On a website I have, I do a nightly CRON job to see which of my files have been modified and then back them up to a different server. Yesterday, I saw that a bunch of my .htacess files were “modified”. I put modified in quotes because they were definitely re-saved as per the modification date. However, upon inspecting them, none of them were actually changed. Is there any reason for this behavior on the end of my hosting provider for example? Or, is this an indication that my site may have been compromised?
Well, it turns out that my hosting provider in-fact had to make a search/replace in all of our .htaccess files as the default version of php has been changed on our server. So…sorry to have wasted anyone’s time on this. However, for those who don’t do nightly checks for files modified, perhaps I can use this as a public service announcement to consider it? There’s even an excellent Sitepoint article on the concept:
Thanks for the plug in the last line! I’m glad that you’re using the updated version of the code AND leaving the $ext array empty so all files are examined. Great pick-up on the .htaccess files and making your host admit to their tampering (for a valid reason).