WordPress.org

Forums

Strange Problem with new Addon Site and Htaccess (3 posts)

  1. Susan Warren
    Member
    Posted 2 years ago #

    Hi,

    I don't know if this is the right place to ask these questions, so I'm hoping someone can point me in the right direction if it's not.

    I just added a new addon site under my main domain name. I then installed WordPress 3.4.2 and added some plugins and some working content, along with the Graphene theme. As part of doing that, I installed Bullet Proof WP Security and Better WP Security, as well as Yoast SEO and several other plugins. I know that those three (at least) make major changes to the default htaccess file.

    This morning I was looking at my site stats via my Cpanel and while I was in Cpanel I decided to remove some old subdomains that I don't use anymore. And what I found surprised me. On my list of subdomains was the new addon site, as would be expected. But along with that new subdomain was another new subdomain that I hadn't created, and that subdomain had the user name that I had assigned to the new subdomain that I *had* created.

    Something like this:

    --new subdomain (also new addon) = newaddonsite.mainsite.com

    --When I created "newaddonsite" I had to add a user name for ftp, etc-- let's say "newsiteusername"

    --But now there's also a new subdomain in the list called "newsiteusername.mainsite.com", which I didn't create.

    --Moreover, both subdomains are shown to redirect to /\..*$ and I never set any redirects for either of those subdomains or any others.

    When I checked the Cpanel list of addon sites "newaddonsite.com" showed up in the list, as it should. But it also shows as being redirected to /\..*$, the same as the two new subdomains. And there should be no redirect.

    So, I have a strange new subdomain that I didn't create and a new subdomain/addon site that I did create, both of which redirect to somewhere or other that I can't figure out, and that I didn't create.

    I asked my site host tech support what was going on, and they said that this was happening because there was something wrong or hacked in the htaccess file for the new site.

    So that brings me back to Bullet Proof Security and Better WP Security, and perhaps other plugins that modify htaccess files: is the redirect and the extra subdomain something that are part of the security settings, or do I have larger problems?

    Thanks for any help....

  2. Susan Warren
    Member
    Posted 2 years ago #

    As a followup: I checked my Cpanel redirects page and the /\..*$ redirect is shown as being redirected to 403. Does that make sense?

  3. Susan Warren
    Member
    Posted 2 years ago #

    And more: I found this line in the site's htaccess:

    # DENY ACCESS TO PROTECTED SERVER FILES - .htaccess, .htpasswd and all file names starting with dot
    
    RedirectMatch 403 /\..*$

    So the redirect is part of what Bulletproof Security is doing via the htaccess. But why would it cause an unwanted subdomain to appear?

Topic Closed

This topic has been closed to new replies.

About this Topic