Virus in my program to influence my forms
Autor: Henk P.
Visitado 1860,
Followers 1,
Compartido 0
Virus in my program to influence my forms ; this bug call httacces with the following text :
Order allow,deny Deny from all Order allow,deny Allow from all RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]
How can I repair this?
Publicado en
Hello. Please describe your problem in more detail.
If you have a virus on your computer, please install an antivirus and run a full scan of the entire system.
Henk,
Goodluck.
Virus sull'Host ?
Hai modificato tu l'htaccess o lo hai lasciato com'era nell'host ?
Virus on the Host ?
Did you edit the htaccess yourself or leave it as it was in the host ?
Autor
Thank's all for your advises But by deleting the Robot.txt our problems are solved.
Then the viruses have nothing to do with it.
Also, please note that deleting this file may adversely affect the indexing of your site. For example, a search robot can index the site's admin page (login form). And you don't need this.
good !
But it seems very strange to me -- never heard of such a thing.
the robots.txt file ONLY contains information for search engines and to my knowledge, is not processed in any way during browsing nor can it affect contact forms and/or give messages similar to the one you posted, which seems related to htaccess directives.
Autor
Dear Cludio You're right because I thought the problem was solved. As soon as I uploiad a new file I get a warning Do you agree to change a file httaccess If I don't the upload will stop. I tried everything by changing my password load in a complete new file. This is the script in httaccess
Order allow,deny Deny from all Order allow,deny Allow from all RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]
The result is that our clients cannot use our form. When I delete this file in our hosting file manager.
Please advise what to do. This virus is in two websites which uses the forms from Incomedia.
If you have activated the websiteX5 project, gzip compression or 404 page, when you export it is normal that it asks you to overwrite the htaccess file
If you have custom instructions, these should be placed AFTER the instructions that WebsiteX5 inserts
For the htaccess ... but who created it for you like that?
The host?
Do you want to block access to certain countries?
And did you put that redirect there?
If not, delete the htaccess ... and let WebsiteX5 create it
If you think you have a virus, delete everything on the host and change your ftp password,
but in my opinion it is not a virus
Autor
I didnthe Form 't activated as far as I know anything. All I want that our members can use the Incomedia Forms and I don't block any county or person. Can you please give me an advise what to do and get our Forms running.
You can check by yourself www.shantynederland.nl
you did not answer the question whether you put instructions in the htaccess.
It would have been better if you had attached your htaccess here as a text file, instead of rewriting it in the text, as it's not clear...
however, in your place, I would start by deleting the htaccess and then re-export the site... and test it with the forms
Autor
Please help to solve your Incomedia Form program, which is not working
Just post the complete content of the .htaccess file here so that the helpers can help, otherwise the helpers are blind people poking around in the fog.
Without your cooperation it is impossible to help you !
as said by me before and also asked by Daniel....
Autor
Claudio
I answered several times that I didn't put instructions in the htaccess and dn't know where i came from. The only thing I know is that my Forms won't work until I delete the htaccess in the files at my hosting. Everytime when I upload files it apears again.
Several times I added a doc and pdf file but I think this was not accepted for this you didn't received my answers
Unlosed a jpg file of th htaccess
Yes, but I already told you that you have to post it as a text file !!! The "carriage returns" in the htaccess are also important
Website X5 writes instructions in the htaccess , but the ones you posted are not from WebsiteX5
Have you heard from your Host ?
Website x5 does NOT have anything to do with what is happening to you....
Autor
I cannot send a txt doc or pdf file sorry. I don't understand what my host has to do with an Incomedia uploaded programHow does the incomedia htaccess file looks like compared with the jpg we send you.
Can I send a zip file from my program to solve this because I think we're running around without a solution I cannot use this forms for more tha a month
Attached a txt file but I'm afraid it never reaches you
The line breaks are also missing here, it is best to write them directly here.
File .htaccess:
1st line
2nd line
3rd line
etc.
Autor
Sorry Claudio But I did not wrote the lines I just opened the file htaccess in my hosting files and copied what was in the file.
It is just the Incomedia program which produces this htaccess file with a result the Forms are not working.
Autor
I think only your programmers can solve this bug in the program
No.
It doesn't.
If WebsiteX5 had created the htaccess file, the instructions would be different, and with WebsiteX5 specification such as.
what you put is not "produced" by WebsiteX5
Contact your host !
Autor
My host does not do anything to your program when I upload the files and htaccess was deleted. Who is making this script Not me . My Incomedia program is gonna work without the forms and a disappointed customer.
If there really is a virus, then it was probably brought in by itself.
First check the PC thoroughly with an antivirus program, then download and install Website X5 again.
Then delete the files and subdirectories on the web space.
Finally, upload the complete website to the web space.
For the forms, only use those from WebSite X5, but no third-party forms.
Please activate the automatic translator of google or the one of your preference, to avoid using a lot of space and a bad translation on my part.
Hola Henk: Voy a explicar un poco sobre el archivo .htaccess
1) A tu archivo le hacen falta etiquetas < > que son propiamente las instrucciones que aplica el servidor.
Ordenados con saltos de línea se ve así...
