Page 1 of 1

Adding/Updating No execution text to htaccess in virus found directories

Posted: 26 Apr 2010, 23:42
by tvcnet
Hi folks,
Ok, we've found clients with the usual c99 shell scripts installed and the thought occurred to me below.

Could CXS be set to either append this text to existing .htaccess files or add an .htaccess file to directories where obvious shell scripts have been located?
Addhandler text/plain .pl .cgi .php .py .jsp .asp .shtml .sh

Or, maybe you folks have a different approach?


What we do now is alert client to the hack then disable the execution of scripts in the directory via .htaccess:
Addhandler text/plain .pl .cgi .php .py .jsp .asp .shtml .sh


I prefer to not touch client's web site files for a number of reasons, and find that disabling the execution of scripts is more effective. This does a number of things:

1. Disables the hack instantly and any further hacks installed at a later date (both remediates and prevents attacks on client's site).
2. Disables the execution of PHP scripts, which may disable client's web site as well (which tends to get the client's attention and involvement...).

What you think folks?

Thanks,
Jim

Posted: 05 May 2010, 16:15
by chirpy
It's something we'll consider for the future.