Adding/Updating No execution text to htaccess in virus found directories

Post Reply
tvcnet
Junior Member
Posts: 38
Joined: 30 Sep 2009, 00:01

Adding/Updating No execution text to htaccess in virus found directories

Post by tvcnet »

Hi folks,
Ok, we've found clients with the usual c99 shell scripts installed and the thought occurred to me below.

Could CXS be set to either append this text to existing .htaccess files or add an .htaccess file to directories where obvious shell scripts have been located?
Addhandler text/plain .pl .cgi .php .py .jsp .asp .shtml .sh

Or, maybe you folks have a different approach?


What we do now is alert client to the hack then disable the execution of scripts in the directory via .htaccess:
Addhandler text/plain .pl .cgi .php .py .jsp .asp .shtml .sh


I prefer to not touch client's web site files for a number of reasons, and find that disabling the execution of scripts is more effective. This does a number of things:

1. Disables the hack instantly and any further hacks installed at a later date (both remediates and prevents attacks on client's site).
2. Disables the execution of PHP scripts, which may disable client's web site as well (which tends to get the client's attention and involvement...).

What you think folks?

Thanks,
Jim
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

It's something we'll consider for the future.
Post Reply