Ariadnetheweaver Posted October 7, 2010 Posted October 7, 2010 I had pretty much all of these installed, and my site got hacked yesterday. I got no warning emails, and the site simply says "HacKeD By TeaM MosTa AlgeriaN HackEr TeaM MosTa I want Say FucK Secur!Ty To be not to be Tnks Alahe Contact3 M3 In : [email protected] " Thankfully I have a full backup, if I can get the thing uploaded again without stress like last time!
germ Posted October 7, 2010 Posted October 7, 2010 If you are referring to the site listed in your profile, read on... Visit the link below: How to Secure Your Site Pay close attention to "SECURING THE ADMIN" - Yours is vulnerable. It's easier to do a few security fixes now than to clean up a hacked store later. And if you don't secure the admin your shop will be hacked (again). It's just a question of when... :o If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Halcyon56 Posted November 3, 2010 Posted November 3, 2010 After installing SecurityPro and carefully following all instructions I get the following error, either when trying to run/install the SecurityPro_install.php file or just when I try to acces my oscommerce store: Fatal error: Call to a member function add_current_page() on a non-object in /home/graficai/public_html/estore/includes/application_top.php on line 332 Line 332 reads as follows: $navigation->add_current_page(); Any help will be appreciated. TIA
lextech Posted November 5, 2010 Posted November 5, 2010 I had pretty much all of these installed, and my site got hacked yesterday. I got no warning emails, and the site simply says "HacKeD By TeaM MosTa AlgeriaN HackEr TeaM MosTa I want Say FucK Secur!Ty To be not to be Tnks Alahe Contact3 M3 In : [email protected] " Thankfully I have a full backup, if I can get the thing uploaded again without stress like last time! This guy just got me today. I watched him do it, I WAS ONLINE. The hackers are from www.v4-team.com which is an arab security site apparently. RC2.2a
garyljohnson Posted November 5, 2010 Posted November 5, 2010 I see that this post started in 2008. It is now 2010 I am having problems now in 2010. Have these issues been addressed by E-Commerce? I see that the file manager is still here. Has the security issue been address?
redskins2010 Posted November 11, 2010 Posted November 11, 2010 I cannot find the folder to password protect my public_html
kingsbottle Posted November 11, 2010 Posted November 11, 2010 Lots of people ask this all too often, especially after they think they've been hacked, so the answers are all here. You can prevent any injection attacks with Security Pro http://addons.oscommerce.com/info/5752 You can monitor sites for unauthorised changes with SiteMonitor http://addons.oscommerce.com/info/4441 You can block elicit access attempts with IP trap http://addons.oscommerce.com/info/5914 You can add htaccess protection http://addons.oscommerce.com/info/6066 You can stop Cross Site Scripting attacks with Anti XSS http://addons.oscommerce.com/info/6044 Also make sure that all files, except for the two configure.php files have permissions no higher than 644. The permissions for the two configure.php files will vary according to the server your site is on - it could be 644, 444 or 400 which is correct. Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change hosts. You can add http://addons.oscommerce.com/info/6134 to assist with permission settings. Do it now, avoid getting that nasty addition to your listings in google: 'This site might damage your computer' Or find all your customers data has been posted on a hackers bulletin board somewhere, etc etc Update Sep. 09 The following addresses issues that have arisen or were not mentioned since this post was placed: SECURING THE ADMIN: You must take steps to secure your admin, by re-naming & password protection. There is also a issue with hacks, read Jan's thread here. FILEMANAGER: It has long been known the filemanger is a security risk & should, nay MUST be removed, if used for editing your site it is likely to damage your files, so is a bad utility to keep anyway, see here. Its also been known its a possible hacking route & to make matters worse there now exists a very nasty hack that uses filemanger to gain access to your site ( dbase included!! ) Use a normal editor such as html-kit or notepad++ after downloading all your files to your PC with ftp such as filezilla. To remove filemanger: Delete file_manager.php from catalog/admin open admin/includes/boxes/tools.php and delete the line: '<a href="' . tep_href_link(FILENAME_FILE_MANAGER) . '" class="menuBoxContentLink">' . BOX_TOOLS_FILE_MANAGER . '</a><br>' . It is also known that admin/define_language.php is vulnerable to the same hacks as filemanger, so should also be removed. BACKUPS: To be safe you should make backups of your dBase and site files, saves a great deal of time & effort cleaning up should anything nasty happen. I recommend you use AutoBackup Database in Admin AND Database backup manager also Backup of all store files in zip format. INSTALLATION: If you are unsure about installing these contributions this thread should help you. FORMS: Security Pro cleans the query string, however any forms using $_POST are un-affected, if you have any forms using the post method you would be advised to do the following on pages accepting $_POST vars. after: require('includes/application_top.php'); add: // clean posted vars reset($_POST); while (list($key, $value) = each($_POST)) { if (!is_array($_POST[$key])) { $_POST[$key] = preg_replace("/[^ a-zA-Z0-9@%:{}_.-]/i", "", urldecode($_POST[$key])); } else { unset($_POST[$key]); } // no arrays expected } This does not allow for arrays, additional code is needed if they are used. Hi, In the description below: "Finally:- catalog/includes/application_top.php Find ... // set the application parameters $configuration_query = tep_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION); while ($configuration = tep_db_fetch_array($configuration_query)) { define($configuration['cfgKey'], $configuration['cfgValue']); } Add directly BELOW ... XXXXXX" What's the meaning of "add directly BELOW..." ? before, after, or cover the part of "FIND..." in RED?
kingsbottle Posted November 11, 2010 Posted November 11, 2010 Lots of people ask this all too often, especially after they think they've been hacked, so the answers are all here. You can prevent any injection attacks with Security Pro http://addons.oscommerce.com/info/5752 You can monitor sites for unauthorised changes with SiteMonitor http://addons.oscommerce.com/info/4441 You can block elicit access attempts with IP trap http://addons.oscommerce.com/info/5914 You can add htaccess protection http://addons.oscommerce.com/info/6066 You can stop Cross Site Scripting attacks with Anti XSS http://addons.oscommerce.com/info/6044 Also make sure that all files, except for the two configure.php files have permissions no higher than 644. The permissions for the two configure.php files will vary according to the server your site is on - it could be 644, 444 or 400 which is correct. Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change hosts. You can add http://addons.oscommerce.com/info/6134 to assist with permission settings. Do it now, avoid getting that nasty addition to your listings in google: 'This site might damage your computer' Or find all your customers data has been posted on a hackers bulletin board somewhere, etc etc Update Sep. 09 The following addresses issues that have arisen or were not mentioned since this post was placed: SECURING THE ADMIN: You must take steps to secure your admin, by re-naming & password protection. There is also a issue with hacks, read Jan's thread here. FILEMANAGER: It has long been known the filemanger is a security risk & should, nay MUST be removed, if used for editing your site it is likely to damage your files, so is a bad utility to keep anyway, see here. Its also been known its a possible hacking route & to make matters worse there now exists a very nasty hack that uses filemanger to gain access to your site ( dbase included!! ) Use a normal editor such as html-kit or notepad++ after downloading all your files to your PC with ftp such as filezilla. To remove filemanger: Delete file_manager.php from catalog/admin open admin/includes/boxes/tools.php and delete the line: '<a href="' . tep_href_link(FILENAME_FILE_MANAGER) . '" class="menuBoxContentLink">' . BOX_TOOLS_FILE_MANAGER . '</a><br>' . It is also known that admin/define_language.php is vulnerable to the same hacks as filemanger, so should also be removed. BACKUPS: To be safe you should make backups of your dBase and site files, saves a great deal of time & effort cleaning up should anything nasty happen. I recommend you use AutoBackup Database in Admin AND Database backup manager also Backup of all store files in zip format. INSTALLATION: If you are unsure about installing these contributions this thread should help you. FORMS: Security Pro cleans the query string, however any forms using $_POST are un-affected, if you have any forms using the post method you would be advised to do the following on pages accepting $_POST vars. after: require('includes/application_top.php'); add: // clean posted vars reset($_POST); while (list($key, $value) = each($_POST)) { if (!is_array($_POST[$key])) { $_POST[$key] = preg_replace("/[^ a-zA-Z0-9@%:{}_.-]/i", "", urldecode($_POST[$key])); } else { unset($_POST[$key]); } // no arrays expected } This does not allow for arrays, additional code is needed if they are used. After install as the instruction, then "Go into admin>configuration>FWR Security Pro and turn it on .. (set to true)" but, the problem is that I don't find "FWR Security Pro" on the list, why?
♥mdtaylorlrim Posted November 11, 2010 Posted November 11, 2010 After install as the instruction, then "Go into admin>configuration>FWR Security Pro and turn it on .. (set to true)" but, the problem is that I don't find "FWR Security Pro" on the list, why? Because you missed part of the installation instructions in Security Pro. The part where you add the link code to the 'menu.' Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...?
alouijdane Posted November 13, 2010 Posted November 13, 2010 Warning: I am able to write to the configuration file: ..../visioimpact/marcom/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. Bonjour,puisque mon hébergeur "free.fr" "ce serveur ne prend pas en charge la modification des autorisations de fichiers" j'arrive pas à changer les permissions est ce qu'il y a une solution pour corriger l'erreur (j'ai déjà entrer a filemanager" merci d'avance. translate in english Hello, I have a hosting "free.fr" "this server does not support changing file permissions" I can not change the permissions is there a solution to correct the mistake (i had already come filemanager) I Thanks in advance.
