.htaccess hacked - Imunify 360 can't clean or delete bad file

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • steveI
    Junior Member
    • Dec 2022
    • 3

    #1

    .htaccess hacked - Imunify 360 can't clean or delete bad file

    The .htaccess for my public_html directory has been changed. When I try to edit or delete it from ssh, the malware writes it back, so I can't fix it. Imunify 360 can't clean or delete it because the permissions are 444. When I try chmod to change to 644 as root user, it changes for an instant to 644, then goes back to 444. I have heard of similar attacks on WordPress sites, but my site is not a WordPress site. Have any of you experienced a similar attack? How did you resolve it?
  • bogdan.sh
    Administrator
    • Nov 2016
    • 1221

    #2
    Are you sure it's hacked? What actually is added to it?

    Comment

    • steveI
      Junior Member
      • Dec 2022
      • 3

      #3
      It was hacked. Imunify 360 cleaned it up except for one file which required Tech support to fix. Tech support was rapid and effective.

      Comment

      • bogdan.sh
        Administrator
        • Nov 2016
        • 1221

        #4
        Thanks for getting back here. I have just reviewed the case and for future cases - there was an in-memory malware that was re-injecting the .htaccess files. A manual interaction was required by our malware cleanup team.

        Comment

        Working...