Darksat IT Security Forums
May 24, 2017, 07:24:40 pm
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Darksat IT Security Forum
From Firewall Support, AntiVirus Questions, Spyware problems, Linux and Windows Security, Black Hat SEO right down to Website Design and Multimedia
 
  Home Help Search Gallery Links Staff List Login Register  

Using htaccess to stop hacking attempts


Pages: [1]
  Print  
Author Topic: Using htaccess to stop hacking attempts  (Read 2338 times)
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« on: February 23, 2011, 07:11:15 am »

If you want to increase the security level of your website, you can chuck these few lines of codes to prevent some common hacking techniques by detecting malicious URL patterns.
Code:
RewriteEngine On
 
# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
 
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
 
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
 
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
 
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
 
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
 
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]






Source
http://forum.joomla.org/viewtopic.php?p=2193205
Report Spam   Logged

Social Buttons

Defcon 5
Master
*****
Posts: 2410



View Profile WWW
« Reply #1 on: October 18, 2011, 03:01:39 am »

Never even considered being hacked through htaccess, can't really think of any sites that actually take data from the url without going through XSS functions etc.
Report Spam   Logged

Pages: [1]
  Print  
 
Jump to:  

Powered by EzPortal
eXTReMe Tracker
Security Forum
Bookmark this site! | Upgrade This Forum
SMF For Free - Create your own Forum

Buy traffic for your forum/website
traffic-masters
Powered by SMF | SMF © 2016, Simple Machines
Page created in 0.078 seconds with 10 queries.