"phantom" .htaccess - or - what does this message mean? <SOLVED>

7 posts / 0 new
Last post
#1 Sat, 09/07/2013 - 12:30
drori

"phantom" .htaccess - or - what does this message mean? <SOLVED>

My apache error_logs started having these lines about 2 weeks ago:

[Fri Sep 06 10:07:05 2013] [alert] [client 5.1.8.5] /.htaccess: deny requires at least two arguments, 'from' followed by hostnames or IP-address wildcards

(when this happens, The browser shows Error 500.)

These website runs wordpress.

I didn't find anything special in my .htaccess file, So I deleted it. i even deleted all .htaccess files in this virtual server, but the problem continued. I restarted apache2 afterwards, But the problem continues.

The problem stopped when I edited /etc/apache2/apache2.conf and replaced .htaccess filename definition there to some other non=existant name.

So i'm worried that there's "meta" .htaccess file or pseudo file somewhere in the system, which affects all other .htaccess somehow.

How comes? Is that possible? does it sound familiar?

Thank you!.

(my system is ubuntu 12, runs for over a year now, with only minor incidents)

Sun, 09/08/2013 - 07:43
Locutus

Is this line from the access log, or the error log? You said access log, but the line format doesn't appear to be Apache access log format... Can you post full excerpts from the access and error log at the time in question?

What is requested exactly at the time when that error occurs? Anything incorrect in the virtual server config file?

There's no "global" .htaccess file, they always are valid for the directory they are in, and its subdirectories.

Sun, 09/08/2013 - 12:04
jimdunn

Sometimes hackers will edit your .htaccess and remove the ORDER line to stop your site from loading.

[.htaccess]
Deny all

In this case, you would get the "client .htaccess deny requires at least two arguments" alert.

If you change the .htaccess file, adding the ORDER keyword, it should no longer alert.

[.htaccess]
Order allow,deny
Deny all

You can search the entire file system like this:

[code]# find / -name \.htaccess -print[/code]

Sun, 09/08/2013 - 17:03
drori

i had a small mistake: i meant error_log, not access_log

the error is seem to be triggered by accessing any page in the website.

all the .htaccess files on that wesite had "order deny, allow". or "order allow, deny" in them.

there is no .htaccess on the root dir, none at all, but the error still points to /.htacess

strage.

Mon, 09/09/2013 - 07:38
Mon, 09/09/2013 - 19:04 (Reply to #5)
drori

it could've been, if i had an .htaccess file at the website's root folder. but htere isn't.

also, their bug was fixed 1 year old. and i don't use that plugin anyway.

The main big question is, why apache gives an error about a file that doesn't exist.

Thu, 09/12/2013 - 21:13
drori

Someone who had access to root copied a malformed .htaccess to the server's root.

note! i meant the filesystem root of the machine, and not the website/virtual server. i.e. sudo rm /.htaccess

i mistakingly thought it's a virtualmin special settings, but it was not, just a wierd place for apache to look for files.

thank you for the support