Support

Admin Tools

#13516 htaccess being hacked

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Thursday, 13 September 2012 11:43 CDT

Wednesday, 12 September 2012 16:40 CDT

mneese
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)?yes
Have I searched the tickets before posting? yes
Have I read the documentation before posting (which pages?)?yes
Joomla! version:1.5.26
PHP version: 5+
MySQL version: 5+
Host: rochen
Admin Tools version:latest for joomla 1.5
Description of my issue:
My htaccess file is getting hacked repeatedly...io have it set to 444, and it changes within minutes or hours...
I have changed my ftp/cpanel logins several times and it does not stop this...

The only thjng that stops this hacking is using the default joomla htaccess file...
Could the source be somewhere in my admin tools configuration?

Thursday, 13 September 2012 01:35 CDT

nicholas
If you see your .htaccess file changing all the time, it can mean one of two very unpleasant things:
  • Your site is already hacked. In this case the hacker has already put his own code in one of your Joomla! core or extension files. Every now and then it checks the .htaccess file and re-hacks it.
  • Another site on your server is hacked and it can write on your site's files. In this case another site on the same server is hacked and the above check runs periodically on the other site, checking and modifying the .htaccess on your site.


I'd recommend following my Unhacking your Site instructions.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 13 September 2012 11:41 CDT

mneese
Sounds reasonable....I thought the htaccess file from joomla was stable, but it too has fallen prey to the $#%@ing hackers...i'll try your suggestions and let you know what works...

Thursday, 13 September 2012 11:43 CDT

nicholas
When the enemy is behind your lines nothing is stable or safe. Don't worry, you can clean it up, it just takes a while.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!