Help in Configuring .htacess

[torrfriend]

hi guys,
my old unused site is hacked , hacker accessed the root i think so(he changed the index page), also panel is directadmin.
but i not used the .htaccess , this may be the reason for hacking

That's old story.....
Now my site in another host, with cpanel.

How to configure .htaccess file(in cpanel), where to put .htaccess file and how to write permissions.....

please tell me in brief, i not even touched/used that file....

Thanks

torrfriend Reviewed by torrfriend on 25th Sep 2011. Help in Configuring .htacess hi guys, my old unused site is hacked :(, hacker accessed the root i think so(he changed the index page), also panel is directadmin. but i not used the .htaccess , this may be the reason for hacking That's old story..... Now my site in another host, with cpanel. :) How to configure .htaccess file(in cpanel), where to put .htaccess file and how to write permissions..... please tell me in brief, i not even touched/used that file....:( Rating: 5

[Lock Down]

In cpanel not whm there are options to password protect folders and setting up keys for ssh but nothing for .htaccess files. How did they hack your site? Might have been a hack to the server and they went through the hosts panel to hack your site.

[softleaks]

hey upload your htaccess file through ftp.

[torrfriend]

In cpanel not whm there are options to password protect folders and setting up keys for ssh but nothing for .htaccess files. How did they hack your site? Might have been a hack to the server and they went through the hosts panel to hack your site.

So that the problem with host.....?
(so how to know my host is secure......?)

hey upload your htaccess file through ftp.

ok..but what i want to write in .htaccess file, i not used or tried and i need to put in all folders...?

[DOPE]

put it in your site root

[BigScoots]

So that the problem with host.....?
(so how to know my host is secure......?)


ok..but what i want to write in .htaccess file, i not used or tried and i need to put in all folders...?

There are many different ways a hacker could of got in apart from it being your hosts fault.

.htaccess will affect every sub-directory after the directory you actually place it in. If you want your whole site to be affected by it then you would put it in your root web directory such as public_html or www in cPanel.

[torrfriend]

There are many different ways a hacker could of got in apart from it being your hosts fault.

so how to check that "many different ways" (any tools) , so atleast i will make it to few ways......

[BigScoots]

What did the hacker do exactly? Did he just embed code into your html? What CMS are you running if any. Did any of your directories/files need to be chmod'd?

[fdls]

Well to set up the .htaccess follow this. You don't actually need to create a .htaccess in cPanel because there is already one created. When you click File Manager in cPanel be sure to check Show Hidden Files on the pop-up that shows up. Now in the File Manager there is the .htaccess.

Edit it simply via the cPanel itself or download and re-upload via FTP once you are done editing.

To secure via .htaccess you can simply restrict access to a particular directory like admin folder, for example in Wordpress we have wp-admin folder. You can also deny any particular IP if you find suspicious via the .htaccess itself.

Examples for the same are below :

Code: 

order allow,deny
deny from 123.45.6.7
deny from 012.34.5.
allow from all

Preventing access to files like .htaccess

Code: 

<Files .htaccess>
order allow,deny
deny from all
</Files>

Here are more examples on how to secure website via .htaccess

Code: 

http://www.javascriptkit.com/howto/htaccess6.shtml