1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. This forum has been archived. New threads and replies may not be made. All add-ons/resources that are active should be migrated to the Resource Manager. See this thread for more information.

.htaccess protection

Discussion in 'Tips and Guides [Archive]' started by Cory Booth, Dec 31, 2010.

  1. Cory Booth

    Cory Booth Well-Known Member

    So I had a few sites running on e107 (e107.org).
    They were a victim of a massive attack and many sites (including mine) were hacked.
    I actually lost all my e107 AND VB files (along with my file-based attachments - grrrrrr) since the hacker got to my root and hit rm -r or whatever.
    I ran across this in the conversations back and forth and I thought I'd share it.
    I'm no expert on .htaccess and expressions, but if it seems worth-while - let me know too :)
    ########## Begin - Rewrite rules to block out some common exploits
    ## If you experience problems on your site block out the operations listed below
    ## This attempts to block the most common type of exploit attempts
    # proc/self/environ? no way!
    RewriteCond %{QUERY_STRINGproc\/self\/environ [OR]
    # Block out any script trying to set a mosConfig value through the URL
    RewriteCond %{QUERY_STRINGmosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
    # Block out any script trying to base64_encode crap to send via URL
    RewriteCond %{QUERY_STRINGbase64_encode.*\(.*\) [OR]
    # Block out any script that includes a <script> tag in URL
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    # Block out any script trying to set a PHP GLOBALS variable via URL
    RewriteCond %{QUERY_STRINGGLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    # Block out any script trying to modify a _REQUEST variable via URL
    RewriteCond %{QUERY_STRING_REQUEST(=|\[|\%[0-9A-Z]{0,2})
    # Send all blocked request to homepage with 403 Forbidden error!
    RewriteRule ^(.*)$ index.php [F,L]
    ########## End - Rewrite rules to block out some common exploits
  2. lms

    lms Well-Known Member

    Thanks for info.

  3. Disrelation

    Disrelation Active Member

    Would this mean changing out "RewriteRule ^.*$ index.php [NC,L]" for "RewriteRule ^(.*)$ index.php [F,L]" or would I just keep them both?

    Thanks for this by the way!
  4. Ryan Kent

    Ryan Kent Well-Known Member

    Is copy/paste into .htaccess all we need to do? Which directories should we add this to plz?

Share This Page