1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

.htaccess file

Discussion in 'Blogging' started by thedon23, Mar 24, 2012.

  1. thedon23

    thedon23 Elite Member

    Joined:
    Dec 21, 2009
    Messages:
    1,759
    Likes Received:
    1,268
    Some of you may have seen that I've been having some problems with my Wordpress site lately (it's not displaying Adsense ads). I went through my Cpanel, to see if anything was changed. This started on the 21st of March.

    In my Cpanel, I noticed that the .htaccess was modified on the 21st of March as well. Now, is an .htaccess file something that auto updates by itself or something? Or should the fact that it was modified throw up a red flag?

    Not sure if this helps, but here is my .htaccess file:

    Code:
    # BEGIN W3TC Browser Cache
    <IfModule mod_mime.c>
        AddType text/css .css
        AddType application/x-javascript .js
        AddType text/x-component .htc
        AddType text/html .html .htm
        AddType text/richtext .rtf .rtx
        AddType image/svg+xml .svg .svgz
        AddType text/plain .txt
        AddType text/xsd .xsd
        AddType text/xsl .xsl
        AddType text/xml .xml
        AddType video/asf .asf .asx .wax .wmv .wmx
        AddType video/avi .avi
        AddType image/bmp .bmp
        AddType application/java .class
        AddType video/divx .divx
        AddType application/msword .doc .docx
        AddType application/vnd.ms-fontobject .eot
        AddType application/x-msdownload .exe
        AddType image/gif .gif
        AddType application/x-gzip .gz .gzip
        AddType image/x-icon .ico
        AddType image/jpeg .jpg .jpeg .jpe
        AddType application/vnd.ms-access .mdb
        AddType audio/midi .mid .midi
        AddType video/quicktime .mov .qt
        AddType audio/mpeg .mp3 .m4a
        AddType video/mp4 .mp4 .m4v
        AddType video/mpeg .mpeg .mpg .mpe
        AddType application/vnd.ms-project .mpp
        AddType application/x-font-otf .otf
        AddType application/vnd.oasis.opendocument.database .odb
        AddType application/vnd.oasis.opendocument.chart .odc
        AddType application/vnd.oasis.opendocument.formula .odf
        AddType application/vnd.oasis.opendocument.graphics .odg
        AddType application/vnd.oasis.opendocument.presentation .odp
        AddType application/vnd.oasis.opendocument.spreadsheet .ods
        AddType application/vnd.oasis.opendocument.text .odt
        AddType audio/ogg .ogg
        AddType application/pdf .pdf
        AddType image/png .png
        AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx
        AddType audio/x-realaudio .ra .ram
        AddType application/x-shockwave-flash .swf
        AddType application/x-tar .tar
        AddType image/tiff .tif .tiff
        AddType application/x-font-ttf .ttf .ttc
        AddType audio/wav .wav
        AddType audio/wma .wma
        AddType application/vnd.ms-write .wri
        AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw
        AddType application/zip .zip
    </IfModule>
    <IfModule mod_expires.c>
        ExpiresActive On
        ExpiresByType text/css A31536000
        ExpiresByType application/x-javascript A31536000
        ExpiresByType text/x-component A31536000
        ExpiresByType text/html A3600
        ExpiresByType text/richtext A3600
        ExpiresByType image/svg+xml A3600
        ExpiresByType text/plain A3600
        ExpiresByType text/xsd A3600
        ExpiresByType text/xsl A3600
        ExpiresByType text/xml A3600
        ExpiresByType video/asf A31536000
        ExpiresByType video/avi A31536000
        ExpiresByType image/bmp A31536000
        ExpiresByType application/java A31536000
        ExpiresByType video/divx A31536000
        ExpiresByType application/msword A31536000
        ExpiresByType application/vnd.ms-fontobject A31536000
        ExpiresByType application/x-msdownload A31536000
        ExpiresByType image/gif A31536000
        ExpiresByType application/x-gzip A31536000
        ExpiresByType image/x-icon A31536000
        ExpiresByType image/jpeg A31536000
        ExpiresByType application/vnd.ms-access A31536000
        ExpiresByType audio/midi A31536000
        ExpiresByType video/quicktime A31536000
        ExpiresByType audio/mpeg A31536000
        ExpiresByType video/mp4 A31536000
        ExpiresByType video/mpeg A31536000
        ExpiresByType application/vnd.ms-project A31536000
        ExpiresByType application/x-font-otf A31536000
        ExpiresByType application/vnd.oasis.opendocument.database A31536000
        ExpiresByType application/vnd.oasis.opendocument.chart A31536000
        ExpiresByType application/vnd.oasis.opendocument.formula A31536000
        ExpiresByType application/vnd.oasis.opendocument.graphics A31536000
        ExpiresByType application/vnd.oasis.opendocument.presentation A31536000
        ExpiresByType application/vnd.oasis.opendocument.spreadsheet A31536000
        ExpiresByType application/vnd.oasis.opendocument.text A31536000
        ExpiresByType audio/ogg A31536000
        ExpiresByType application/pdf A31536000
        ExpiresByType image/png A31536000
        ExpiresByType application/vnd.ms-powerpoint A31536000
        ExpiresByType audio/x-realaudio A31536000
        ExpiresByType image/svg+xml A31536000
        ExpiresByType application/x-shockwave-flash A31536000
        ExpiresByType application/x-tar A31536000
        ExpiresByType image/tiff A31536000
        ExpiresByType application/x-font-ttf A31536000
        ExpiresByType audio/wav A31536000
        ExpiresByType audio/wma A31536000
        ExpiresByType application/vnd.ms-write A31536000
        ExpiresByType application/vnd.ms-excel A31536000
        ExpiresByType application/zip A31536000
    </IfModule>
    <IfModule mod_deflate.c>
        <IfModule mod_setenvif.c>
            BrowserMatch ^Mozilla/4 gzip-only-text/html
            BrowserMatch ^Mozilla/4\.0[678] no-gzip
            BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
            BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
        </IfModule>
        <IfModule mod_headers.c>
            Header append Vary User-Agent env=!dont-vary
        </IfModule>
        <IfModule mod_filter.c>
            AddOutputFilterByType DEFLATE text/css application/x-javascript text/x-component text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon
        </IfModule>
    </IfModule>
    <FilesMatch "\.(css|js|htc|CSS|JS|HTC)$">
        <IfModule mod_headers.c>
            Header set Pragma "public"
            Header append Cache-Control "public, must-revalidate, proxy-revalidate"
        </IfModule>
        FileETag MTime Size
        <IfModule mod_headers.c>
             Header set X-Powered-By "W3 Total Cache/0.9.2.4"
        </IfModule>
    </FilesMatch>
    <FilesMatch "\.(html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|HTML|HTM|RTF|RTX|SVG|SVGZ|TXT|XSD|XSL|XML)$">
        <IfModule mod_headers.c>
            Header set Pragma "public"
            Header append Cache-Control "public, must-revalidate, proxy-revalidate"
        </IfModule>
        FileETag MTime Size
        <IfModule mod_headers.c>
             Header set X-Powered-By "W3 Total Cache/0.9.2.4"
        </IfModule>
    </FilesMatch>
    <FilesMatch "\.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip|ASF|ASX|WAX|WMV|WMX|AVI|BMP|CLASS|DIVX|DOC|DOCX|EOT|EXE|GIF|GZ|GZIP|ICO|JPG|JPEG|JPE|MDB|MID|MIDI|MOV|QT|MP3|M4A|MP4|M4V|MPEG|MPG|MPE|MPP|OTF|ODB|ODC|ODF|ODG|ODP|ODS|ODT|OGG|PDF|PNG|POT|PPS|PPT|PPTX|RA|RAM|SVG|SVGZ|SWF|TAR|TIF|TIFF|TTF|TTC|WAV|WMA|WRI|XLA|XLS|XLSX|XLT|XLW|ZIP)$">
        <IfModule mod_headers.c>
            Header set Pragma "public"
            Header append Cache-Control "public, must-revalidate, proxy-revalidate"
        </IfModule>
        FileETag MTime Size
        <IfModule mod_headers.c>
             Header set X-Powered-By "W3 Total Cache/0.9.2.4"
        </IfModule>
    </FilesMatch>
    # END W3TC Browser Cache
    
