BleepingComputer.com: .htaccess file appearing on my web server account

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

.htaccess file appearing on my web server account

#16 User is offline   Gutsy 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 6
  • Joined: 04-November 10

Posted 13 December 2010 - 03:06 PM

Grinler,

I'm still getting the .htaccess files populating all of my client accounts, but they are all blank. The shocker here is that I just got a brand new Dell PC and changed "ALL" my passwords on Friday 12/10/10 with the NEW PC. This morniong (Monday 12/13/10 .. I opened each account and the .htacess files were loaded in each account again early this morning between 7am and 9 am!!! I'm starting to wonder if my WS FTP Pro Version 8 software has a vulnerability issue? Could that be a possibility? I'm thinking about getting a new FTP program now and changing all the passwords again.

I found this blog regarding someone else who hasd this issue and he said the hacker was entered via Joomla:
http://alvinjiang.blogspot.com/2010/09/htaccess-file-hijacked-how-to-remove.html .... I don't have/use Joomla.

Any other thoughts or advice? Thanks in advance!

#17 User is offline   Grinler 

  • Bleep Bleep!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Admin
  • Posts: 36,603
  • Joined: 24-January 04
  • Gender:Male
  • Location:USA

Posted 14 December 2010 - 12:39 PM

Yeah I still think this is a server side issue and not a client side one. My guess is this happening by a vulnerability in the server or the software you are using. Are you using the latest version of all your apps?
Lawrence Abrams
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!

#18 User is offline   NpaMA 

  • Senior Member
  • PipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 520
  • Joined: 17-May 10
  • Gender:Male
  • Location:Memphis, TN

Posted 14 December 2010 - 01:25 PM

After all you've done, I agree with Grinler.

I think something has been hacked at the server level. With the .htaccess files appearing on "all" of the accounts overnight makes me believe it's from the server level, as it would take longer for someone to exploit each script.

#19 User is offline   cryptodan 

  • Bleepin Madman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 18,367
  • Joined: 08-September 08
  • Gender:Male
  • Location:Catonsville, Md

Posted 14 December 2010 - 03:01 PM

I would be talking with the support and technical staff for your hosting provider and see what they say.

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users