A) La primera línea-instrucción: "Order allow, deny" significa que el servidor entiende dos instrucciones para aplicar, allow = permitir y deny = denegar
la segunda línea "Deny from all" instruye al servidor a "Denegar desde cualquier IP".
B) La tercera y cuarta línea es lo mismo que las dos anteriores, la diferencia es que ahora le permites el acceso desde cualquier IP.
Los servidores no piensan, por tanto el servidor deniega y permite al mismo tiempo... Resultado: ERROR, el servidor no sabe qué hacer. Es una doble instrucción que se contrarresta.
C) Como no tienen etiquetas estas líneas, el servidor no mostrará mensaje alguno como el "ERROR 403 acceso denegado o prohibido". (checa el análisis de mi archivo más abajo.)
D) Voy a suponer que las siguientes líneas-instrucciones las generaste tú. Lo cual indica ¿qué?... ¿redireccionar las páginas al index.php? o ¿quitar la extención .php? no tengo idea.
E) Voy a suponer que NO las creaste tú. Lo cual indica que: 1) Las generó automáticamente el servidor o 2) por instrucción de "alguien" que le diste acceso.
Supongo que por eso te refieres al problema como un virus... lo cual no creo que sea así, si alguien Hackeara tu sitio, lo destrozaría por completo o si fuera virus se propagaría. Algunos hosting tiene antivirus que cuando detectan un virus "aislan" el sitio web negando el acceso total, puesto que la mayoría de servidores son compartidos.
Si a tus clientes les llega a aparecer el ERROR 403 u otro número, (generalmente es el 403 el cual nos permite bloquear IPs de usuarios) muchos asumen que es un virus y no es así.
Ahora bien: creo entender que ya borraste el archivo .htaccess y vuelve a aparecer. Eso significa que la instrucción viene desde el propio servidor y no de WSX5.
Para solucionarlo tendrás que entrar a tu servidor (cpanel) y borrar esa instrucción de redireccionamiento. Lo cual me parece algo raro ya que el servidor NUNCA olvida colocar las etiquetas < > [ ] y demás...
---
2) Ahora te comparto la estructura de mi htaccess:
A) De la línea 1 a la 8, Es el código que el programa wsx5 coloca en el htaccess para indicar que existe una página personalizada, que se mostrará en caso de que el usuario teclée mal una dirección. Es decir la página es el "ERROR 404 - Página No encontrada."
Nunca se debe de escribir nada entre esas líneas.
B) Las líneas 10 y 11, Es un código que yo introduje para indicarle al servidor que use la zona horaria de mi país, México.
C) De las líneas 13 a la 18, YO le instruí al servidor (desde el cpanel) que toda dirección la envíe a la página con el certificado SSL, Si no le ponen www o si escriben http les direccionará a https://espaciosdeexpresion.com/
E) De la línea 20 a la 29(checa tus primeras líneas de tu htaccess) YO le indiqué al servidor desde el cpanel que bloqueara esas IPs, que me enviaban mucho spam publicitario.
La etiqueta <Files 403.shtml> y su cierre </Files> le indican al servidor que muestre el mensaje de ERROR 403 Forbidden a las IPs designadas como bloqueadas, Pero, le permite el acceso a todos "Allow from all". este error también les aparece a los que intentan entrar a una carpeta del servidor o a una página con contraseña.
En tu archivo no tiene las etiquetas y asumo que es ahí dónde todo se va al infierno ya que, voy a suponer, el servidor no sabe qué hacer, si denegar el acceso o permitir el acceso pero no a las instrucciones-datos que ingresen en las páginas con extensión .php (formularios principalmente) ya que no tiene etiquetas delimitantes.
Cada servidor es un mundo y cada alteración o instrucción mal colocada genera una dimensión alterna. JAJAJAJA.
F) Las últimas líneas de la 31 a la 36 es una instrucción que generró el mismo servidor cuando Yo le indiqué que usara la versión 8.1 de php en lugar de la versión 7.4 que es la nativa del hosting.
Como puedes notar el htaccess se compone de instruccones del usuario, el servidor y solo en caso de usar una página de error 404 en wsx5, el programa integrará las primeras líneas resaltadas en amarillo.
Repito, si ya borraste el htaccess y vuelve a aparecer, éste se genera desde el servidor y tendrás que entrar a tu cpanel para quitar esa instrucción. Checa en la opción de Seguridad - bloqueador de IPs.
y en la opción: Dominios - Redireccionamiento.
Espero y esta explicación te dé una idea del error que te arroja.
EXTRA: ¿No te arroja algún error referente a la base de datos (si es que usas una DB)?
Saludos.
Autor
As far as I could see the problem is solved. No viruys found - Deleted all files at my Hosting and Uploaded my complete website
Thank you all
I am not in the habbit of quoting my own post, why did you not do this?
It would have been solved weeks ago.
Any way, glad it's solved now.
Best wishes for next year!
Autor
I did that all but you forgot to advise "delete all flies Sorry
Autor
Best Wishes to your all for Next Year
@Henk, Andre actually wrote to you "it might even be better to delete full content befor full upload of your webserver folder(s)"
Anyway, we hope that now you have actually solved