058-008 & 009 - HTACCESS & Errors »  Show posts from    to     

Icy Phoenix


Old Patches - 058-008 & 009 - HTACCESS & Errors



Mighty Gorgon [ Tue 29 Aug, 2006 10:09 ]
Post subject: 058-008 & 009 - HTACCESS & Errors
Hi all.

For all that cannot set REGISTER_GLOBALS to OFF, I've created this HTACCESS that may block hacking via RFI (Remote File Injection).

HTACCESS modification requires Apache Rewrite Engine set to ENABLED to work and is not needed for those who have REGISTER_GLOBALS set to OFF.

Here is the part to insert in your HTACCESS in the root of your site:

Code: [Hide] [Select]
##################################
# Block Hacking Attempts - BEGIN #
##################################
##################################
# CONDITIONS
##################################
# STRICT CONDITION
#RewriteCond %{QUERY_STRING} ^.*(phpbb_root_path|album_root_path|module_root_path|mx_root_path|upi2db_file_path).*$
# LESS STRICT CONDITION
RewriteCond %{QUERY_STRING} ^.*(phpbb_root_path=|album_root_path=|module_root_path=|mx_root_path=|upi2db_file_path=).*$
##################################
# REWRITE
##################################
# FORBIDDEN
#RewriteRule ^.*$ - [F,L]
# REDIRECT TO LOCALHOST
RewriteRule ^.*$ http://127.0.0.1/ [redirect,last]
##################################
##################################
# Block Hacking Attempts - END #
##################################


This will redirect all hacking attempts using the most common known vars (these should be the only used in XS, if you install other mods, you may want to add even other vars) to localhost of the hacker.

I left commented the opportunity to generate an error that will be logged by XS errors function which I attach here the new file.

So here attached you will find:
  • Premodified standard XS HTACCESS
  • New ERRORS.PHP file (replace the old with this one)


The file errors.php it's indipendent from HTACCESS, so you should apply this patch even if you are not modifying your HTACCESS


Nizzle [ Tue 29 Aug, 2006 13:47 ]
Post subject: Re: 058-008 & 009 - HTACCESS & Errors
you've put my part in that .htacces :mrg:

btw..
is there a site you can redirect them to..
which will let them crash or something
was thinking to redirect them to my own site
then they'll find the .htacces again
redirect again

bringing them into a loop
which makes them useless..

is there a site like that? :mrg:


Lucky [ Tue 29 Aug, 2006 14:13 ]
Post subject: Re: 058-008 & 009 - HTACCESS & Errors
I have set REGISTER_GLOBALS to OFF. I don't need to change the .htaccess file ... I can leave original .htaccess !

But I must change the errors file.

I's all right ?


Lucky [ Tue 29 Aug, 2006 14:23 ]
Post subject: Re: 058-008 & 009 - HTACCESS & Errors
In phpbb-seo they have suggest to me to make these change in .htaccess

1)

Move
Code: [Hide]
  1. #make sure the whole site goes to www.mysite.com  
  2. #instead of mysite.com. This is good for the search engines  
  3. #Edit and uncomment the below lines for your own site.  
  4. RewriteCond %{HTTP_HOST} ^mysite.org  
  5. RewriteRule (.*) http://www.mysite.com/$1 [R=301,L]  
  6.  


between

RewriteEngine On

and

RewriteBase /


2)

put [L] at the end of every RewriteRule

More details about this discussion you can find HERE

What do you think about it ?


Mighty Gorgon [ Thu 31 Aug, 2006 01:37 ]
Post subject: Re: 058-008 & 009 - HTACCESS & Errors
Nizzle wrote: [View Post]
you've put my part in that .htacces :mrg:

btw..
is there a site you can redirect them to..
which will let them crash or something
was thinking to redirect them to my own site
then they'll find the .htacces again
redirect again

bringing them into a loop
which makes them useless..

is there a site like that? :mrg:

Great idea... we can buy a domain and do it! Then we will sell banners... :lol_flag:

Lucky wrote: [View Post]
I have set REGISTER_GLOBALS to OFF. I don't need to change the .htaccess file ... I can leave original .htaccess !

But I must change the errors file.

I's all right ?

Right! :wink:

Lucky wrote: [View Post]
In phpbb-seo they have suggest to me to make these change in .htaccess

...

What do you think about it ?

