Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How to secure your osCommerce 2.2 site.


spooks

Recommended Posts

Posted

I had pretty much all of these installed, and my site got hacked yesterday. I got no warning emails, and the site simply says

 

"HacKeD By TeaM MosTa AlgeriaN HackEr

 

TeaM MosTa

I want Say FucK Secur!Ty

To be not to be

Tnks Alahe

Contact3 M3 In : [email protected]

"

 

 

Thankfully I have a full backup, if I can get the thing uploaded again without stress like last time!

  • Replies 657
  • Created
  • Last Reply
Posted

If you are referring to the site listed in your profile, read on...

 

Visit the link below:

 

How to Secure Your Site

 

Pay close attention to "SECURING THE ADMIN" - Yours is vulnerable.

 

It's easier to do a few security fixes now than to clean up a hacked store later.

 

And if you don't secure the admin your shop will be hacked (again).

 

It's just a question of when...

:o

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

  • 4 weeks later...
Posted

After installing SecurityPro and carefully following all instructions I get the following error, either when trying to run/install the SecurityPro_install.php file or just when I try to acces my oscommerce store:

 

Fatal error: Call to a member function add_current_page() on a non-object in /home/graficai/public_html/estore/includes/application_top.php on line 332

 

Line 332 reads as follows:

 

$navigation->add_current_page();

 

Any help will be appreciated.

 

TIA

Posted

I had pretty much all of these installed, and my site got hacked yesterday. I got no warning emails, and the site simply says

 

"HacKeD By TeaM MosTa AlgeriaN HackEr

 

TeaM MosTa

I want Say FucK Secur!Ty

To be not to be

Tnks Alahe

Contact3 M3 In : [email protected]

"

 

 

Thankfully I have a full backup, if I can get the thing uploaded again without stress like last time!

 

This guy just got me today. I watched him do it, I WAS ONLINE. The hackers are from www.v4-team.com which is an arab security site apparently.

 

Screenshot2010-11-04at101955PM.png

RC2.2a

Posted

I see that this post started in 2008. It is now 2010 I am having problems now in 2010.

Have these issues been addressed by E-Commerce?

I see that the file manager is still here.

Has the security issue been address?

Posted

Lots of people ask this all too often, especially after they think they've been hacked, so the answers are all here.

 

You can prevent any injection attacks with Security Pro http://addons.oscommerce.com/info/5752

 

You can monitor sites for unauthorised changes with SiteMonitor http://addons.oscommerce.com/info/4441

 

You can block elicit access attempts with IP trap http://addons.oscommerce.com/info/5914

 

You can add htaccess protection http://addons.oscommerce.com/info/6066

 

You can stop Cross Site Scripting attacks with Anti XSS http://addons.oscommerce.com/info/6044

 

Also make sure that all files, except for the two configure.php files have permissions no higher than 644.

 

The permissions for the two configure.php files will vary according to the server your site is on - it could be 644, 444 or 400 which is correct.

 

Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change hosts.

 

You can add http://addons.oscommerce.com/info/6134 to assist with permission settings.

 

Do it now, avoid getting that nasty addition to your listings in google: 'This site might damage your computer'

Or find all your customers data has been posted on a hackers bulletin board somewhere, etc etc

 

Update Sep. 09

 

The following addresses issues that have arisen or were not mentioned since this post was placed:

 

SECURING THE ADMIN:

 

You must take steps to secure your admin, by re-naming & password protection. There is also a issue with hacks, read Jan's thread here.

 

FILEMANAGER:

 

It has long been known the filemanger is a security risk & should, nay MUST be removed, if used for editing your site it is likely to damage your files, so is a bad utility to keep anyway, see here. Its also been known its a possible hacking route & to make matters worse there now exists a very nasty hack that uses filemanger to gain access to your site ( dbase included!! )

 

Use a normal editor such as html-kit or notepad++ after downloading all your files to your PC with ftp such as filezilla.

 

To remove filemanger:

 

Delete file_manager.php from catalog/admin

 

open admin/includes/boxes/tools.php and delete the line:

 

'<a href="' . tep_href_link(FILENAME_FILE_MANAGER) . '" class="menuBoxContentLink">' . BOX_TOOLS_FILE_MANAGER . '</a><br>' .

 

It is also known that admin/define_language.php is vulnerable to the same hacks as filemanger, so should also be removed.

 

BACKUPS:

 

To be safe you should make backups of your dBase and site files, saves a great deal of time & effort cleaning up should anything nasty happen.

 

I recommend you use AutoBackup Database in Admin AND Database backup manager also Backup of all store files in zip format.

 

INSTALLATION:

 

If you are unsure about installing these contributions this thread should help you.

 

FORMS:

 

Security Pro cleans the query string, however any forms using $_POST are un-affected, if you have any forms using the post method you would be advised to do the following on pages accepting $_POST vars.

 

after:

 

require('includes/application_top.php');

add:

 
// clean posted vars
reset($_POST);
  while (list($key, $value) = each($_POST)) {
	   if (!is_array($_POST[$key])) {
		  $_POST[$key] = preg_replace("/[^ a-zA-Z0-9@%:{}_.-]/i", "", urldecode($_POST[$key]));
  		} else { unset($_POST[$key]); } // no arrays expected 
  }

 

This does not allow for arrays, additional code is needed if they are used.

