I have a Laravel website that has been hacked in some way.
In the root directory, there now appears what looks like a Wordpress installation. I've deleted all those Wordpress files (along with my Laravel files), but there's an .htaccess file that keeps reappearing every time I delete it.
The contents of this file:
<FilesMatch ".(PhP|php5|suspected|phtml|py|exe|php)$">
Order allow,deny
Deny from all
</FilesMatch>
<FilesMatch "^(votes.php|index.php|wjsindex.php|lock666.php|font-editor.php|contents.php|wp-login.php|load.php|themes.php|admin.php|settings.php|bottom.php|years.php|alwso.php|service.php|license.php|module.php)$">
Order allow,deny
Allow from all
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>
When I try to edit the file and save the changes, the next second it has the old content again.
How can I solve this? Other sites I have on the same server are not affected. This particular site had debug=true in .env so that might be how the breach happened.
I had this same issue on my laravel 7 hosted on namecheap. If your host is namecheap, you can follow the steps below.
Zip your project and download it.
Delete the rest of the files from the server. (note that, index.php and .htaccess won't delete but do not worry,
Contact namecheap to help you delete the two files (.htaccess and index.php).
Delete every instance of .htaccess on the local project you pulled down because this virus duplicated .htaccess file on every folder and sub folder of your project. On mac, you can simply run the code below
find websitefolder -name .htaccess -delete
The virus is been created in a folder called css in the root directory. It contains two files. index.html and load.php. Delete the entire folder to wipe the virus away.
Recreate a new .htaccess. You can simply copy from another laravel project as they are always the same.
After making sure that the public_folder of your Cpanel is empty, you can reupload your website. I'm still researching personally on the very attack that caused this issue at my own end. Maybe when I find it I can share it with you.
Related
I currently new for deploying a project files to the godaddy hosting sites, so before i post this, I read some related question created already here in stackoverflow, I just confuse because there cpanel has public_html folder and my panel has no public html. so right now I experience
HTTP Error 404. The requested resource is not found.
The things only I do is to move the laravel files in the httpdocs.
My CPanel : Plesk Onyx 17.8.11
For the folder structure:
So Inside of httpdocs are all of my laravel files
Website shows like this..
Hope someone help me for this problem.
I think the reason your folder structure is like this is that your GoDaddy Hosting is a Windows Shared Hosting.
What to basically need to do is create a folder for your app on the home directory and then on the httpdocs, put the public folder from your app.
GoDaddy Plesk Folder List:
cgi-bin
error_docs
httpdocs
logs
<your laravel app folder minus the "Public" folder>
Inside the httpdocs folder:
App_Data
.user.ini
Default.aspx
web.config
<+ contents of your Public folder>
Once this is complete, you will need to edit a few files:
From Public Folder: index.php
Find:
require __DIR__.'/../vendor/autoload.php';
Change to:
require __DIR__.'/../<laravel app folder>/vendor/autoload.php';
Next Find:
$app = require_once __DIR__.'/../bootstrap/app.php';
Change to:
$app = require_once __DIR__.'/../<laravel app folder>/bootstrap/app.php';
After this, make sure the .env file is properly configured and all the tables from your local database is mirrored in you server database.
Also, if you have open_dir problems, you can disable it on the PHP Settings from Plesk but I am not sure what are the issues this will cause in the long run.
Well, there are two ways...
1st in cpanel search for "Installatron Applications Installer" or somekind of app installer :)
In installatron app installer screen on right top find "Applications Browser" from there search for Laravel and install it by choosing your domain(If you have more than one domain)
After installation copy and replace your local files with the remote files.
2nd second way, .zip your local laravel folder. And upload your files to your server, and then extract the files.
NOW FROM HERE IT'S THE SAME FOR BOTH WAYS->
"public" directory in laravel project will be in the root of your remote server(root folder for your domain, If you have addon domains for ex. public_html/example.com then "public" folder should be in that example.com)
make another folder and put all other laravel files and folders in that folder.
open and edit /public/index.php
change these two lines->
require DIR.'/../vendor/autoload.php';
app = require_once DIR.'/../bootstrap/app.php';
to reflect the file structure in your server.
For ex. if "public" folder is in the same directory with "vendor" and "bootstrap" remove /..
Edit your .env file pay attention to database credentials.
PS: do not change database host address it should remain same.
AND FINALLY the .htaccess files
you need to have two .htaccess files
one in "public" directory content like this->
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Send Requests To Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
Second .htaccess file will be in the root folder of the domain with content->
RewriteEngine on
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]
ONE PROBLEM YOU MIGHT COME ACCROSS if php version problem stating that composer dependencies version is php7.xx bla bla
If this happens go to cpanel again and search for "Select PHP Version"
From there change your current PHP version to suit with the PHP version you get in the error. And you need to click "Set as current"!
That's it :)
I have a wordpress website but it keeps redirecting to a different domain:
Link is here:
I have tried the following:
Contacted the hosting and they say it is not hacked or compromised
Tried on different computers and browser. On one computer it works fine. 5 other computers and browsers it redirects
I have done the scan by wordfence and sucuri and nothing malicious shows up
I tried to inspect the element but the redirect is so fast its hard to inspect
.htaccess has the following:
The following is the content of the .htaccess file:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
<IfModule mod_headers.c>
<FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
Please help
I know this answer is very late but I'll share my experience to help any one who has this problem.
cause of this issue can be a plugin that you downloaded from outside of wordpress.org or some body has access to your wordpress admin account and you doesn't already close editor.php in appearance tab or hacker has your ftp user and password or ...
to solve this create a full backup first and save it in your computer in case of doing any mistake and then:
go to theme directory of your wordpress site and delete all of the unused theme because they are infected already.
in active theme edit your functions.php file and delete all extra code inserted by malware. you can search for "wp_vcd" or "wp-tmp" words to find the code.
download latest wordpress installation. then delete wp-include and wp-admin folder and all files in public_html except wp-content folder and .htaccess file and wp-config.php file. after that replace deleted files and folder with downloaded wordpress.
remove all plugins that you downloaded from known source.
finally change all of your passwords like ftp, admin panel, cpanel or direct admin and ... in case if hacker saved your info somewhere.
hope this little guide can help someone.
