Apparently one of the many articles and editorials I published over the last few days really upset someone. As there have been numerous juvenile attempts to bring down the system. Looking into the phenomenon I discovered that this individual has reminded me that I left phpMyAdmin installed and running on this system. Yes please feel free to scold me now.
Be that as is may the would-be hacker attempted to negotiate an exploit in pma that allows manipulation of the file system. What they had done is effectively try to write a new .htaccess file in the system that would redirect each page to this site http://84f6a4eef61784b33e4acbd32c8fdd72.com.
Fortunately this attempt was only partially successful in that the files were written into the web file system but not fully functional. After spending some quality time with Google and believe it or not Yahoo, I found the best solution to the following apache (WordPress) error message;
.htaccess: RewriteEngine not allowed here, referer:
The above error message refers to the fact that the .htaccess file isn’t really allowed to run where it was found. Worse yet this file contained some garbage and the easiest option is to find and remove all of them, but how does that help you in the future? Frankly it does not, and that whole sifting through each directory can be rather time consuming. Therefore let’s think about this programmatically for a moment.
Suppose we could execute a command that would search the path and locate all of the offending files for us? Suppose we named that command something like find? Oh wait there already is a command called find and it does exactly that.
sudo find SiteName -name ".htaccess"
In fact if you were to execute the above replacing SiteName with the path to you web tree it will traverse the file system returning all of the files located. While this may be all fine and dandy it really does not solve any of the problems other than aide in generating a list of files to work on. Without some further programming we have basically created a check list to manually correct the errors. Since we are not into manual labor, for if we were then we wouldn’t have become programmers or sysadmins we must consider expanding the process.
Fortunately, it is rather simple to create a bash shell script to wipe out the contents of the offending files as well as sac (sac is an old main frame term for setting the access on a file or directory) the permissions. Consider for a moment the simple fixit script that I’ve written to handle the part of the process.
#!/usr/bin/env bash
echo >${1}
chmod 444 ${1}
No that we have a script that will enact the changes we want it is a matter of finding the necessary programmatic glue or magick to make this happen. Fortunately for us the if you examine the find man page, go ahead I’ll wait. Actually it’s rather simple because we already have a script and I have ensured that not only it is in the search path but that it is also executable.
All I need to do at this point is add the script execution to the find command we examined above. I assume you’ve already skimmed the man page and have rejoined the rest of the class so we shall proceed. Just as in the previous example you need to replace SiteName with the path of your site’s root. Examine the following code fragment;
sudo find SiteName -name ".htaccess" -exec fixit {} \;
Notice that I have included the fixit bash script in the command specification. Basically what happens here is that as find locates a file that meets the search specification it calls the command listed in the -exec parameter with that file name as it’s argument. I know what you are thinking that wow that saved a lot of work, whatever is my junior sysadmin going to do now?
One note of caution, since this will clobber every .htaccess file found in the path you may want to make a backup first to preserve the site as it is just in case something goes awry. Other than that I would like to wish you good luck and happy scripting.
ABOUT THE AUTHOR: Mikel King has been a leader in the Information Technology Services field for over 20 years. He is currently the CEO of Olivent Technologies, a professional creative services partnership in NY. Additionally he is currently serving as the Secretary of the BSD Certification group as well as a Senior Editor for the BSD News Network.
Leave a Reply