Mandatory information about my setup: jooomla 1.5, admintools
Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: (1.5.26)
PHP version: (5.2.17)
MySQL version: (5.0.92-50)
Host: (site5)
Admin Tools version: (2.2.4)
Description of my issue: After my website hacked the host company informed me and I cleared the website from malicious files and scripts. Then I have installed admintools and used some protection features. Also I used the protection of backend password. After I ask them to check again if my website is clear now and they told me that the /administrator/.htaccess fils has content that is strange to them. Especially the two last line.
This is the content of the .htacces file in administrator folder:
This is the mail they send me.
I don't have knowledge about how a .htaccess should be. Could you please tell me that the content of .htacces is created from admintools?
Is there any guide explaining how to configure a .htaccess file?
Regards
Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: (1.5.26)
PHP version: (5.2.17)
MySQL version: (5.0.92-50)
Host: (site5)
Admin Tools version: (2.2.4)
Description of my issue: After my website hacked the host company informed me and I cleared the website from malicious files and scripts. Then I have installed admintools and used some protection features. Also I used the protection of backend password. After I ask them to check again if my website is clear now and they told me that the /administrator/.htaccess fils has content that is strange to them. Especially the two last line.
This is the content of the .htacces file in administrator folder:
AuthUserFile "/home/rh***an/public_html/administrator/.htpasswd" AuthName "Restricted Area" AuthType Basic require valid-user RewriteEngine On RewriteRule .htpasswd$ - [F,L]
This is the mail they send me.
The second part, however, is as follows:
RewriteEngine On
RewriteRule .htpasswd$ - [F,L]*
To be honest, this is strange. It is straightforward enough, and is blocking browser access to the .htpasswd file, which is a good thing, but that file contains encrypted data anyway, and even if it was accessed in a browser the password in that file would be unintelligible. Our audit script checks for the htpasswd string automatically, as it is often used to exploit security holes. In this case, however, I see nothing outright malicious in this file, though the last two lines are strange, as described.
I don't have knowledge about how a .htaccess should be. Could you please tell me that the content of .htacces is created from admintools?
Is there any guide explaining how to configure a .htaccess file?
Regards
