Cant delete infected htaccess file

[smeko]

Hi all,

I have a web hosting shared server and while i was scanning the users for any infected file using imunifyAV i noticed one htaccess file is infected.

I tried deleting this file but when i rescan this user i see that this file exist yet, even though it was deleted before. It seem like it is generated from another script maybe.
The script within this infected htaccess file is as below:

Options FollowSymLinks MultiViews Indexes ExecCGI

AddType application/x-httpd-cgi .cl4

AddHandler cgi-script .cl4
AddHandler cgi-script .cl4

I tried changin the premissions of this file and delete it again but it didnt work.

Hope you will help me handling this.

Thanks

Silvi

 

[kodeslogic]

Have you confirmed with your hosting provider that the htaccess file has the correct ownership, if you are using the shred using?

If you have root access to the server then you should make sure that the ownership of the htaccess file is the username of the cPanel account.

 

[cPRex]

Good points, @kodeslogic :D

 

[smeko]

Hi, i am administrator of this shared server but i am facing this problem for the first time.
How can i check ownership of this file and make changes?

Silvi

 

[smeko]

Hi again,

I checked that the owner is the cpanel user frow which im trying to delete this file:
Output as below:
-rw-rw-r-- 1 username username 153 Dec 11 2013 .htaccess

So why i dont have access anyway

Silvi

 

[cPRex]

If that is the correct cPanel username I would expect you to be able to manipulate that file. It's possible there are special permissions on that file and you could check that by running this:

lsattr .htaccess

One interesting thing I found is that .cl4 files are data files created and handled by the Easy CD Creator software tool, which primarily gets used in Windows. I wouldn't expect that to be found on a Linux server, and it's definitely not something I'd expect to be created by default.

You mentioned you are the admin - do you have root access to WHM or only access to the one user on the machine? If you have root access to the entire system, you're always welcome to submit a support ticket to our team so we can take a look. If not, speaking with your hosting provider about this would be the best way to get more details on what may be happening.