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress
     
  2. extremephp

    extremephp BANNED BANNED

    Joined:
    Oct 19, 2010
    Messages:
    1,293
    Likes Received:
    1,272
    As I see, its w3 cache working on your htaccess to make cache your files to provide users with maximum static data which is way faster than how it is currently pulled up by Wordpress.

    I cant find seem to find anything phishy as I cant see any 301s fucking you up.
     
    • Thanks Thanks x 1
  3. thedon23

    thedon23 Elite Member

    Joined:
    Dec 21, 2009
    Messages:
    1,759
    Likes Received:
    1,268
    n00b question, but what is the BMP file? :p

    Thanks buddy. That's a relief haha :p
     
  4. blackberry

    blackberry Power Member

    Joined:
    Apr 26, 2009
    Messages:
    675
    Likes Received:
    218
    Occupation:
    Making money
    Location:
    Planet Earth
    It is also smart to hide the htacess from being viewed.


    To do that you can use this:

    <FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    </FilesMatch>


    That means only you can see and modify the htaccess.
     
    • Thanks Thanks x 1
  5. momba12

    momba12 Junior Member

    Joined:
    Apr 7, 2011
    Messages:
    122
    Likes Received:
    30
    From my understanding of htaccess files, it shouldn't auto update unless you use a plugin that does it for you. It is a static file. Be sure your file permissions are set correctly too. 644 vs 777. To me that is a very big red flag.



    Just a thought, Have you checked the code on your adsens ads just in case someone tried to slip their own ads on your site? Not sure how thats possible, however if they got into your htacess file then who knows.

    Also, if your using an old free theme or something your timthumb file is up to date.

    Thats just me being paranoid.
     
    • Thanks Thanks x 1
  6. blackberry

    blackberry Power Member

    Joined:
    Apr 26, 2009
    Messages:
    675
    Likes Received:
    218
    Occupation:
    Making money
    Location:
    Planet Earth
    Yeah he is right.

    I bet it was the W3C plugin that made the htaccess change.
    I belive in the settings you give it permission and when done it changes the chmod to something more secure.

    However to be save verify that the htaccess permissions is 644 or even 700 if your paranoid.

    Also it should not be not too hard technically to inject someone elses ads into your website if they have access to your htaccess file, simply by using a 301 redirect or some other rule.



     
    Last edited: Mar 26, 2012