Code Injection?

[Megg81]

I've come across 2 files on my server saved as .htaccess.txt and a variation of this, both of which I have now deleted.
One is below, the other was for kernal cruisers in the same format. Is this some sort of code injection or malware?

The first few lines of the code reads as follows (I won't post the whole thing and make it easy for anyone else to make use of it):

RewriteEngine On

RewriteCond %{HTTP_HOST} ^alluringartistry.co.uk$ [NC,OR]

...
...
...
...
ReWrite Rule .....

[steve.ledger]

If in doubt about the content, contact your hosting providor.

[rabbie]

I would check the date the file was created and perhaps the file ownership. if it's owned by the web user, it was probably injected . I would search for other files created around that date also to make sure there is nothing else that was uploaded.

It may be the bot / spammer / hacker now has a back door to that user's account. I would also change the account password.

You could potentially download the entire site via FTP and analyse the contents on your local machine. Make sure you don't execute any of the files on your local machine though (not that they would if you're running Windows).

Let us know what you find, sounds interesting.

[Megg81]

Thanks for your quick replies.

I have deleted both files off the server and have saved a copy of the code as an image file.... just to be on the safe side. At the moment I can't see any other files or folders of the same date. Surely that code alone just saved as a .txt file wouldn't be useful though ? - Should I expect there is something else which links to that file?

I've opened a support ticket with the hosting provider... wait and see the result.

[juergen]

htaccess.txt is a web server configuration file, most commonly used by Apache. Usually it is used to define access control on directory basis. But in fact, you can override many web server settings there. The mod_rewrite module allows to define rewrite of URL for example to create SEO friendly URL for the internet, transforming them to something "unfriendly" on the server itself and vice versa with regex.
Juergen

[Megg81]

Surely .htaccess.txt isn't functional though? Its just a text file.

I've contacted my hosting provider ....who have told me I can delete the files (yay--- already said I'd done that on the first sentence of my support ticket to them... ) so I'm not much further.

My concern though is really how these two files got on there in the first place.