.htaccess file disappears on web hosting

Started by jeyavinoth, Sep 21, 2022, 09:48 AM

Previous topic - Next topic

jeyavinothTopic starter

Hello there.

Have you ever faced the issue of the .htaccess file going missing from your web host? This can be easily diagnosed as it will result in an inability to access internal links on your website. The solution is relatively simple - upload a new file onto your hosting. However, the question is, can a critical file be deleted from external sources and how can we prevent this?

This has happened to me twice before, so I would appreciate any advice on how to avoid this in the future.

Thank you in advance.
  •  

hieronymusf01

There are several reasons why websites can be hacked. Firstly, passwords can be stolen or guessed for FTP accounts or the administrative section of a website. This can happen due to a virus on the PC, outdated software or weak password selection. To prevent unauthorized access, a firewall is installed on all servers which blocks an IP address after five failed attempts in five minutes.

To lessen the risk of unauthorized access, always use a strong password containing letters, numbers and special characters. Password generators can help you create unique and secure passwords. Avoid storing passwords on unprotected PCs with unverified applications.

Secondly, outdated and vulnerable CMS systems and plugins can also be exploited by hackers. Joomla and WordPress are often targeted. Outdated CMSs make it more likely that hackers can gain access to the site, usually through "leaky" components and plugins.

To improve your website's security, ensure that you update your CMS system and plugins regularly. Use trusted sources when installing components. Regularly check if all modules, plugins and components are up-to-date.

If your website has been hacked, download files from the website to a local PC, check for updates to the CMS and installed modules, and restore the website from an archived copy. Change access passwords to FTP accounts and the administrative section of the website. Clear the cache/ and tmp/ directories of the site. 

At the hosting level, settings such as installing firewalls and enabling mod_security and suhosin can enhance website security. Disabled PHP functions such as system, shell_exec, and exec also improve security.

In conclusion, keeping CMS systems and plugins up-to-date, choosing strong passwords and using trusted resources when installing components can help lessen the risk of unauthorized access.
  •  

Rich

On Linux, files whose names start with "." are considered systemic. Many programs, knowing this, do not display them. Any file whose name starts with a dot will "disappear" like this.
For the Linux console program/command ls, you can pass the -a or --all option so that it shows all files and does not ignore files starting with "."
  •  

PrimoPierotz

In order to address hacking attempts on a website, the entire site needs to be cleaned up. However, this task can be difficult as it is important to find any backdoors that may exist or the cleaning up process will be inadequate.

Once the cleanup is complete, ensure that you update JCE to the latest version. It's imperative for website owners to update all components and plugins regularly in order to maintain a high level of security. Vulnerabilities such as those found in JCE are not limited to Joomla and can appear in other content management systems.

It is unlikely that there would be any injections into the database unless comprehensive measures have not been taken. However, it is important to stay vigilant and take necessary precautions to prevent a breach.
Hackers are always looking for ways to exploit vulnerabilities and gain unauthorized access. Regularly checking for updates and implementing security measures can help prevent hacking attempts and keep your website secure.
  •  

AlwayzBluFFinG

While it is unlikely for critical files like .htaccess to be deleted from external sources, it's always a good practice to take precautions to prevent such situations. Here are a few recommendations:

1. Regular Backups: Make sure to regularly backup your website files, including the .htaccess file. This way, even if it gets deleted, you can easily restore it from a backup.

2. Secure File Permissions: Set proper file permissions on your web server to restrict unauthorized access and modification. This helps prevent accidental or malicious deletion of critical files.

3. Update Security Measures: Keep your website and its underlying software up to date with the latest security patches. This helps protect against potential vulnerabilities that could lead to file deletion.

4. Trusted Sources: Be cautious when installing third-party scripts or software. Only download them from trusted sources to minimize the risk of receiving files that could harm or delete critical files.

5. Monitor File Changes: Regularly monitor your website's file system for any unexpected changes or deletions. Some hosting providers offer file change monitoring tools that can alert you to any modifications made to your files.

By following these steps, you can significantly reduce the chances of encountering such issues in the future.
  •