<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.32.2">
</HEAD>
<BODY>
Thank you for the reply, but it totally baffles me. This is totally different from prior topic I raised on a different server. <BR>
<BR>
Someone is scanning all the godaddy hosted servers, and is embedding .php files in them, and updating the .htaccess file, in an apparent attempt to hijack innocent browser users accessing the sites supported there, which for me is essentially the Lilburn Oktoberfest, the Lloyd Shaw Dance foundation, and Maine Geneology. <BR>
<BR>
I have found and removed all the .php files they created. Apparently they attempted to rewrite rules to re-direct access to html file into their duplicated .php files. <BR>
<BR>
I have removed the glop they added to the .htaccess, but don't know if there are other restrictive measures I should be taking in there to reduce the potential in the future. <BR>
<BR>
I do not see how this relates to rsync and ssh. <BR>
<BR>
<BR>
<BR>
On Fri, 2017-08-11 at 14:32 -0400, DJ-Pfulio wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
I would assume a php addon has a security problem or some custom php code has
some flaw.
Is there a reason rsync+ssh isn't used - or even git? git cryptographically
validates. "Because we never needed to before" **is** a value answer. ;)
On 08/11/2017 02:12 PM, Neal Rhodes wrote:
> Apparently my Godaddy linux apache website has been hacked by someone who
> planted some bogus .php files, and overwrote my primary .htaccess.
>
> Godaddy discovered it.
>
> I removed the offending .php files.
>
> I removed the clauses in the primary .htaccess which appeared to feed those
> bogus .php files.
>
> I have asked Godaddy to provide me with their recommended stock, restrictive
> .htaccess file for read-only websites. All of our static html is updated by
> me via ssh. I do not know how someone managed to alter my website. I would
> guess they used some tool Godaddy provides which isn't configured properly to
> restrict, or which has a default login.
>
> Thus far they are running around in circles.
>
> Does anyone have a best practices .htaccess file to start with? I'm guessing it
> would be something starting with...
>
> IndexIgnore .htpasswd .htaccess */.??* *~ *# */HEADER* */README* */_vti*
>
> <Limit POST PUT DELETE>
> require valid-user
> </Limit>
>
> AuthName webuser
> AuthUserFile /var/www/cgi-bin/.htpasswd
>
> AuthType Basic
>
_______________________________________________
Ale mailing list
<A HREF="mailto:Ale@ale.org">Ale@ale.org</A>
<A HREF="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</A>
See JOBS, ANNOUNCE and SCHOOLS lists at
<A HREF="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</A>
</PRE>
</BLOCKQUOTE>
<BR>
</BODY>
</HTML>