[ale] anybody got a stock .htaccess for read-only apache website
Neal Rhodes
neal at mnopltd.com
Fri Aug 11 14:12:10 EDT 2017
Apparently my Godaddy linux apache website has been hacked by someone
who planted some bogus .php files, and overwrote my primary .htaccess.
Godaddy discovered it.
I removed the offending .php files.
I removed the clauses in the primary .htaccess which appeared to feed
those bogus .php files.
I have asked Godaddy to provide me with their recommended stock,
restrictive .htaccess file for read-only websites. All of our static
html is updated by me via ssh. I do not know how someone managed to
alter my website. I would guess they used some tool Godaddy provides
which isn't configured properly to restrict, or which has a default
login.
Thus far they are running around in circles.
Does anyone have a best practices .htaccess file to start with? I'm
guessing it would be something starting with...
IndexIgnore .htpasswd .htaccess */.??* *~ *# */HEADER* */README*
*/_vti*
<Limit POST PUT DELETE>
require valid-user
</Limit>
AuthName webuser
AuthUserFile /var/www/cgi-bin/.htpasswd
AuthType Basic
Regards,
Neal Rhodes
MNOP Ltd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20170811/77458c5d/attachment.html>
More information about the Ale
mailing list