• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CI 1.6.1 htacces changed via web

#1
[eluser]Unknown[/eluser]
Hi all.
We use CI 1.6.1.
Yesterday htaccess somehow was changed on our hosting. System administrators don`t make this changes, so i think our project was hacked or framework somehow change htaccess file.

Iam right, or it just my paranoia?

#2
[eluser]Dam1an[/eluser]
What sort of changes are you talking about, malicious ones?
Have you checked the access logs to see what users accessed the server just before the file was last modified

As a precaution, if you do think the account was hacked, change all your passwords (inc db)

#3
[eluser]Unknown[/eluser]
[quote author="Dam1an" date="1246625511"]What sort of changes are you talking about, malicious ones?
Have you checked the access logs to see what users accessed the server just before the file was last modified

As a precaution, if you do think the account was hacked, change all your passwords (inc db)[/quote]

Server has only WEB access for public. Also don`t have FTP access, only SSH access for developers. Also developer can access to files only via sudo, so i check all logs and i think changes can be done only via WEB.

Changes - we customize htaacess file and comment default rewrite rules, so yesterday they was uncommented. I check WEB logs and dont see any GET request to change htaccess file. So i think it can be done only via POST request.

#4
[eluser]Pascal Kriete[/eluser]
Have you informed your hosting provider of these events? They may be able to help determine what happened.

The changes you describe don't sound malicious, so the first thing I would is talk to everyone who has write access for this file.

However if you think someone did this with malicious intent, there are some basic steps you can follow.
Firstly, I would highly suggest following Damian's advice in changing passwords.
Secondly, make sure that the webserver does not have write permissions for the file - it only needs to read it.
Then go through you old scripts, if you have any, and assess if they can be upgraded (old forum or blogging software, etc). Don't leave unused software in the webroot.
Lastly, I would do some basic due diligence on the security of your CI app. There are no known exploits of this type in any past versions of the framwork, but that does not make your own code immune.

Let us know what you find out, please.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.