.htacces changed

Posted: Sat Mar 25, 2006 2:42 pm

Hi there.
Today my site got "hacked". Nothing special you would say....But this is very unusual. My site is protected using the latest nukesentinel, and .htaccess/.staccess activated and all worked fine. No1 could enter anything. But today there was some1 online multiple times (about 30 times), that was very suspicious, and then a couple of seconds later site went offline, getting bad request CGI 500 internal server error. It seemed to be that ip used a script/programme to hack cgi files, or sumfn.
No when I delete the .htaccess, then the site works fine, but when activating a .htacces file (even a blank 1 ) will give the very same error:

The server encountered an internal error and was unable to complete your
request. Either the server is overloaded or there was an error in a CGI script.

Is it possible sumfn was changed in the server config?

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

An internal error, possibly related to the htaccess file, doesn't necessarily indicate that your site was hacked. It could be that the server config was changed, as you suggested.

What the htaccess modified? What are its contents? Are there other new or changed files (e.g. CGI)? Did you check with the web host to see if anything was changed or is not working properly?

Posted: Sun Mar 26, 2006 4:54 am

There was nothing changed in the config of the server by the webhost. I actually had to call him to solve this issue. Nothing has changed in the .htaccess files. I simply can not use .htaccess files anymore due to some unknown reason.

Posted: Sun Mar 26, 2006 7:25 am

Thanks. Did the webhost explain what he did to solve it or what caused it?

Posted: Sun Mar 26, 2006 9:20 am

At first I could not find the solution, so I called him to find out the reason why the site was showing that error.
Then I got a mail where he told me it was the .htaccess file causing the problem. By deleting the file or just renaming it solved the problem. At first I thought it was the file itself and I uploaded the orriginal backup of the .htaccess file. But now when I put a .htaccess file on the site, I get the 500 error. Even when it's a blank file.
It's sunday, so there is no immideate help on this from my webhost. I think it's a server prob, but I just wanted to know if some1 has had a similar issue, and how to solve this.

I feel less secure now, knowing that .htaccess security is not working properly now.

Posted: Sun Mar 26, 2006 10:16 am

htaccess isn't just for security. If the htaccess file has NOTHING in it, then it's definitely a server problem. If it has something in it, that might be the problem.

Posted: Sun Mar 26, 2006 10:59 am

No...that's not what I said...
When I add a .htaccess file on the server, (a blank 1 or 1 with data) I get the 500 error...I checked the file, nothing is added....I'll just wait untill I hear back from my webhost about this issue.

Maybe sumfn changed the server settings...

Posted: Sun Mar 26, 2006 11:02 am

Right. If the htaccess file has NOTHING in it, then it's definitely a server problem.

Posted: Sun Mar 26, 2006 3:37 pm

LOL, I think u don't understand....
When upload the .htaccess file which has the correct info for Sentinel, I get the 500, WHen I add a .htaccess file with no info, I get 1 also. So basicly after adding a .htaccess in the first place gives a 500 error.

I just wanted to let u guys know there's a script on the loose which can alter server settings.

Posted: Sun Mar 26, 2006 4:49 pm

I think we get the picture - anything named .htaccess is causing a problem regardless of whether it is blank (empty) or not. Smile

As kguske mentioned, I think this is a server related problem. Is your host using PHP compiled as a cgi module?

Posted: Sun Mar 26, 2006 8:11 pm

You're right - I did not understand "blank" and "nothing is added" to mean "the correct info for Sentinel".

You said your site got "hacked" and the htaccess file was causing the problem. So basically, something must've changed in your htaccess file or in your server's configuration. What exactly ARE the contents of the htaccess file? What exactly does your phpinfo() report?

If you consider the possibility that someone managed to change the server settings, couldn't the webhost compare that to the default settings? Do you have a local php.ini file in the nuke directory (or above it)?