Malware Signatures

  1. Home
  2. Malware Signatures
  3. htaccess.hacktool.cgi.001

htaccess.hacktool.cgi.001

This malware category is related to malicious code hidden inside of the the server configuration file .htaccess For example, additional handler can be found in such infected .htaccess file which enables processing of various non-standard file extensions as cgi script. Files with these extensions could be e.g. tools for hacking cPanel written in various scripting languages such as Python or Perl.
This .htaccess rule is a malware accomplice, used to tell your webserver which file extension should be executed as a cgi-script. It is not a malware per-se, but it should be treat as an alert and further investigated.

Affecting

Any Apache based web server hosting vulnerable software or with compromised credentials.

Cleanup

Review your .htaccess rules and remove any rule similar to the dump below and look for files with the cgi-script extension that you do not recognize.

Dump

Options +ExecCGI
AddHandler cgi-script .py