Hi I recently had to clean up a friends site which was hacked. The hack inserted code into every index.php page as well as every .js file. What was interesting though was the fact that they changed the sites main htaccess file to read:
# -FrontPage-
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
near as I can tell (and I'm not positive), that seems to be the standard junk that Microsoft FrontPage throws into a .htaccess file. Are you sure it was a result of the attack?
Yeah I thought it was strange as well. But yes it happened with the attack. All of the index.php files had code injected and the normal htaccess file was overwritten with the one I posted.
Hi I recently had to clean up a friends site which was hacked. The hack inserted code into every index.php page as well as every .js file. What was interesting though was the fact that they changed the sites main htaccess file to read:
-FrontPage-
IndexIgnore .htaccess /.?? ~ *# */HEADER /README /_vti
order deny,allow deny from all allow from all order deny,allow deny from all
Just wondering if someone can shed some light on what this would accomplish? Thanks guys!
Edit sorry it stripped all the tags out....
near as I can tell (and I'm not positive), that seems to be the standard junk that Microsoft FrontPage throws into a .htaccess file. Are you sure it was a result of the attack?
Yeah I thought it was strange as well. But yes it happened with the attack. All of the index.php files had code injected and the normal htaccess file was overwritten with the one I posted.
Probably the Russians or Chinese, i have about 20-100 attempts into my server a day.
https://www.countryipblocks.net/
@JohnMotylJr They could just use a proxy to bypass that.