surrfman Posted April 17, 2013 Posted April 17, 2013 Opening the .htaccess files, I see a hash tag at start of every line in file. Is this normal or has someone (hacker) messed with the file(s)? If so should i clean them up or remove and generate new? What problems could I run into deleting & going with new files? Thanks a bunch, Timmy C
MrPhil Posted April 17, 2013 Posted April 17, 2013 That (#) is a comment. .htaccess files are often shipped with all the likely commands you'll need, but commented out. It's up to you to uncomment (remove #) from those commands you need, or add new ones. As for your particular copy, you can always compare it to a fresh copy from the installation .zip file.
surrfman Posted April 17, 2013 Author Posted April 17, 2013 Ok.. I'll try the comparing trail and see what shakes out. I knew the # commented out, i mispoke, Seemed kinda not right, every single line commented out?
Jack_mcs Posted April 17, 2013 Posted April 17, 2013 If the comments are not needed, I suggest deleting them all. The htacess file has to be loaded with each request and while the parsing is quick and comments are ignored, a smaller file always loads faster than a large one. If there isn't anything in the file other than comments, then you should delete the file itself since that will increase load time. There are things that should be in the .htaccess file so deleting it is usually not an option but not all sites are setup as they should be. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
MrPhil Posted April 18, 2013 Posted April 18, 2013 Well, some developers like to provide a fully commented-out .htaccess (or php.ini) as an example. So, it's not so weird. However, as Jack points out, it is a minor performance hit, since the file has to be read at every page access (actually, all .htaccess files from the root on down to the final subdirectory the page is in, get read and processed). Getting rid of unused lines is not a bad idea (and if none are used, getting rid of the whole file). Note that /.htaccess (the site root) cannot be deleted, even if it's empty.
Jack_mcs Posted April 18, 2013 Posted April 18, 2013 If an .htaccess file is present in the site root directory, the code on the server searches back to the server root. It has to do that to compare the server settings to ensure that any commands in the site root do not violate the servers settings. Phil - why do you say the site root's .htaccess file can't be deleted? It is not required. I've ran across many sites that don't have one. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
MrPhil Posted April 18, 2013 Posted April 18, 2013 Every server I've ever seen running Apache will create an empty /.htaccess if you delete the file. An empty /.htaccess is fine. If you don't see the file, perhaps the server/control panel is hiding files that start with "."?
Jack_mcs Posted April 18, 2013 Posted April 18, 2013 OK. I looked it up out of curiosity and according to the apache docs, it says in the "when not to use" section, The use of .htaccess files can be disabled completely by setting the AllowOverride directive to none:So it might be that the sites I've seen without an .htaccess file is on servers with that option off. Though I don't see how that is possible since oscommerce shops have .htaccess files elsewhere, like the includes directory. But it is probably a non-issue since a shop should have an .htaccess file in the root nowadays for redirecting the home page url, banning ip's and the like. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
♥mattjt83 Posted April 18, 2013 Posted April 18, 2013 Interesting from the Apache docs... You should avoid using .htaccess files completely if you have access to httpd main server config file. Using .htaccess files slows down your Apache http server. Any directive that you can include in a .htaccess file is better set in a Directory block, as it will have the same effect with better performance. http://httpd.apache.org/docs/2.2/howto/htaccess.html Matt
surrfman Posted April 19, 2013 Author Posted April 19, 2013 I'm really confused... Understanding is that .htaccess files are necessary and part of the OSCommerce package? I can understand writing a "covers all file" and simply commenting out those items not needed, how does one know what gets commented or deleted. What happens if the files were deleted from an up and running shop? I got hacked earlier this week and have removed all the malicious code, going file by file. Changed all my usernames and passwords from hosting to ftp client to admin of shop. So the question remains, what maintenance is needed to the .htaccess and .htpasswords files? is there some sort of IP trap add-on? I am considering the Site Lock deal. seems like it takes care of several issues? @@Jack_mcs Thanks guys for your knowldege, it's really appreciated! Timmy C
Jack_mcs Posted April 20, 2013 Posted April 20, 2013 Every htaccess file is different, or could be, so there's no way to write one for all shops. For example, if your shop uses a url rewriter, it may need rules stated in that file. The htaccess file in your admin directory, if there is one, is totally different than those elsewhere and is required. If you delete it, or the one in the includes directory, you open your shop wide to hackers. Security isn't managed through this file, though there are commands you can put in it that will help. There is an IP trap addon and I will be releasing a new addon soon that will do that and more. But that won't catch all security problems. There are threads here that describe the various things you can do for that, though I don't agree with all of the changes mentioned. I stronly suggest you install the SiteMonitor addon because if you do get hacked, it will save you a lot of time in repairing the shop. egarding SiteLock, I am not familiar with that other than to know it exists. If it is not costly, then it may be worth it. But the shop can be secured without that. Even if you have to pay someone to secure it, it would be a one-time cost so it may be a better option over SiteLock, which, I assume, is not a one-time cost. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
surrfman Posted April 20, 2013 Author Posted April 20, 2013 @@Jack_mcs... Wow, that IP Trap addon is really slick! Installe dthe SiteMonitor addon, but it's a no show in the admin panel. I have renamed my admin folder, is there something that needs to change in the SM's coding to understand the changed admin folder? Thanks a bunch, Timmy C
Jack_mcs Posted April 21, 2013 Posted April 21, 2013 If you have a standard admin and installed SiteMonitor correctly, there's isn't anything else needed. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
surrfman Posted April 21, 2013 Author Posted April 21, 2013 Would the mindsparx admin addon cause an issue?
surrfman Posted April 21, 2013 Author Posted April 21, 2013 @@Jack_mcs... Figured him out! Need to place the line include(DIR_WS_BOXES . 'sitemonitor.php'); in the admin/includes/header.php file, then Site Monitor is happy! Thanks again for your dedication! Timmy C
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.