Yes it does make sense... :wink:


Nizzle [ Thu 31 Aug, 2006 18:12 ]
Post subject: Re: 058-008 & 009 - HTACCESS & Errors
got a new spammer site thingy..

Code: [Hide]
  1. 1awm.com 


hpl [ Sat 02 Sep, 2006 10:44 ]
Post subject: Re: 058-008 & 009 - HTACCESS & Errors
this is ok for Aruba??...


Mighty Gorgon [ Sat 02 Sep, 2006 13:22 ]
Post subject: Re: 058-008 & 009 - HTACCESS & Errors
hpl wrote: [View Post]
this is ok for Aruba??...

Yes... it is working here.


Nizzle [ Mon 04 Sep, 2006 21:20 ]
Post subject: Re: 058-008 & 009 - HTACCESS & Errors
today I've found yet some others..

Code: [Hide]
  1. RewriteCond %{HTTP_REFERER} ^(.*)alcotour.com(.*)$ [OR]  
  2. RewriteCond %{HTTP_REFERER} ^(.*)goldadornment.com(.*)$ [OR]  
  3. RewriteCond %{HTTP_REFERER} ^(.*)mifec.org(.*)$ [OR]  
  4. RewriteCond %{HTTP_REFERER} ^(.*)1awm.com(.*)$ [OR]  
  5. RewriteCond %{HTTP_REFERER} ^(.*)toruc.org(.*)$ [OR] 


all from the same damn site


fracs [ Tue 19 Sep, 2006 09:06 ]
Post subject: Re: 058-008 & 009 - HTACCESS & Errors
My error log:

script '/home/cosenzau/cosenzaunited.org/html/errors.php' not found or unable to stat, referer: http://www.cosenzaunited.org/forum/...=quote&p=490842

and more of this.


Mighty Gorgon [ Wed 20 Sep, 2006 00:37 ]
Post subject: Re: 058-008 & 009 - HTACCESS & Errors
fracs wrote: [View Post]
My error log:

script '/home/cosenzau/cosenzaunited.org/html/errors.php' not found or unable to stat, referer: http://www.cosenzaunited.org/forum/...=quote&p=490842

and more of this.

It seems you are missing that file... or you may have to set a different path to errors.php... :roll:

Do you have your forum in a subfolder?


fracs [ Wed 20 Sep, 2006 08:13 ]
Post subject: Re: 058-008 & 009 - HTACCESS & Errors
error.php is in root of forum /forum/error.php, /html/ is root of the site...

0: [client 66.249.65.xxx] PHP Fatal error: Call to undefined function: session_pagestart() in /home/cosenzau/cosenzaunited.org/html/errors.php on line 49
1: [client 66.249.65.xxx] PHP Warning: main(): Failed opening './common.' for inclusion (include_path='.:/usr/share/pear') in /home/cosenzau/cosenzaunited.org/html/errors.php on line 24
2: [client 66.249.65.xxx] PHP Warning: main(./common.): failed to open stream: No such file or directory in /home/cosenzau/cosenzaunited.org/html/errors.php on line 24
3: [client 66.249.65.xxx] PHP Notice: Undefined variable: phpEx in /home/cosenzau/cosenzaunited.org/html/errors.php on line 24
4: [client 66.249.65.xxx] PHP Warning: main(): Failed opening './extension.inc' for inclusion (include_path='.:/usr/share/pear') in /home/cosenzau/cosenzaunited.org/html/errors.php on line 23
5: [client 66.249.65.xxx] PHP Warning: main(./extension.inc): failed to open stream: No such file or directory in /home/cosenzau/cosenzaunited.org/html/errors.php on line 23


Nizzle [ Sat 23 Sep, 2006 14:40 ]
Post subject: Re: 058-008 & 009 - HTACCESS & Errors
Mighty Gorgon wrote: [View Post]
Nizzle wrote: [View Post]
you've put my part in that .htacces :mrg:

btw..
is there a site you can redirect them to..
which will let them crash or something
was thinking to redirect them to my own site
then they'll find the .htacces again
redirect again

bringing them into a loop
which makes them useless..

is there a site like that? :mrg:

Great idea... we can buy a domain and do it! Then we will sell banners... :lol_flag:


you'd get a shitload of visitors :mrg:
put it in the default .htacces for XS and you'll get even more :mro:




Powered by Icy Phoenix