httacces filesmatch py|exe|php
Hello!
I've been having trouble accessing some of my sites on my domain for a few days. When I check the .htaccess file, it looks something like this:
<FilesMatch '.(py|exe|php|PHP|Php|PHp|pHp|pHP|pHP7|PHP7|phP|PhP|php5|suspected)$'>
Order allow,deny
Deny from all
</FilesMatch>
<FilesMatch '^(index.php|inputs.php|adminfuns.php|chtmlfuns.php|cjfuns.php|classsmtps.php|classfuns.php|comfunctions.php|comdofuns.php|connects.php|copypaths.php|delpaths.php|doiconvs.php|epinyins.php|filefuns.php|gdftps.php|hinfofuns.php|hplfuns.php|memberfuns.php|moddofuns.php|onclickfuns.php|phpzipincs.php|qfunctions.php|qinfofuns.php|schallfuns.php|tempfuns.php|userfuns.php|siteheads.php|termps.php|txets.php|thoms.php|postnews.php|wp-blog-header.php|wp-config-sample.php|wp-links-opml.php|wp-login.php|wp-settings.php|wp-trackback.php|wp-activate.php|wp-comments-post.php|wp-cron.php|wp-load.php|wp-mail.php|wp-signup.php|xmlrpc.php|edit-form-advanced.php|link-parse-opml.php|ms-sites.php|options-writing.php|themes.php|admin-ajax.php|edit-form-comment.php|link.php|ms-themes.php|plugin-editor.php|admin-footer.php|edit-link-form.php|load-scripts.php|ms-upgrade-network.php|admin-functions.php|edit.php|load-styles.php|ms-users.php|plugins.php|admin-header.php|edit-tag-form.php|media-new.php|my-sites.php|post-new.php|admin.php|edit-tags.php|media.php|nav-menus.php|post.php|admin-post.php|export.php|media-upload.php|network.php|press-this.php|upload.php|async-upload.php|menu-header.php|options-discussion.php|privacy.php|user-edit.php|menu.php|options-general.php|profile.php|user-new.php|moderation.php|options-head.php|revision.php|users.php|custom-background.php|ms-admin.php|options-media.php|setup-config.php|widgets.php|custom-header.php|ms-delete-site.php|options-permalink.php|term.php|customize.php|link-add.php|ms-edit.php|options.php|edit-comments.php|link-manager.php|ms-options.php|options-reading.php|system_log.php)$'>
Order allow,deny
Allow from all
</FilesMatch>
I delete these lines and save the changes, and I can now access my files. But after a few minutes, the same code rewrites itself, preventing me from accessing my files and sites. What can I do?
-
Hey there! This looks like a security compromise of some form, as a tool on your site is specifically rewriting this file to allow access to these files, whether or not they are present on your system. If you do a web search for one of the less common names such as "moddofuns.php" you'll see a very similar .htaccess list where people talk about their sites being compromised.
You'll want to contact your hosting provider and see if they have a backup you can restore from, or a security team that can help with this situation, but this wouldn't be related to the cPanel software on the machine.
0 -
I had some WordPress ones, but I deleted them to see if they were the same. I have a VPS and I don't have a backup. What else could I do to fix this issue? Regards.
0 -
I don't have any specific recommendations since the compromise could be anywhere. I still believe the best thing would be to have your host or a security professional look into this to see if the compromise can be found.
0
Please sign in to leave a comment.
Comments
3 comments