Home General support

Something fishy with the htaccess file

Moritz83 Member
in General support
Hey guys

just wanna to share something fishy. I set up my page 2 months ago and stopped working on it cause of too much work at the office. At this point it was running smoothly without any problem. Today I visit my page again to continue my work and I was not able to open it. It was only giving me an 500 error.

I thought it might be the htaccess file so I deleted it, rerun the setup process and it's working again.

Here is my question: I've seen that the htaccess has been edited today (when I tried to visit the page). Is this correct? I set the permissions to 0664, otherwise it won't work. Is this fine or should it be something else? And why has it been edited?

Now I am running Zenphoto 1.4.1.6 and the masonary theme 1.4.1 so I am more or less up2date.

Comments

  • fretzl Administrator, Developer
    Probably your site has been hacked too.

    There are a lot of posts about this on the forum.
    Start with these:
    `http://www.zenphoto.org/news/security-alert-part-2`
    and
    `http://www.zenphoto.org/support/topic.php?id=9951`

    Zenphoto 1.4.1.6 is the safe/patched version.
  • Moritz83 Member
    So with 1.4.1.6, a new user / password and a fresh .htaccess I am safe or is it neccessary to follow the steps in "Security Alert Part 2"?

    I could setup a fresh installation as well if needed, just need to know ;)
  • fretzl Administrator, Developer
    Better be safe than sorry then.

    I recommend you start with a fresh install.

    Backup your database.
    Delete all your old files and folders, except the `albums` folder.

    Good luck
  • Moritz83 Member
    so I am doing the following:

    - backup the database
    - delete everything except "album"
    - install 1.4.1.6
    - restore the database

    I am using the zpmasonry theme at the moment. Can I backup (I made a few changes to the templates I don't want to lose) and restore it too?

    Thank you very much for your help!
  • acrylian Administrator, Developer
    You should always make your own custom copy if you modified a theme (zpmasonry is not official so it has nothing to do with the install/update directly).

    if you use the Zenphoto tool for backuping you should also not deletle the backup folder.

    If you backup your database for re-importing you probably should take a look at its contents in case you were indeed hacked. Otherwise you would restore the hacked contents as well.

    As far as we know the at least specific recent hacks did not affect the database.
  • Moritz83 Member
    In this case I will install 1.4.1.6 and start over from 0, think it's not taking much longer than analysing the database and stuff.

    By the way, I am not using the "Zenphoto Tool" for a backup, always using my FTP client so I can decide what to backup and exclude everything else.

    Why is it better to make a custom copy than changing the original theme directly?

    Thank you for your help!
  • fretzl Administrator, Developer
    I am not using the "Zenphoto Tool" for a backup
    The tool is only to backup your database.

    Check all your zpMasonry files to be absolutely sure ther is no malicious code inserted somewhere.
    If all is clean you can of course use those files again.
    Why is it better to make a custom copy than changing the original theme directly?
    That refers to official themes. When you want to modify one of those themes it's best to make copy of it, rename it and then make the changes.
    This way your theme will not be overwritten during an update.
  • Moritz83 Member
    I've done everything and my site is back again. Took me about 3 hours to get back on track but now I should be safe. Thank you for your help
Sign In or Register to comment.