Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
So the crazy weird login in failure I posted about a few months ago has been solved. Now, I have to say that I have spent months wracking my brain about it and finally, last night, I realized what is happening, and I am unsettled and a bit confused about how it is happening.
A new folder, called 'login' is appearing in the public folder. This login folder has an .htaccess file that is the issue, removing it has solved the problem, login works great as expected and is working on the test servers, and so forth. So this live server is running a version of cpanel, this folder as re-appeared last night after all the changes I made to the server. It seems as though something is trying to do an injection of some type. has anyone else experienced this kind of thing?
Check with that host and see if they generate search a folder.
Probably not, but also ask if there has been issues with other users of the cpanel.
And perhaps time to find a different host.
Edit:
I have seen many host that will have a default index file but usually not a .htaccess file.
@jlrdw thank you for the suggestion - and if anyone else who has this problem is using third party hosting, that would be good advice which is why I am choosing as best answer for typical situations. For this scenario - this server is administered by a partner - not a traditional paid for hosting scenario. We covered all the bases and I have confidence that no process either of us is injecting, we looked closely at every single FTP account. If anything is actually being injected - it would be coming from an outside source and that is the crux of the matter - because I follow best practices for security on that server so I was concerned about making sure all threats are mitigated. Whatever it was did not repeat again thus far, which is good.
Please or to participate in this conversation.