Post by Cleo » Sun May 02, 2021 5:48 pm

Since my post last week the cpanel/error started to show the errors again, so when someone was trying to access the folder public_html/image/

They would get a 404.php page which I believe is correct because there is an .htaccess file in it

And in Cpanel/error I can see the following:

Code: Select all

2021-04-29 22:46:27.888373 [INFO] [26090] [77.75.78.164:44725#APVH_xxxxx.lesbricollesdecleo.com:443] File not found [/home/xxxxx/public_html/image/error_404.php] 
The following is the content of the .htaccess file:

Code: Select all

RewriteOptions inherit
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.JPG$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpeg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.png$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.PNG$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.gif$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.GIF$
RewriteRule ^(.+)$ /circkel/ [NC]

But again last night the cpanel/error stop populating and if someone try to acces a folder like public_html/image/ public_html/system/

Instead of seeing the 404.php page they are seing the following:

Code: Select all

www.lesbricollesdecleo.com199.119.75.230Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0/image/ 
And also if I block an IP in Cpanel/IP Address Block not only the block address will be written at the bottom of my public_html/.htaccess but it will also add the follolwing in my public_html/image/.htaccess below the above rules:

Code: Select all

<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 45.156.184.40
deny from 216.244.66.226
This never happen before I don't know why it is doing it now.

I am starting to believe that my site is haunted :(

Does anyone have any idea why this is happening?

Regards,

Cleo
Last edited by Cleo on Mon May 03, 2021 11:20 pm, edited 1 time in total.

Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)


User avatar
Active Member

Posts

Joined
Wed Mar 09, 2011 5:19 am

Post by xxvirusxx » Sun May 02, 2021 6:12 pm

Cleo wrote:
Sun May 02, 2021 5:48 pm
File not found public_html/image/error_404.php

My converted modules | Buy me a beer | Opencart upgrade service


User avatar
Expert Member

Posts

Joined
Tue Jul 17, 2012 10:35 pm
Location - România

Post by Cleo » Sun May 02, 2021 6:15 pm

xxvirusxx

?

Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)


User avatar
Active Member

Posts

Joined
Wed Mar 09, 2011 5:19 am

Post by xxvirusxx » Sun May 02, 2021 6:16 pm

Isn't that file used to display 404 error page?

LE. And what is circkel ?

My converted modules | Buy me a beer | Opencart upgrade service


User avatar
Expert Member

Posts

Joined
Tue Jul 17, 2012 10:35 pm
Location - România

Post by Cleo » Sun May 02, 2021 6:21 pm

@xxvirusxx

Which file?
Sorry if I don't understand but I've been searching and trying different thing since 14h yesterday and it's 6:20 right now so I must be little tired,

Cleo

Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)


User avatar
Active Member

Posts

Joined
Wed Mar 09, 2011 5:19 am

Post by xxvirusxx » Sun May 02, 2021 6:22 pm

File not found public_html/image/error_404.php

My converted modules | Buy me a beer | Opencart upgrade service


User avatar
Expert Member

Posts

Joined
Tue Jul 17, 2012 10:35 pm
Location - România

Post by Cleo » Sun May 02, 2021 6:27 pm

@xxvirusxx

Sorry I posted a reply and it's not there, yes error_404.php used to show the 404 not found page,

Circle is the directory that they told us to create a while ago on the post More security for your site or something like that, there is only an .htaccess file in it with the rule "Deny from all".

Regards,
Cleo

Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)


User avatar
Active Member

Posts

Joined
Wed Mar 09, 2011 5:19 am

Post by xxvirusxx » Sun May 02, 2021 6:37 pm

Host support made changes again?

Like in this topic
viewtopic.php?f=20&t=223561&p=819904#p819868

You can ask them.

LE. if you load your website/something will display 404 opencart error page.
And only when you load website/circkel will display that message.
Cleo wrote:
Sun May 02, 2021 6:27 pm
Circle is the directory that they told us to create a while ago
Host support?

My converted modules | Buy me a beer | Opencart upgrade service


User avatar
Expert Member

Posts

Joined
Tue Jul 17, 2012 10:35 pm
Location - România

Post by Cleo » Sun May 02, 2021 6:44 pm

I'm not talking to them anymore, there are only operators and it's always a different one that is answering and each one have a different answer.

When they contact their supplier (Cpanel) as they say there was I new folder on my site Tests, I asked them who created it and the guy who answer said it's probably Cpanel to make some test, you can delete it, which I did.

