Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Daniel Cid

    (@ddsucurinet)

    Didn’t quite understand the question. You saying that the .htaccess file inside the sucuri diretory is changing? Mind showing what is being modified there? Or giving us more details?

    thanks,

    Excuse me.

    The file modification time changes.
    The contents stay the same.

    It is difficult to say what is causing those modifications. Here [1] you can see how the “.htaccess” file is created. This is the same code that is currently being distributed with version 1.8.3 (which is the latest one at the moment of writing this).

    The only problem that I see in the code is that the “index.html” file is being created with every request, I fixed this with commit #1531206 [2] but this is unrelated to the modifications that you are reporting in the access control file. The code is checking if the directory (custom or not) is already hardened before it writes any content inside it.

    I conducted the following test to verify this… I moved the datastore path to a custom location at ~/__sucuri/, added the required “SUCURI_DATA_STORAGE” constant in the wp-config.php file, then deleted any existing access control file from the new directory and generated a new one with this command [3] to make it look as if the file was created in the past. Then I reloaded the plugin (any page) to trigger the execution of the “SucuriScanHardening::isHardened” function. Now, if I check the modification date of the access control file I can see that it was modified a couple of seconds ago because I created an empty file, the plugin has written the hardening rules. Now, I executed the same command again [3] to change the modification time once again. After an additional reload of the plugin I verified that the modification time is still in the past because the plugin skipped the hardening after it saw that the directory is already hardened.

    Please follow the instructions above, let us know if your server is still reporting daily modifications of the access control file. I will be able to work on this again if you share some details about your server environment so I can replicate the bug.

    Marking as resolved, feel free to re-open the ticket if the issue persists.

    [1] https://github.com/Sucuri/sucuri-wordpress-plugin/blob/0d4189c/src/interface.lib.php#L156-L180
    [2] https://github.com/Sucuri/sucuri-wordpress-plugin/pull/29/commits/1531206
    [3] touch -d 19991225 .htaccess

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Rewritten htaccess’ is closed to new replies.