How To Fix Attacked .htaccess File On Godaddy Shared Hosting

Got a call from a client about website not coming up. If you searched for the site in a search engine and clicked on any link to the site you got a page about a missing PHP file.  This site is a static HTML site.

I opened the .htaccess file and saw redirects to the PHP file that didn’t exist. I cleared out the .htaccess file and when you click on the search link the site came up fine.

I contacted Godaddy looking for help, but they don’t deal with .htaccess files. You are on your own. They do offer SiteLock to protect the site.

I used the following links advice and to change the name of the .htaccess file and the contents of the file rewrite the name back to all lower case.

https://perishablepress.com/improve-site-security-by-protecting-htaccess-files/

My final .htaccess file containted the following

<Files ~"^.*\.([Hh][Tt][Aa])">
order allow,deny 
deny from all 
satisfy all 
</Files>

In addition, i changed the password for the FTP access. Next step is to use Sucuri. I know they can protect this site.

I hope this helps me and helps someone else out there…

 

This entry was posted in Programming, Security, Web Hosting, Website Security. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *