we've got a few sites using the same cms and we keep getting hacked which we're looking at now.
Problem is its taking a while and its really hard to find all the compromised database entries quickly.
In the meantime how can we stop requests to external servers with htaccess?
ie if there's a request to an external domains script that contains ".ru" block?
any help would be much appreciated!!!
best, Dan.
ok found this article which has methods to do this;
http://stopmalvertising.com/security/securing-your-website-with-htaccess/Page-4.html
even five a list of other notorious robots to block;
##############################################################
# stop the hacks!
# useragents starting with
RewriteCond %{HTTP_USER_AGENT} ^atraxbot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Azureus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^geohasher [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^PycURL [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Python-urllib [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^research-scan-bot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Sosospider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^xenu [NC,OR]
# user agent contains string
RewriteCond %{HTTP_USER_AGENT} ^.*onmult.ru [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*casper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*goblox [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*sun4u [NC]
RewriteRule ^(.*)$ - [F]
best, Dan.
Related
I recently came across several cloud based services image scraping my website and had to block them based on their User Agent string.
However this would be very inefficient if I had to check my logs on a regular basis to find out who they are and add them to the htaccess block list.
After investigations it transpired that these bots all have user agent strings less than about 12 characters e.g. "moe".
So I was looking for a way to block user agents based on the length of the UA string. But of course you cannot perform calculations in htaccess.
So I came up with the following:
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{12}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{11}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{10}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{9}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{8}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{7}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{6}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{5}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{4}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{3}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{2}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{1}$ [NC]
RewriteRule .*\.(js|ico|gif|jpg|png|swf|rm|mov|mpg|mpeg)$ xxxxx/hotlink.gif [F,NC,L]
I would appreciate any feedback on this if I have missed any likely characters that could be used by UA or if anyone can see any problems with this approach.
I do have all the other usual image hotlinking in place.
This is to prevent cloud services hotlinking to images from newsletters.
Thanks in advance.
how do i redirect users to my mobile page ?
i am using this code on htaccess
RewriteEngine on
RewriteCond %{QUERY_STRING} !^desktop
RewriteCond %{HTTP_USER_AGENT} "android|blackberry|googlebot-mobile|iemobile|iphone|ipod|#opera mobile|palmos|webos" [NC]
RewriteCond %{HTTP_USER_AGENT} "acs|alav|alca|amoi|audi|aste|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "dang|doco|eric|hipt|inno|ipaq|java|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|opwv" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "palm|pana|pant|pdxg|phil|play|pluc|port|prox|qtek|qwap|sage|sams|sany" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|w3cs|wap-|wapa|wapi" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "wapp|wapr|webc|winw|winw|xda|xda-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "up.browser|up.link|windowssce|iemobile|mini|mmp" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "symbian|midp|wap|phone|pocket|mobile|pda|psp" [NC]
RewriteRule ^$ http://example.com/mobile [L,R=302]
it works for only if i go to site.com it will redirect me to http://example.com/mobile
but i want it to be like, even if i go to http://example.com/page1.php or any other pages it should redirect me to http://example.com/mobile for all mobile users.
please help me with this
Well, just change
RewriteRule ^$ http://example.com/mobile [L,R=302]
to
RewriteRule ^/?(.*)$ http://example.com/mobile [L,R=302]
or maybe
RewriteRule ^/?(.*)$ http://example.com/mobile/$1 [L,R=302,QSA]
To redirect to a different hostname (sometimes called a "subdomain"), as asked in the comment below, you can do that:
RewriteRule ^/?(.*)$ http://m.example.com/$1 [L,R=302,QSA]
And a general remark: I think a http-301 does make more sense than a http-302 for this situation...
Ok! Now changing the question after digging out some more.
I found out this code so far and when I'm using it, the website hosting server is showing something like Internal server error
This is the txt version of my .htaccess file.
http://www.crosshacks.tk/htaccess.txt
Someone pls help me out.
Please create a new question instead of editing the old one. Edit is not for creating entirely new questions.
Anyways. You were missing a few spaces.