And when I write again to let them know that the errors were not showing again, the one who replied said: It's because you deleted the folder Tests which is referring to a sub-domain test, recreate it and delete the sub-domain :(

I delete everything but it didn't fix the problem it just created new ones.

Regards,

Cleo

Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)


User avatar
Active Member

Posts

Joined
Wed Mar 09, 2011 5:19 am

Post by Cleo » Sun May 02, 2021 6:48 pm

The circle directory was suggest in that post many years ago.

viewtopic.php?f=179&t=130853

Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)


User avatar
Active Member

Posts

Joined
Wed Mar 09, 2011 5:19 am

Post by Cleo » Sun May 02, 2021 6:51 pm

This is the part referring to image folder
Put a .htacces in your /image folder with:

Options +FollowSymlinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpeg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.png$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.gif$
RewriteRule ^(.+)$ /circkel/ [NC]

What does this do?
If a hacker would be able to get a .php file in your image folder he would not be able to execute this via his browser,
he will see:
Forbidden
You don't have permission to access /catalog/controller/account/account.php on this server.
I have it since that time and never have any problem.

Regards,

Cleo

Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)


User avatar
Active Member

Posts

Joined
Wed Mar 09, 2011 5:19 am

Post by xxvirusxx » Sun May 02, 2021 6:55 pm

In your circkel you have an .htaccess with only Deny from all content?

My converted modules | Buy me a beer | Opencart upgrade service


User avatar
Expert Member

Posts

Joined
Tue Jul 17, 2012 10:35 pm
Location - România

Post by Cleo » Sun May 02, 2021 6:57 pm

Yes

Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)


User avatar
Active Member

Posts

Joined
Wed Mar 09, 2011 5:19 am

Post by Cleo » Sun May 02, 2021 6:59 pm

It also protects all sub-folders (cache with 777, log with 77 etc.)
The useless index.html in these folders you then can remove.

Create a map called "circkel" in your store root.
Put a .htaccess file in there with:

Deny from all

Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)


User avatar
Active Member

Posts

Joined
Wed Mar 09, 2011 5:19 am

Post by xxvirusxx » Sun May 02, 2021 7:02 pm

Weird.

Should display You don't have permission to access this resource.

My converted modules | Buy me a beer | Opencart upgrade service


User avatar
Expert Member

Posts

Joined
Tue Jul 17, 2012 10:35 pm
Location - România

Post by Cleo » Sun May 02, 2021 7:05 pm

Well it used to show the big 404 error page but now it is showing
www.lesbricollesdecleo.com199.119.75.230Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0/image/

Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)


User avatar
Active Member

Posts

Joined
Wed Mar 09, 2011 5:19 am

Post by Cleo » Sun May 02, 2021 7:11 pm

A few things change after the change Apache for Litespeed, but after they fix a few things it was ok, never have problem or error on my side.

I know that the page with the 404 error is from Litespeed, maybe that why the message of the error page is not showing anymore?

Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)


User avatar
Active Member

Posts

Joined
Wed Mar 09, 2011 5:19 am

Post by Cleo » Sun May 02, 2021 7:14 pm

My site has been made like this 10 years ago and I never had any problem with cpanel before, it started about 3 weeks ago without any change on my side.

I only asked support why the error were not showing anymore and everyone who answer start making changes on the server, in my .htaccess file, removed my .htaccess file completely and I end up with lots of errors and problem.

And they keep saying that the problem are from my .htaccess file which I didn't change, but they did made change to it, but since I made a restore of the whole site to a date prior to everyone playing with my files everything should be ok. But I have no idea what they did on the server side.

Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)


User avatar
Active Member

Posts

Joined
Wed Mar 09, 2011 5:19 am

Post by xxvirusxx » Sun May 02, 2021 7:19 pm

If you have Litespeed try to clear the cache from Cpanel.
Theoretically should display You don't have permission to access this resource. if you add an htaccess with Deny from all in any folder.

My converted modules | Buy me a beer | Opencart upgrade service


User avatar
Expert Member

Posts

Joined
Tue Jul 17, 2012 10:35 pm
Location - România

Post by Cleo » Sun May 02, 2021 7:24 pm

Ok thanks I will look at it.

But what I find to be very strange is that if I block an IP address in Cpanel it will write the same in both .htaccess file, the one in public_html and the one in the image folder!

Code: Select all

<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 45.156.184.40
deny from 216.244.66.226

Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0
PHP: 7.3 (ea-php73)


User avatar
Active Member

Posts

Joined
Wed Mar 09, 2011 5:19 am
Who is online

Users browsing this forum: Google [Bot] and 45 guests