file?
Too much, too little information? Thanks for your help. [hr]
I have read the Wiki about HTACCESS, have googled, and have searched the forum. I need real step-by-step help.
Thanks, again.