Malware Signatures

  1. Home
  2. Malware Signatures
  3. htaccess.backdoor.evil-enabler.001


This .htaccess rule is a malware accomplice, used to tell your webserver which file extension should be executed as a cgi-script. It is not a malware per-se, but it should be treat as an alert and further investigated.


Any Apache based web server hosting vulnerable software or with compromised credentials.


Review your .htaccess rules and remove any rule similar to the dump below and look for files with the cgi-script extension that you do not recognize.


Options FollowSymLinks MultiViews Indexes ExecCGI
AddType application/x-httpd-cgi .evil
AddHandler cgi-script .evil
AddHandler cgi-script .evil