FIMBLE Posted November 13, 2010 Posted November 13, 2010 Warning: I am able to write to the configuration file: ..../visioimpact/marcom/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. Bonjour,puisque mon hébergeur "free.fr" "ce serveur ne prend pas en charge la modification des autorisations de fichiers" j'arrive pas à changer les permissions est ce qu'il y a une solution pour corriger l'erreur (j'ai déjà entrer a filemanager" merci d'avance. translate in english Hello, I have a hosting "free.fr" "this server does not support changing file permissions" I can not change the permissions is there a solution to correct the mistake (i had already come filemanager) I Thanks in advance. have'nt you posted this onthe forum elsewhere ? Sure i have already seen it. Sometimes you're the dog and sometimes the lamp post [/url] My Contributions
altereco Posted November 19, 2010 Posted November 19, 2010 Hello, I do not see FWR Security Pro when I am in my admin>configuration therefore cannot set it to true. Is there something I need to do differently? Thanks!
♥mdtaylorlrim Posted November 19, 2010 Posted November 19, 2010 Hello, I do not see FWR Security Pro when I am in my admin>configuration therefore cannot set it to true. Is there something I need to do differently? Thanks! You must have missed part of the installation instructions. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...?
altereco Posted November 19, 2010 Posted November 19, 2010 "Because you missed part of the installation instructions in Security Pro. The part where you add the link code to the 'menu.' " I am still not seeing where to do this in the directions... Sorry if this is so dull, could you please point out to me where I am missing this? Thank you
♥mdtaylorlrim Posted November 19, 2010 Posted November 19, 2010 "Because you missed part of the installation instructions in Security Pro. The part where you add the link code to the 'menu.' " I am still not seeing where to do this in the directions... Sorry if this is so dull, could you please point out to me where I am missing this? Thank you Ignore my stupid statement above... Which version os osC and Security Pro are you using? If the sql statement completed correctly then it should be there. Run this sql in phpMyAdmin and see how many rows you get returned. SELECT * FROM `configuration` WHERE `configuration_group_id` = '544' Is there a Security Pro specific topic in the Add-Ons forum and post your problem there? Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...?
altereco Posted November 19, 2010 Posted November 19, 2010 I just ran it and it returned an empty results set (which I am guessing is not good)
♥FWR Media Posted November 19, 2010 Posted November 19, 2010 Why are you posting here? Security Pro has a support topic .. http://www.oscommerce.com/forums/topic/293326-contribution-security-pro-querystring-protection-against-hackers/ if the settings aren't in admin then you haven't run the installer. Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work.
♥mdtaylorlrim Posted November 19, 2010 Posted November 19, 2010 I just ran it and it returned an empty results set (which I am guessing is not good) Correct. It means the installation was not successful. Thanks to FWR Media for providing the support link. I couldn't find it earlier... Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...?
♥mdtaylorlrim Posted November 20, 2010 Posted November 20, 2010 Correct. It means the installation was not successful. Thanks to FWR Media for providing the support link. I couldn't find it earlier... Or could. I don't see where you are posting in the support thread yet... Use phpMyAdmin and look in the Configuration_group table and see what the group id is for FWR Security Pro. If it is not 544 like we used in the query earlier substitute your correct group_id in the query and see if the install added the necessary information to the database. If it still returns an empty result or if your group_id is 544 like mine then your install was not successful and needs to be run again... BUT, go to the support thread and post there. Looks like FWR Media does not want to help you here. He is the expert so you should go and ask there. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...?
drillsar Posted December 3, 2010 Posted December 3, 2010 I would suggest everyone scan there site or sites with a PCI Compliance scan, the scan will look for vulnerabilities that you may have overlooked. make sure though you add there ip address to the whitelist or your firewall. I would also suggest the following if your running your own server: Disable Root account and use SUDO instead ( I wont tell you how to do this just google it) use SFTP instead of FTP and block port 21 using iptables or something like that Delete CGI-Bin Directory Create an unprivileged host user id to run the Apache server, I see so many people dont do this example Apache passwd –l Apache To be sure the account is locked, issue the command: #grep Apache /etc/shadow …a :!: at the beginning of the line indicates that the password is locked. Issue this command to remove the shell for this account: # usermod –s /bin/false Apache To be sure the account is locked, issue the command: # grep Apache /etc/passwd …/bin/false at the end of the line indicates that the shell is set to a non-existent shell. Test the web server account to be sure you can’t login. Issue this command to try to log in: > login Apache Modules to disable Generally, the following modules make it easier to configure/support your web server but also give too much information to attackers. We recommend that you disable the following default modules for your production server: info: gives out too much information about your web server to potential attackers. status: gives out server stats via web pages autoindex: provides directory listings when no index.html file is present imap: provides server-side mapping of index files include: provides server-side includes (.shtml files) userdir: translates URLs to user-specific directories auth: you won’t need it – you’ll set up authentication against LDAP via mod_ldap Enable Auth_Ldap ServerTokens Prod ServerSignature Off Remove the Apache Manual theres alot more but most likey you will get hacked if you dont do the steps.
Reza55 Posted December 4, 2010 Posted December 4, 2010 I was in attack, I deleted all data and resore a fresh and clean one, then I installed security pro and sitemonitor, but AGAIN I'm under attack ... /admin/customers.php/login.php /admin/orders.php/login.php /admin/categories.php/login.php it's new way? anybody can help me? temporary I changed admin folder name.
Kalani Posted December 5, 2010 Posted December 5, 2010 Nothing's wrong with osC, it's your hosting server security issues, if you're serious in E-commerce, you should consider to get a dedicated server with all up to date patched and pass PCI compliance. If your site is hosting on a share server, it most likely get hack very easily.
drillsar Posted December 5, 2010 Posted December 5, 2010 Are you on a host? If so I would look into a new host, I can give you some suggestion on a host if you private message me, most likely your host isnt secured or if your running your own server its not configured right.
Pondpig Posted December 5, 2010 Posted December 5, 2010 Hi guys, please go easy on me as i am such a n00b! I added this into my .htaccess in my catalog folder.. and i got an internal error, then added it into my admin and did the same. any ideas why.. the instructions are very basic :( RewriteEngine on php_flag register_globals off SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots Deny from env=block_bad_bots # Redirect index.php to domain.com RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/ RewriteRule ^index\.php$ http://www.site.co.uk/ [R=301,L] # Redirect domain.com to www.domain.com RewriteCond %{HTTP_HOST} ^site.co.uk [NC] RewriteRule ^(.