If they entered through your /images folder this means one of the scripts on your website is allowing for the injection of files (like those you are finding within your images folder).
To stop your hacker from being able to execute those files within your images folder (effectively stopping them cold!) just create a text file named:
.htaccess
Then put these lines of text in the file:
# This prevents people from looking at your htaccess file.
<Files ~ “\.htaccess$”>
order deny,allow
deny from all
</Files>
# This line turn off directory listings
Options -Indexes
# Makes scripts appear as text. Good for image only directories (antihacker)
Addhandler text/plain .pl .cgi .php .py .jsp .asp .shtml .sh
Upload the file into your /images directory.
Enjoy!
Thread Starter
Billy
(@billybrasov)
Hi tvcnet, I have 2 files named .htaccess in my wordpress hosting
One in root folder (in /public_html) with this configuration:
# -FrontPage-
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName mydomain.com
AuthUserFile /home/myusername/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/myusername/public_html/_vti_pvt/service.grp
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
And the other .htaccess file in the folder named “images” from “/public_html” with this configuration:
AddType text/plain .pl .cgi .php .py .jsp .asp .shtml .sh
# This prevents people from looking at your htaccess file.
<Files ~ “\.htaccess$”>
order deny,allow
deny from all
</Files>
# This line turn off directory listings
Options – Indexes
# Makes scripts appear as text. Good for image only directories (antihacker)
Addhandler text/plain .pl .cgi .php .py .jsp .asp .shtml .sh
Is it OK now? Thanks!!
This is not a hacked htaccess though:
# -FrontPage-
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName mydomain.com
AuthUserFile /home/myusername/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/myusername/public_html/_vti_pvt/service.grp
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Thread Starter
Billy
(@billybrasov)
Ok, that means that the htaccess file of my public_html is correct right? but the other htaccess file from images folder is it correct?
P.S. I have disabled the contact page of my website and the cformsII plugin because I thought there was enter the hacker .. is this thing possible?
Thread Starter
Billy
(@billybrasov)
again I have hacked my web pages. This time I updated wordpress to the latest version is 3.3.2 and not at all served. The strange thing is that one of the pages was very new, just finish it yesterday and after a short time the whole hacker and hack it. Everything points as if the hacker has to do with any plugin Worpdress or those who use and who otherwise might not learn as fast as this new website. Please if anyone can help me. Thank you!
First – turn-off page in .htaccess file.
Next, check files by modyfication time and look into server logs.
Then, by FTP remove wp-admin and wp-config catalog ….and replace it by fresh copy from latest wp package. Replace all files in wp root directory.
Remove all plugins and upload a fresh copy’s.
Check all non-modified files eg. wp-config.php, .htaccess, in themes (if possible, replace by a fresh/backup copy) and upload folder. Find and remove malicous code in non-modified files and remove all backdoors hidden in the new, non-standard files.
After cleaning, secure your wp – set permissions, add fixes to .htaccess, check your theme – if timthumb is used – update and secure it.
On end, turn-on your page.