[ale] anybody got a stock .htaccess for read-only apache website

Neal Rhodes neal at mnopltd.com
Fri Aug 11 14:12:10 EDT 2017


Apparently my Godaddy linux apache website has been hacked by someone
who planted some bogus .php files, and overwrote my primary .htaccess. 

Godaddy discovered it. 

I removed the offending .php files. 

I removed the clauses in the primary .htaccess which appeared to feed
those bogus .php files. 

I have asked Godaddy to provide me with their recommended stock,
restrictive .htaccess file for read-only websites.    All of our static
html is updated by me via ssh.    I do not know how someone managed to
alter my website.   I would guess they used some tool Godaddy provides
which isn't configured properly to restrict, or which has a default
login. 

Thus far they are running around in circles. 

Does anyone have a best practices .htaccess file to start with?  I'm
guessing it would be something starting with...

        IndexIgnore .htpasswd .htaccess */.??* *~ *# */HEADER* */README*
        */_vti*
        
        <Limit POST PUT DELETE>
        require valid-user
        </Limit>
        
        AuthName webuser
        AuthUserFile /var/www/cgi-bin/.htpasswd
        
        AuthType Basic
        


Regards, 

Neal Rhodes
MNOP Ltd

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20170811/77458c5d/attachment.html>


More information about the Ale mailing list