*)$ http://www.site.co.uk/$1 [L,R=301] RewriteBase / # filter for most common exploits RewriteCond %{HTTP_USER_AGENT} libwww-perl [OR] RewriteCond %{QUERY_STRING} tool25 [OR] RewriteCond %{QUERY_STRING} cmd.txt [OR] RewriteCond %{QUERY_STRING} cmd.gif [OR] RewriteCond %{QUERY_STRING} r57shell [OR] RewriteCond %{QUERY_STRING} c99 [OR] # ban spam bots RewriteCond %{HTTP_USER_AGENT} almaden [OR] RewriteCond %{HTTP_USER_AGENT} ^Anarchie [OR] RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [OR] RewriteCond %{HTTP_USER_AGENT} ^attach [OR] RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [OR] RewriteCond %{HTTP_USER_AGENT} ^BackWeb [OR] RewriteCond %{HTTP_USER_AGENT} ^Bandit [OR] RewriteCond %{HTTP_USER_AGENT} ^BatchFTP [OR] RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:[email protected] [OR] RewriteCond %{HTTP_USER_AGENT} ^Buddy [OR] RewriteCond %{HTTP_USER_AGENT} ^bumblebee [OR] RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [OR] RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] RewriteCond %{HTTP_USER_AGENT} ^CICC [OR] RewriteCond %{HTTP_USER_AGENT} ^Collector [OR] RewriteCond %{HTTP_USER_AGENT} ^Copier [OR] RewriteCond %{HTTP_USER_AGENT} ^Crescent [OR] RewriteCond %{HTTP_USER_AGENT} ^Custo [OR] RewriteCond %{HTTP_USER_AGENT} ^DA [OR] RewriteCond %{HTTP_USER_AGENT} ^DIIbot [OR] RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR] RewriteCond %{HTTP_USER_AGENT} ^DISCo\ Pump [OR] RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR] RewriteCond %{HTTP_USER_AGENT} ^Download\ Wonder [OR] RewriteCond %{HTTP_USER_AGENT} ^Downloader [OR] RewriteCond %{HTTP_USER_AGENT} ^Drip [OR] RewriteCond %{HTTP_USER_AGENT} ^DSurf15a [OR] RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR] RewriteCond %{HTTP_USER_AGENT} ^EasyDL/2.99 [OR] RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR] RewriteCond %{HTTP_USER_AGENT} email [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR] RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR] RewriteCond %{HTTP_USER_AGENT} ^FileHound [OR] RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR] RewriteCond %{HTTP_USER_AGENT} FrontPage [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR] RewriteCond %{HTTP_USER_AGENT} ^GetSmart [OR] RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR] RewriteCond %{HTTP_USER_AGENT} ^gigabaz [OR] RewriteCond %{HTTP_USER_AGENT} ^Go\!Zilla [OR] RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR] RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR] RewriteCond %{HTTP_USER_AGENT} ^gotit [OR] RewriteCond %{HTTP_USER_AGENT} ^Grabber [OR] RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR] RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR] RewriteCond %{HTTP_USER_AGENT} ^grub-client [OR] RewriteCond %{HTTP_USER_AGENT} ^HMView [OR] RewriteCond %{HTTP_USER_AGENT} ^HTTrack [OR] RewriteCond %{HTTP_USER_AGENT} ^httpdown [OR] RewriteCond %{HTTP_USER_AGENT} .*httrack.* [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} ^Indy*Library [OR] RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR] RewriteCond %{HTTP_USER_AGENT} ^InternetLinkagent [OR] RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR] RewriteCond %{HTTP_USER_AGENT} ^InternetSeer.com [OR] RewriteCond %{HTTP_USER_AGENT} ^Iria [OR] RewriteCond %{HTTP_USER_AGENT} ^JBH*agent [OR] RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR] RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR] RewriteCond %{HTTP_USER_AGENT} ^JustView [OR] RewriteCond %{HTTP_USER_AGENT} ^larbin [OR] RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR] RewriteCond %{HTTP_USER_AGENT} ^LexiBot [OR] RewriteCond %{HTTP_USER_AGENT} ^lftp [OR] RewriteCond %{HTTP_USER_AGENT} ^Link*Sleuth [OR] RewriteCond %{HTTP_USER_AGENT} ^likse [OR] RewriteCond %{HTTP_USER_AGENT} ^Link [OR] RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [OR] RewriteCond %{HTTP_USER_AGENT} ^Mag-Net [OR] RewriteCond %{HTTP_USER_AGENT} ^Magnet [OR] RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR] RewriteCond %{HTTP_USER_AGENT} ^Memo [OR] RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR] RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR] RewriteCond %{HTTP_USER_AGENT} ^Mirror [OR] RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Indy [OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla*MSIECrawler [OR] RewriteCond %{HTTP_USER_AGENT} ^MS\ FrontPage* [OR] RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [OR] RewriteCond %{HTTP_USER_AGENT} ^MSIECrawler [OR] RewriteCond %{HTTP_USER_AGENT} ^MSProxy [OR] RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR] RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR] RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR] RewriteCond %{HTTP_USER_AGENT} ^NetMechanic [OR] RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR] RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR] RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [OR] RewriteCond %{HTTP_USER_AGENT} ^Ninja [OR] RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR] RewriteCond %{HTTP_USER_AGENT} ^Openfind [OR] RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR] RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR] RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR] RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR] RewriteCond %{HTTP_USER_AGENT} ^Ping [OR] RewriteCond %{HTTP_USER_AGENT} ^PingALink [OR] RewriteCond %{HTTP_USER_AGENT} ^Pockey [OR] RewriteCond %{HTTP_USER_AGENT} ^psbot [OR] RewriteCond %{HTTP_USER_AGENT} ^Pump [OR] RewriteCond %{HTTP_USER_AGENT} ^QRVA [OR] RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR] RewriteCond %{HTTP_USER_AGENT} ^Reaper [OR] RewriteCond %{HTTP_USER_AGENT} ^Recorder [OR] RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR] RewriteCond %{HTTP_USER_AGENT} ^Scooter [OR] RewriteCond %{HTTP_USER_AGENT} ^Seeker [OR] RewriteCond %{HTTP_USER_AGENT} ^Siphon [OR] RewriteCond %{HTTP_USER_AGENT} ^sitecheck.internetseer.com [OR] RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR] RewriteCond %{HTTP_USER_AGENT} ^SlySearch [OR] RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR] RewriteCond %{HTTP_USER_AGENT} ^Snake [OR] RewriteCond %{HTTP_USER_AGENT} ^SpaceBison [OR] RewriteCond %{HTTP_USER_AGENT} ^sproose [OR] RewriteCond %{HTTP_USER_AGENT} ^Stripper [OR] RewriteCond %{HTTP_USER_AGENT} ^Sucker [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR] RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR] RewriteCond %{HTTP_USER_AGENT} ^Szukacz [OR] RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR] RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR] RewriteCond %{HTTP_USER_AGENT} ^URLSpiderPro [OR] RewriteCond %{HTTP_USER_AGENT} ^Vacuum [OR] RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR] RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[bb]andit [OR] RewriteCond %{HTTP_USER_AGENT} ^webcollage [OR] RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Downloader [OR] RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [OR] RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR] RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] RewriteCond %{HTTP_USER_AGENT} ^WebHook [OR] RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] RewriteCond %{HTTP_USER_AGENT} ^WebMiner [OR] RewriteCond %{HTTP_USER_AGENT} ^WebMirror [OR] RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR] RewriteCond %{HTTP_USER_AGENT} ^Website [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR] RewriteCond %{HTTP_USER_AGENT} ^Webster [OR] RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR] RewriteCond %{HTTP_USER_AGENT} WebWhacker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR] RewriteCond %{HTTP_USER_AGENT} ^Wget [OR] RewriteCond %{HTTP_USER_AGENT} ^Whacker [OR] RewriteCond %{HTTP_USER_AGENT} ^Widow [OR] RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR] RewriteCond %{HTTP_USER_AGENT} ^x-Tractor [OR] RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Xenu [OR] RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR] RewriteCond %{HTTP_USER_AGENT} ^Zeus RewriteRule ^.* - [F,L] RewriteCond %{HTTP_REFERER} ^http://www.site.co.uk$ RewriteRule !^http://[^/.]\.site.co.uk.* - [F,L] BAN IP NUMBERS, ALL OF TURKEY <Limit GET PUT POST> order allow,deny # ban domains deny from .br.geocities.com # ban entire country ~ Turkey deny from 62.29.0.0/17 deny from 62.56.128.0/22 deny from 62.85.128.0/19 deny from 62.108.64.0/19 deny from 62.113.0.0/19 deny from 62.184.58.0/27 deny from 62.185.166.64/26 deny from 62.184.178.96/29 deny from 62.186.77.0/26 deny from 62.201.192.0/18 deny from 62.229.128.0/24 deny from 62.229.130.0/24 deny from 62.244.192.0/18 deny from 62.248.0.0/17 deny from 64.18.138.0/24 deny from 64.28.128.0/20 deny from 65.182.7.0/24 deny from 66.178.5.0/24 deny from 66.178.52.0/24 deny from 66.205.36.0/22 deny from 69.30.204.0/23 deny from 80.71.128.0/20 deny from 80.88.138.224/27 deny from 80.88.141.160/27 deny from 80.251.0.0/20 deny from 80.251.32.0/20 deny from 81.6.64.0/18 deny from 81.8.0.0/17 deny from 81.21.160.0/20 deny from 81.22.97.0/24 deny from 