We are trying to resolve modifications to our .htaccess
1. From March through early May 2021, these unauthorized modifications were occurring every 4-7 days at exactly 11:57PM PST ...
2. We would get the email saying: "We would like to notify you that one or more critical files that you decided to monitor have been modified on your site "domainname.com". The list of files modified on your site is as follows:
- .htaccess
3. We would go to the .htaccess file, and notice the original lines that got changed are all admintools controlled entries in the "User agents to block, one per line" in ".htaccess maker", which USED TO LOOK LIKE:
SetEnvIf user-agent "WebBandit" stayout=1
SetEnvIf user-agent "webbandit" stayout=1
SetEnvIf user-agent "Acunetix" stayout=1
SetEnvIf user-agent "binlar" stayout=1
SetEnvIf user-agent "BlackWidow" stayout=1
SetEnvIf user-agent "Bolt 0" stayout=1
SetEnvIf user-agent "Bot mailto:[email protected]" stayout=1
But have now been CHANGED TO:
SetEnvIf user-agent "(?i:WebBandit)" stayout=1
SetEnvIf user-agent "(?i:webbandit)" stayout=1
SetEnvIf user-agent "(?i:Acunetix)" stayout=1
SetEnvIf user-agent "(?i:binlar)" stayout=1
SetEnvIf user-agent "(?i:BlackWidow)" stayout=1
SetEnvIf user-agent "(?i:Bolt 0)" stayout=1
SetEnvIf user-agent "(?i:Bot mailto:[email protected])" stayout=1
It appears that any "xxx" is getting changed to "(?i:xxx)"
4. We would go to ADMINTOOLS and have .HTACCESS MAKER rebuild the .htaccess file, and the unauthorized changes would be reversed. We have no cronos/chronos scripts running by us. We asked the ISP if they were running scripts, they said no.
5. BUT NOW, when we use the ".htaccess maker" to rebuild, the SetEnvIf user-agent being generated is
SetEnvIf user-agent "(?i:anybotname)" stayout=1
Is this the new format for the "SetEnvIf user-agent" line? If yes, then I will look elsewhere to find what is happening.
If no, this is not the correct format to block bots, then something has gotten into the admintools htaccess maker generator tools and modified it. How would I correct it?