RewriteBase /
RewriteEngine on
RewriteCond %{QUERY_STRING} (^|&)m=0(&|$)
RewriteRule ^ - [CO=mredir:0:www.crosshacks.tk]
RewriteCond %{HTTP:x-wap-profile} !^$ [OR]
RewriteCond %{HTTP:Profile} !^$ [OR]
RewriteCond %{HTTP_USER_AGENT} "acs|alav|alca|amoi|audi|aste|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "dang|doco|eric|hipt|inno|ipaq|java|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|opwv" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "palm|pana|pant|pdxg|phil|play|pluc|port|prox|qtek|qwap|sage|sams|sany" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|w3cs|wap-|wapa|wapi" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "wapp|wapr|webc|winw|winw|xda|xda-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "up.browser|up.link|windowssce|iemobile|mini|mmp" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "symbian|midp|wap|phone|pocket|mobile|pda|psp" [NC]
RewriteCond %{HTTP_USER_AGENT} !macintosh [NC]
RewriteCond %{HTTP_HOST} !^m\.
RewriteCond %{QUERY_STRING} !(^|&)m=0(&|$)
RewriteCond %{HTTP_COOKIE} !^.*mredir=0.*$ [NC]
RewriteRule ^ http://m.crosshacks.tk [R,L]
I have the following htaccess file. This will redirect users to m.website.com when a mobile device is detected. This works, however, when people visit the mobile website on m.website.com they have the option to switch to desktop view (if they prefer). When they clicked on desktop view they will be send to www.website.com (which at this point sends them back to m.website.com) but in this situation I like to keep them at the original website at www.website.com. Is there a way with the COOKIE that if a certain condition is met, they will be kept on the desktop website and if that condition is not met the redirect will occur?
RewriteEngine on
RewriteBase /
RewriteCond %{QUERY_STRING} (^|&)m=0(&|$)
RewriteRule ^ - [CO=mredir:0:www.website.com]
RewriteCond %{HTTP:x-wap-profile} !^$ [OR]
RewriteCond %{HTTP:Profile} !^$ [OR]
RewriteCond %{HTTP_USER_AGENT} "acs|alav|alca|amoi|audi|aste|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "dang|doco|eric|hipt|inno|ipaq|java|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|opwv" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "palm|pana|pant|pdxg|phil|play|pluc|port|prox|qtek|qwap|sage|sams|sany" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|w3cs|wap-|wapa|wapi" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "wapp|wapr|webc|winw|winw|xda|xda-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "up.browser|up.link|windowssce|iemobile|mini|mmp" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "symbian|midp|wap|phone|pocket|mobile|pda|psp" [NC]
RewriteCond %{HTTP_USER_AGENT} !macintosh [NC]
RewriteCond %{HTTP_HOST} !^m\.
RewriteCond %{QUERY_STRING} !(^|&)m=0(&|$)
RewriteCond %{HTTP_COOKIE} !^.*mredir=0.*$ [NC]
RewriteRule ^ http://m.website.com [R,L]
Here is an example of $_POST data from paypal's IPN:
cmd=_notify-validate
&test_ipn=1
&payment_type=instant
&payment_date=18%3A49%3A30+Nov+01%2C+2010+PDT
&payment_status=Completed
&address_status=unconfirmed
&payer_status=unverified
&first_name=John
&last_name=Smith
&payer_email=buyer
%40paypalsandbox.com
&payer_id=TESTBUYERID01
&address_name=John+Smith
&address_country=United+States
&address_country_code=US
&address_zip=95131
&address_state=CA
&address_city=San+Jose
&address_street=123%2C+any+street
&business=seller%40paypalsandbox.com
&receiver_email=seller%40paypalsandbox.com
&receiver_id=TESTSELLERID1
&residence_country=US
&item_name=something
&item_number=AK-1234
&quantity=1
&shipping=3.04
&tax=2.02
&mc_currency=USD
&mc_fee=0.44
&mc_gross=10
&mc_gross_1=10
&txn_type=web_accept
&txn_id=30112149
¬ify_version=2.1
&custom=10points
&charset=windows-1252
&verify_sign=AFcWxV21C7Zyy8mw-cdzleMW.oxFXxXE
When I try to send this with my .htaccess file I get an 403 error.
.htaccess:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)(<|>|’|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{HTTP_COOKIE} ^.*(<|>|’|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|”>|”<|/|\\\.\.\\).{0,9999}.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|scan).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|’|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(;|<|>|’|”|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*\.[A-Za-z0-9].* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(<|>|’|%0A|%0D|%27|%3C|%3E|%00).* [NC]
RewriteRule .* - [F]
How do I change the .htaccess file to make it allow the $_POST data?
You can enable logging on the rewrite engine. (Just for debugging.) You will see the exact rule where is dies.
Possibly this line:
RewriteCond %{QUERY_STRING} ^.*\.[A-Za-z0-9].* [NC,OR]
I believe that is matching on any full stop following by an alpha-numeric character in the query string. Seems like that would fail requests like "shipping=3.04"
Found the sinner:
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]