Today, a strange folder appeard in my public_html directory.It's named wp-admin and has a file in it named n184976 with a lot of lines of code.
Since this, the title of the website changed,so when i search on google my website it will appear,but the title will be something in japannese.
Plus that, the index file was replaced by another index.php with a strange include(i deleted that).
I need to specify that i didn't used wordpress or something like this.
It's my website hacked?
If i delete this strange directory the title will come to normal?
Related
I took over a website which I'm supposed to admin and somebody brought to my attention that certain Indexes and Files are available, which shouldn't be. I will be using dummy names.
You were able to access example.com/intern before, but I changed a line in /etc/apache2/apache2.conf according to this https://stackoverflow.com/a/31445273 . This worked partly, as I get a 403-Forbidden when I now navigate to example.com/intern and that's basically what I want.
However the directory intern governs a file called file.php.bak aswell as file.php. When I navigate to example.com/intern/file.php I get a white website. I am however not sure, if you are able to access file.php in another way, because the site does load and I don't get a 403 like before. What is way worse and the reason I am struggling with this is: If I go to example.com/intern/file.php.bak then my Browser (Firefox) offers me to download file.php.bak, which I can read in plaintext. I want all files in intern to not be accessible via the website, but I have no idea how to do this. Can anybody help?
Things I've tried:
Removing the Indexes from the apache2.conf file like mentioned above. It only puts the 403 on the directory itself and not recursively for all the files in it.
Writing a .htaccess file as described here: https://fedingo.com/how-to-prevent-direct-file-download-in-apache-server/ and putting it in intern with the same result as in 1)
Putting an empty index.html file in the intern directory. This leads to no more 403 in example.com/intern, but the download on example.com/intern/file.php.bak is still possible. I've also tried index.php with the same result.
File System:
The application runs from /var/www/application which is also the folder for the /var/www/application/index.php I want to use. The /var/www/application/intern directory is also there. While it isn't browsable anymore, the files in it still are accessible. /var/www/application/intern/file.php can be navigated to via example.com/intern/file.php, but it seems like it can't be downloaded or read as it results in a white page. /var/www/application/intern/file.php.bak can however be downloaded via example.com/intern/file.php.bak.
Let's say Apache document root is set to DocumentRoot "/folder_one/folder_two"
Placing files in a folder_one will prevent people browsing your apache server and requesting the files directly.
Place index file in folder_two and include some code such as PHP to tell apache to include whatever files you want from folder_one.
In this manor Apache will still be able to serve whatever files you want from folder_one and people will not be able to request the files directly as the are located in a directory above the Apache document root.
I have a static website on an Apache server. I have an folder (who's name I don't give out to anyone else) that I don't want anyone to randomly stumble upon. Is there any way to have directory listing under a different page?
To clarify, I have directory listing turned off at the root folder of example.com. In the subfolder that correspondes to example.com/folder1/, I have another .htaccess that allows directory listing. However, I don't want someone who types in example.com/folder1/index.html or the equivalent to see the directory listing. I want them to have to go to example.com/folder1/otherindex.html to see the listing.
Is this possible with Apache?
Should be
DirectoryIndex filename
in your .htaccess
I have a website with a structure created by users depending content. That structure is something like this:
www.domain.com/
www.domain.com/vehicles/
www.domain.com/vehicles/vehicles.html
www.domain.com/vehicles/cars/
www.domain.com/vehicles/cars/cars_x.html
www.domain.com/vehicles/bikes/
www.domain.com/vehicles/bikes/bikes_new.html
www.domain.com/vehicles/bus/
www.domain.com/vehicles/bus/bus_big.html
Site is working properly, well seo indexed but sometimes, users or visitors write down wrong addresses like www.domain.com/vehicles/cars or www.domain.com/vehicles/cars/ and that returns a 404 page not found or 403 directory listing forbidden.
Its possible (with htaccess) to tell apache to get the first or only html file on directory if directory exists by default? in pseudocode
if www.domain.com/vehicles/cars is directory
and www.domain.com/vehicles/cars has not default page (index.html/index.php)
get 1st/only .html file at directory for serving it.
bts, its not possible to create or add an index.html/index.php in every directory due its dinamically created by editors and they decide the file names.
Thanks!
I was just asked to work on a terrible site that the client is running off IIS. I can't make changes to the live server so I attempted to install the site on my testing server running Apache.
The site's homepage is up and running but I cannot navigate to any subdirectories. The nav menu has links like /about-us/ -- however, there is no index.php file in the about-us directory. Instead there is a file named about-us.php.
If I was getting paid to fix the site up I would do the work to rename the files and/or links, but for now I just want to get this thing running so I can make my CSS and content edits and be done with it. I assume there is some easier way (using htaccess?) to dynamically tell Apache that, when directed to a subdirectory, look for /foo/foo.php instead of /foo/index.php -- right now all I get is a directory listing or permission denied if I turn indexing off.
I've been Googling around but can't find anything that looks like the same problem -- can one of you rewrite gurus please point me in the right direction?
The best approach for you is to set the appropiate DirectoryIndex for each directory as in:
<Directory /path/to/about-us>
DirectoryIndex about-us.php
</Directory>
You can also define a single "controller" in case there is no index page found, this is done like:
FallBackResource /index.php
I am running Magento Community Edition version 1.7.0.2.
I would like to know, how come are there two .htaccess
files in my installation, one in the magento root directory,
and another one in the magento app directory just beneath
the magento root directory?
On my system the first one is 209 lines long whereas the
second one only contains two directives.
Can anyone please explain how come there are two files
instead of one. Are both parsed or just one of them?
Normaly each .htaccess-File paresed, cause they could be used additional.
The last .htaccess-File may overwrite or enhanced previuos ones.
The .htaccess file in app/ is used to "deny" all access to any file under app. Without this someone could access http://yourdomain.com/app/etc/local.xml and see your database credentials, among other bad things. A similar file should be present in var/ as well (to prevent viewing logs, etc)
Delete the existing file and try adding default new .htaccess file
Magento default htaccess file