81.31.193.224/29 deny from 81.31.195.112/29 deny from 81.31.195.136/29 deny from 81.31.195.216/30 deny from 81.31.196.172/30 deny from 81.31.197.16/29 deny from 81.31.197.64/30 deny from 81.31.197.128/30 deny from 81.31.198.152/29 deny from 81.31.198.216/29 deny from 81.31.199.72/29 deny from 81.31.199.140/30 deny from 81.31.199.160/29 deny from 81.31.200.64/29 deny from 81.31.200.76/30 deny from 81.212.0.0/14 deny from 82.145.224.0/19 deny from 82.151.128.0/19 deny from 82.222.0.0/16 deny from 83.66.0.0/16 deny from 83.166.48.0/28 deny from 84.11.37.192/26 deny from 84.17.64.0/19 deny from 84.44.0.0/17 deny from 84.51.0.0/18 deny from 85.96.0.0/12 deny from 85.153.0.0/16 deny from 85.158.96.0/21 deny from 85.159.64.0/21 deny from 85.235.64.0/24 deny from 86.108.128.0/17 Deny from 88.240.0.0/16 deny from 139.179.0.0/16 deny from 144.122.0.0/16 deny from 155.223.0.0/16 deny from 160.75.0.0/16 deny from 161.9.0.0/16 deny from 168.139.0.0/16 deny from 192.70.133.0/23 deny from 192.129.87.0/24 deny from 192.160.21.0/24 deny from 193.23.156.0/24 deny from 193.25.124.0/23 deny from 193.41.2.0/23 deny from 193.42.216.0/24 deny from 193.95.0.0/17 deny from 193.108.213.0/24 deny from 193.109.134.0/23 deny from 193.110.170.0/23 deny from 193.110.208.0/21 deny from 193.140.0.0/16 deny from 193.178.218.0/24 deny from 193.188.198.0/23 deny from 193.192.96.0/19 deny from 193.201.149.192/26 deny from 193.201.157.0/25 deny from 193.218.113.0/24 deny from 193.218.200.0/24 deny from 193.219.208.0/30 deny from 193.220.68.0/24 deny from 193.243.192.0/19 deny from 193.254.228.0/23 deny from 193.254.252.0/23 deny from 193.255.0.0/16 deny from 194.9.174.0/24 deny from 194.24.224.0/23 deny from 194.27.0.0/16 deny from 194.29.208.0/21 deny from 194.54.32.0/19 deny from 194.67.205.0/23 deny from 194.69.206.0/24 deny from 194.117.97.172/30 deny from 194.117.110.80/28 deny from 194.117.113.72/30 deny from 194.117.114.4/30 deny from 194.117.118.40/30 deny from 194.117.119.4/32 deny from 194.117.119.18/32 deny from 194.117.119.20/32 deny from 194.117.119.22/32 deny from 194.117.119.24/32 deny from 194.117.119.27/32 deny from 194.117.119.34/32 deny from 194.117.119.53/32 deny from 194.117.119.55/32 deny from 194.117.119.58/32 deny from 194.117.119.61/32 deny from 194.117.119.73/32 deny from 194.117.119.76/32 deny from 194.117.119.80/32 deny from 194.117.119.86/32 deny from 194.117.119.93/31 deny from 194.117.119.96/32 deny from 194.117.119.99/31 deny from 194.117.119.108/32 deny from 194.117.120.15/32 deny from 194.117.120.114/32 deny from 194.117.120.233/32 deny from 194.117.121.30/32 deny from 194.117.121.70/32 deny from 194.117.121.96/32 deny from 194.117.121.101/32 deny from 194.117.121.168/32 deny from 194.117.121.192/31 deny from 194.117.121.217/32 deny from 194.125.232.0/22 deny from 194.126.230.0/24 deny from 194.133.65.0/24 deny from 194.133.160.0/20 deny from 194.133.240.0/23 deny from 194.133.251.0/24 deny from 194.133.253.0/28 deny from 194.133.255.0/24 deny from 194.242.32.0/24 deny from 195.8.109.0/24 deny from 195.33.192.0/18 deny from 195.39.224.0/23 deny from 195.46.128.0/19 deny from 195.49.216.0/21 deny from 195.64.128.0/18 deny from 195.74.32.0/19 deny from 195.75.202.0/26 deny from 195.75.202.128/25 deny from 195.75.222.0/28 deny from 195.75.222.24/29 deny from 195.75.222.160/27 deny from 195.75.236.0/28 deny from 195.75.236.96/29 deny from 195.75.236.112/28 deny from 195.75.238.0/25 deny from 195.79.199.192/29 deny from 195.79.204.192/27 deny from 195.85.242.0/24 deny from 195.85.255.0/24 deny from 195.87.0.0/16 deny from 195.112.128.0/19 deny from 195.112.160.16/30 deny from 195.112.166.12/30 deny from 195.112.166.52/30 deny from 195.112.166.60/30 deny from 195.112.166.68/29 deny from 195.112.166.80/30 deny from 195.128.32.0/21 deny from 195.128.254.0/23 deny from 195.137.222.0/23 deny from 195.140.196.0/22 deny from 195.142.0.0/16 deny from 195.149.85.0/24 deny from 195.149.116.0/24 deny from 195.155.0.0/16 deny from 195.174.0.0/15 deny from 195.177.206.0/23 deny from 195.177.230.0/23 deny from 195.183.236.192/26 deny from 195.212.230.0/24 deny from 195.212.244.8/29 deny from 195.213.69.144/28 deny from 195.214.128.0/18 deny from 195.234.165.0/24 deny from 195.242.122.0/23 deny from 195.244.32.0/19 