You are here: Home > htaccess
Tag Archives | htaccess

htaccess being hacked and detecting malware on Linux

By on February 19, 2012 in linux, open source

Unfortunately, I’ve had to learn a thing or two about server intrusion, .htaccess being hacked, backdoors and more in the last days. Well, one could say it is a good education… In any case, one of the major issues I was confronted with, is that on one PHP based server (with WordPress) the .htaccess file was manipulated. The hack wasn’t obvious, since it was targeted to any user coming to the site from a search engine and then being redirected to some (random) russian site.

Now, removing the .htaccess file, editing it or changing the file permission did not help, as the file itself was being reset to the hacked version every 30 minutes or so. It was obvious that someone was able to upload a backdoor to the server and calling the file remotely. The question was now, how to find the infected file or uploaded on in order to close the hole?

Luckily, the people at R-FX Network made the malware script available (under the GPL open source license), that lets you scan your server for any malware and infected files. It uses many different scans to find any malware. I especially like, that users can send their infected files to them and they then update the scanner engine. Very effective method to keep your server secure.

In my case, the malware script quickly found the file in question, which was then quarantined. Since then, the WordPress blog worked again. Needless to say, just running this script wont secure your server. You need to have a firewall in place, update your server regularly, read your logs and so on.

If you want to read more about the difference way of hack and how to protect the server I’ve found this blog post from Unmask Parasites very valuable. Also, they have a video of Matt Cutts talking about malware.

 

Comments { 0 }

Configure web server to handle .air files

By on July 21, 2009 in CFML, Development

Recently over at the website of our open source Digital Asset Management company Razuna Ltd., we published a desktop application that was build with Adobe AIR.

Now, while we could easily link to the AIR application, which all end with an extension of “.air”, within the web page it would prompt the user to install the application only under FireFox (both Windows and MacOS X), but users with Safari or Internet Explorer where prompted to download a “.zip” file.

In order to fix this, we had to change the mime type configuration of the web server itself. Now, we figured that there are different solution to this, depending on your web server;

For Apache

Adding the mime type for .air extensions with Apache requires you edit the file “/etc/mime.types” (on RedHat/CentOS) and adding the line:

application/vnd.adobe.air-application-installer-package+zip     .air

Make sure to reboot Apache to apply the changes.

For Tomcat

Adding mime types for your Tomcat installation requires you to edit the file “tomcat/conf/web.xml” and adding a new “mime-mapping” like;

<mime-mapping>
<extension>air</extension>
<mime-type>application/vnd.adobe.air-application-installer-package+zip</mime-type>
</mime-mapping>

Make sure to restart Tomcat to apply the change.

Using .htaccess

If you can’t access the server config files or you simply don’t want to, then the other option is to simply add the mime type to your .htaccess file.  Add the following line to it;

AddType application/vnd.adobe.air-application-installer-package+zip .air

Save it and you should be all set to make it possible to launch the Adobe AIR installer ones your .air file is downloaded.

Comments { 811 }