1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Giveaway htaccess Protection

Discussion in 'Other Scripting Languages' started by west555, Oct 31, 2014.

  1. west555

    west555 Regular Member

    Joined:
    Dec 4, 2011
    Messages:
    326
    Likes Received:
    130
    Location:
    /etc/passwd
    First of all am sorry if am posting in wrong place (Someone please move to correct section if am wrong)

    Anyway before i was into marketing things i was doing "pentesting" so when i moved to marketing first thing i wanted to make sure my sites are safe
    so i compiled a little protection via htaccess against most known attacks .
    PHP:
    ########## Begin - Rewrite rules to block out Known exploits and hacking methods
    ## If you experience problems on your site block out the operations listed below


    RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F,L]

    RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'
    |"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
    RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]

    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} http\: [NC,OR]
    RewriteCond %{QUERY_STRING} https\: [NC,OR]
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"
    |\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F,L]

    Order allow,deny
    Deny from all

    Options All 
    -Indexes

    RewriteEngine on
    RewriteCond 
    %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
    #RewriteRule \.(gif|jpg|png)$ http://www.yourdomain.com/donnotsteal.gif [R,L]

    <files .htaccess>
    order allow,deny
    deny from all

    ServerSignature Off

    <files configure.php>
    order allow,deny
    deny from all
    </files>

    RewriteCond %{QUERY_STRINGproc/self/environ [OR]
    RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]

    This works best with Wordpress sites but it will also work with any other site if you have permissions to mess with htaccess

    NOTE : this will not protect website against attacks like DOS,DDOS, Buffer and stack overflow
    Its protection for standard things like xss,sqlinjection, RFI,LFI and similar
     
    • Thanks Thanks x 4
  2. lord1027

    lord1027 Elite Member

    Joined:
    Sep 20, 2013
    Messages:
    3,174
    Likes Received:
    2,222
    I'm no expert in htaccess, this looks good for newbies like me. BTW, could you recommend a good guide about htaccess, I find it more and more useful but I do not have much knowledge in the field.
     
  3. west555

    west555 Regular Member

    Joined:
    Dec 4, 2011
    Messages:
    326
    Likes Received:
    130
    Location:
    /etc/passwd

    Am not expert also i learned mainly things i needed from it,
    if u want to learn more about it i recommend this one http://www.javascriptkit.com/howto/htaccess.shtml
    its the most detailed one i had (i have some other guides somewhere on my hdd but they not for posting here coz of what they explain )
     
  4. Codepro

    Codepro Newbie

    Joined:
    Dec 20, 2014
    Messages:
    2
    Likes Received:
    0
    Location:
    UK
    Thank you for the htacess me and my brother where going to make a wordpress and we where looking for a good one.