deny from 195.245.227.0/24 deny from 195.254.128.0/19 deny from 196.3.132.0/20 deny from 196.29.64.0/19 deny from 196.32.32.0/19 deny from 196.203.0.0/16 deny from 199.89.210.0/24 deny from 200.3.176.0/21 deny from 200.9.216.0/24 deny from 200.108.0.0/19 deny from 201.238.64.0/18 deny from 209.94.192.0/19 deny from 212.2.192.0/19 deny from 212.12.128.0/19 deny from 212.15.0.0/19 deny from 212.21.197.240/29 deny from 212.29.64.0/18 deny from 212.31.0.0/19 deny from 212.33.0.0/19 deny from 212.45.64.0/19 deny from 212.48.224.0/19 deny from 212.50.32.0/19 deny from 212.57.0.0/19 deny from 212.58.0.0/19 deny from 212.63.170.168/30 deny from 212.63.172.212/30 deny from 212.63.172.224/30 deny from 212.63.180.0/30 deny from 212.63.180.8/30 deny from 212.63.180.16/30 deny from 212.63.180.28/30 deny from 212.63.180.40/29 deny from 212.63.180.56/30 deny from 212.63.180.68/30 deny from 212.63.180.84/30 deny from 212.63.180.92/30 deny from 212.63.180.108/29 deny from 212.63.180.120/29 deny from 212.63.180.200/30 deny from 212.64.192.0/19 deny from 212.65.128.0/19 deny from 212.79.96.0/22 deny from 212.79.122.0/23 deny from 212.98.0.0/19 deny from 212.98.192.0/18 deny from 212.101.96.0/19 deny from 212.108.128.0/19 deny from 212.109.96.0/19 deny from 212.109.224.0/19 deny from 212.115.0.0/19 deny from 212.125.0.0/19 deny from 212.127.96.0/19 deny from 212.133.128.0/17 deny from 212.146.128.0/17 deny from 212.154.0.0/17 deny from 212.156.0.0/16 deny from 212.174.0.0/15 deny from 212.252.0.0/15 deny from 213.14.0.0/16 deny from 213.31.190.48/28 deny from 213.31.223.144/28 deny from 213.43.0.0/16 deny from 213.62.14.64/26 deny from 213.62.40.192/26 deny from 213.74.0.0/16 deny from 213.138.0.0/19 deny from 213.139.192.0/18 deny from 213.143.224.0/19 deny from 213.144.96.0/19 deny from 213.148.64.0/19 deny from 213.150.160.0/19 deny from 213.153.128.0/17 deny from 213.155.96.0/19 deny from 213.159.32.0/19 deny from 213.161.128.0/19 deny from 213.181.38.192/26 deny from 213.186.128.0/19 deny from 213.194.64.0/18 deny from 213.202.0.0/19 deny from 213.204.64.0/18 deny from 213.208.3.192/29 deny from 213.208.39.0/24 deny from 213.209.169.144/29 deny from 213.232.0.0/18 deny from 213.236.32.0/19 deny from 213.238.128.0/18 deny from 213.243.0.0/18 deny from 213.248.128.0/18 deny from 213.254.128.0/19 deny from 216.139.188.192/27 deny from 217.17.144.0/20 deny from 217.21.68.0/22 deny from 217.23.110.96/27 deny from 217.31.224.0/19 deny from 217.64.144.0/20 deny from 217.64.208.0/20 deny from 217.68.208.0/20 deny from 217.77.241.113/32 deny from 217.77.241.218/32 deny from 217.77.242.169/32 deny from 217.77.246.192/30 deny from 217.131.0.0/16 deny from 217.138.38.248/29 deny from 217.169.192.0/20 deny from 217.173.157.128/28 deny from 217.173.157.192/27 deny from 217.173.158.64/27 deny from 217.174.32.0/20 deny from 217.174.224.0/20 deny from 217.194.135.160/28 deny from 217.195.192.0/20 # Ban a few extra ips deny from 81.169.137.114 deny from 74.53.46.98 deny from 75.126.134.16 deny from 203.194.159.159 deny from 203.196.161.116 deny from 201.72.166.36 deny from 212.65.64.19 deny from 212.12.114.142 deny from 212.241.213.57 deny from 219.95.39.53 deny from 209.200.253.165 deny from 201.72.166.36 deny from 213.203.223.25 deny from 66.249.67.86 deny from 200.140.15.3 deny from 83.11.204.75 deny from 83.11.202.74 deny from 83.11.241.28 deny from 83.240.152.23 deny from 83.217.84.73 deny from 83.145.82.134 deny from 85.108.245.115 deny from 61.222.92.150 deny from 24.83.72.98 deny from 59.94.170.4 allow from all </Limit> # deny most common except .php <FilesMatch "\.(inc|tpl|h|ihtml|sql|ini|conf|class|bin|spd|theme|module|exe)$"> deny from all </FilesMatch> # Disable .htaccess viewing from browser <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy All </Files> # Disable access to config.php <Files ~ "includes\configure.php$"> deny from all </Files> FORCE TYPE <Files site> ForceType application/x-httpd-php </Files>
♥mdtaylorlrim Posted December 5, 2010 Posted December 5, 2010 Use the # as the first character of a line to comment out the line. You can find your errors this way. You have some text that is obviously comments but the do not have a # Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.