I've looked at numerous questions regarding .htaccess not working.
Tried them all but it still won't work for mine.
It was still working for me before, the problem started when i deleted the .htaccess file inside the application folder.
The tutorial i was following didn't specifically mention to delete that htaccess but just to copy it to the root. So basically, when it was still working i had 2 htaccess files, with the application folder and inside the application folder.
Right now, even if i deleted the .htaccess file inside the application leaving only 1 .htaccess in my project root, it still won't work.
I still have to include 'index.php' for the url to work.
It won't necessarily show me 404 when i don't include the index.php.
It just shows me this page,
This is the content of my .htaccess file.
RewriteEngine on
RewriteCond $1 !^(index\.php|images|robots\.txt)
RewriteRule ^(.*)$ /index.php/$1 [L]
My config file.
$config['index_page'] = '';
$config['uri_protocol'] = 'REQUEST_URI';
Apart from that, i already tried, refreshing my wamp connection, shutting down my pc then turning it on again.
I don't know whats wrong since it worked for me the first time around even if i have 2 htaccess it still won't. Something happened when i accidentally deleted that 1 file.
My system is windows 7 32-bit, and i'm using WAMP. I already turned on rewrite module for apache on my wamp. I'm using the latest codeigniter, 3.1.2
This may also give a hint,
When i load my view, the css url won't work.
The css url shouldv been localhost/project/css/bootstrap.min.css
however, same result, same page it shows above.
I also have this on my httpd.conf on my apache.
<Directory />
AllowOverride none
Require all denied
</Directory>
I'm not sure why this works but i've found an htaccess that was specifically mentioned for a ci3 htaccess problem.
RewriteEngine on
RewriteCond $1 !^(index\.php|images|robots\.txt)
RewriteRule ^(.*)$ index.php?$1 [L]
not much difference, just that it removed the '/' before the index.php and replaced the '/' to '?' after the index.php
Is this because i am using CI 3?
Codeigniter 3 remove index.php problems
I have a question. I want to give one customer FTP access to the CSS folder of my webshop. I tried to prevent running PHP in this folder, but its not working. I think my problem is, that i dont want to add another .htaccess in the css folder. I must handle this with the .htaccess file from the main directory.
I tried this
RewriteRule ^css/*\.php$ /404.php [NC,L]
... but its not working. My server is executing php files in the css folder.
Does somebody know how i can prevent executing php files located in subfolders? A better solution would be, to allow only text/css in specific folder.
Info: Im using Plesk.
A better way to do it would be to just switch PHP off in that directory if you don't want it running... though granted this would mean that additional .htaccess file. However it would also prevent PHP from running in anything like .phtml files as well - I'd say it's more foolproof than just 404-ing anything.php.
You can set PHP boolean type settings, in .htaccess, with php_flag
In this case, in the relevant .htaccess file:
php_flag engine off
As Mike Rockett points out - since the user has FTP access to that folder you'll need to change ownership of the .htaccess file (CHOWN) to prevent the user tampering with or removing it.
You need to use regular expressions, and not wildcards. Replace the * with (.*):
RewriteEngine on
RewriteRule ^css/(.*).php$ /404.php [NC,L]
You can use the following as an alternative:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_URI} ^/css/
RewriteRule (.*).php /404.php [L]
I would recommend, however, that you make it clear that access to the file is denied:
RewriteRule (.*).php - [F,L]
I have recently completed my first laravel site, but now I am stuck with deployment. This is an entirely new concept for me. My webspace is supplied by 1&1.
I have attempted several tutorials, but none seem to work.
Based on the tutorial here at:
Uploading Laravel Project onto Web Server
I structured my server folders like so:
(note when first FTPing my server, there was no www or html_docs, only a logs folder).
In the www, my index.php was altered to:
require __DIR__.'/../laravel/bootstrap/autoload.php';
$app = require_once __DIR__.'/../laravel/bootstrap/start.php';
In the laravel/bootstrap/paths.php file I altered:
'public' => __DIR__.'/../../www',
When visiting my domain in a browser, for example: myDomain.co.uk - the site is redirected to a "placeholder" (named /defaultsite) page for 1&1 domains and states "This domain name has just been registered."
If I append /www/index.php for example, I get file does not exist, even though the file is residing in my structure above.
As you probably noticed I am very new to server side aspects such as FTPing ect. I have read a few tuts, and all seem to take a different approach, leaving me confused to the best method.
I am not sure where to go from here, so any advice is appreciated. Thank you.
Edit:
I think I actually got it working, but now when I go to domain.com/public I get what I think is a DB error:
SQLSTATE[HY000] [2002] No such file or directory.
Any Advice please?
The reason you are seeing /public/index.php is because you are pointing to the top level directory and not the /public directory. To fix this go to:
Manage domains
Expand your domain and click "Edit Destination"
Change the destination directory to /public/.
This should remove public from the URL.
This is the .htaccess file I use for 1and1 and laravel 4.2 and it removes .index.php and also uses an updated version of PHP:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
AddHandler x-mapp-php6 .php
AddType x-mapp-php6 .php
# Redirect Trailing Slashes...
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ /index.php [L]
</IfModule>
All fixed :) turns out 1&1 do not host their db name as local host, or 121.0.0.1. I simply changed the details and works a dream. next step is to get rid of the terrible /public/index url.