.htaccess file constantly overwritten by malware

  • We’ve been having an issue for the past month or so where our .htaccess file is overwritten, eventually allowing malware php files to be uploaded and the site going offline (this process seems to take about 3 days).

    Here’s the code from the hacked .htaccess file:


    <Files ~ "\.(j|php|php3|php5|php4|phtml|gif|png|phpgif|pHp|PHP|PhP|PHp|pHP)$">
    deny from all
    </Files>
    <Files "bogel*">
    Allow from all
    </Files>
    <Files "myluph.php">
    Allow from all
    </Files>
    <Files "metri.php">
    Allow from all
    </Files>
    <Files "recky.php">
    Allow from all
    </Files>

    So far, I have:

    Changed all passwords
    Made sure permissions on .htaccess were set to 644
    Deleted all unused plugins
    Made sure all active plugins/WP are latest versions
    Run Sucuri scan (clean)
    Run unmaskparasites.com scan (clean)
    Searched for solutions (all I find are other infected sites and articles that don’t apply to this situation)

    Despite all of the above, when I upload the clean .htaccess file, it is overwritten again within a couple of days. Now what?

Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘.htaccess file constantly overwritten by malware’ is closed to new replies.