 

Hi,

 

In the description below:

 

"Finally:-

 

catalog/includes/application_top.php

 

Find ...

 

// set the application parameters

$configuration_query = tep_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION);

while ($configuration = tep_db_fetch_array($configuration_query)) {

define($configuration['cfgKey'], $configuration['cfgValue']);

}

 

Add directly BELOW ...

 

XXXXXX"

 

What's the meaning of "add directly BELOW..." ? before, after, or cover the part of "FIND..." in RED?

Posted

Lots of people ask this all too often, especially after they think they've been hacked, so the answers are all here.

 

You can prevent any injection attacks with Security Pro http://addons.oscommerce.com/info/5752

 

You can monitor sites for unauthorised changes with SiteMonitor http://addons.oscommerce.com/info/4441

 

You can block elicit access attempts with IP trap http://addons.oscommerce.com/info/5914

 

You can add htaccess protection http://addons.oscommerce.com/info/6066

 

You can stop Cross Site Scripting attacks with Anti XSS http://addons.oscommerce.com/info/6044

 

Also make sure that all files, except for the two configure.php files have permissions no higher than 644.

 

The permissions for the two configure.php files will vary according to the server your site is on - it could be 644, 444 or 400 which is correct.

 

Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change hosts.

 

You can add http://addons.oscommerce.com/info/6134 to assist with permission settings.

 

Do it now, avoid getting that nasty addition to your listings in google: 'This site might damage your computer'

Or find all your customers data has been posted on a hackers bulletin board somewhere, etc etc

 

Update Sep. 09

 

The following addresses issues that have arisen or were not mentioned since this post was placed:

 

SECURING THE ADMIN:

 

You must take steps to secure your admin, by re-naming & password protection. There is also a issue with hacks, read Jan's thread here.

 

FILEMANAGER:

 

It has long been known the filemanger is a security risk & should, nay MUST be removed, if used for editing your site it is likely to damage your files, so is a bad utility to keep anyway, see here. Its also been known its a possible hacking route & to make matters worse there now exists a very nasty hack that uses filemanger to gain access to your site ( dbase included!! )

 

Use a normal editor such as html-kit or notepad++ after downloading all your files to your PC with ftp such as filezilla.

 

To remove filemanger:

 

Delete file_manager.php from catalog/admin

 

open admin/includes/boxes/tools.php and delete the line:

 

'<a href="' . tep_href_link(FILENAME_FILE_MANAGER) . '" class="menuBoxContentLink">' . BOX_TOOLS_FILE_MANAGER . '</a><br>' .

 

It is also known that admin/define_language.php is vulnerable to the same hacks as filemanger, so should also be removed.

 

BACKUPS:

 

To be safe you should make backups of your dBase and site files, saves a great deal of time & effort cleaning up should anything nasty happen.

 

I recommend you use AutoBackup Database in Admin AND Database backup manager also Backup of all store files in zip format.

 

INSTALLATION:

 

If you are unsure about installing these contributions this thread should help you.

 

FORMS:

 

Security Pro cleans the query string, however any forms using $_POST are un-affected, if you have any forms using the post method you would be advised to do the following on pages accepting $_POST vars.

 

after:

 

require('includes/application_top.php');

add:

 
// clean posted vars
reset($_POST);
  while (list($key, $value) = each($_POST)) {
	   if (!is_array($_POST[$key])) {
		  $_POST[$key] = preg_replace("/[^ a-zA-Z0-9@%:{}_.-]/i", "", urldecode($_POST[$key]));
  		} else { unset($_POST[$key]); } // no arrays expected 
  }

 

This does not allow for arrays, additional code is needed if they are used.

 

After install as the instruction, then

"Go into admin>configuration>FWR Security Pro and turn it on .. (set to true)"

but, the problem is that I don't find "FWR Security Pro" on the list, why?

Posted

After install as the instruction, then

"Go into admin>configuration>FWR Security Pro and turn it on .. (set to true)"

but, the problem is that I don't find "FWR Security Pro" on the list, why?

Because you missed part of the installation instructions in Security Pro. The part where you add the link code to the 'menu.'

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Posted

Warning: I am able to write to the configuration file: ..../visioimpact/marcom/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

Bonjour,puisque mon hébergeur "free.fr" "ce serveur ne prend pas en charge la modification des autorisations de fichiers" j'arrive pas à changer les permissions est ce qu'il y a une solution pour corriger l'erreur (j'ai déjà entrer a filemanager" merci d'avance.

 

translate in english

 

Hello, I have a hosting "free.fr" "this server does not support changing file permissions" I can not change the permissions is there a solution to correct the mistake (i had already come filemanager) I Thanks in advance.

Posted

Warning: I am able to write to the configuration file: ..../visioimpact/marcom/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

Bonjour,puisque mon hébergeur "free.fr" "ce serveur ne prend pas en charge la modification des autorisations de fichiers" j'arrive pas à changer les permissions est ce qu'il y a une solution pour corriger l'erreur (j'ai déjà entrer a filemanager" merci d'avance.

 

translate in english

 

Hello, I have a hosting "free.fr" "this server does not support changing file permissions" I can not change the permissions is there a solution to correct the mistake (i had already come filemanager) I Thanks in advance.

 

have'nt you posted this onthe forum elsewhere ?

Sure i have already seen it.

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Posted

Hello,

 

I do not see FWR Security Pro when I am in my admin>configuration therefore cannot set it to true. Is there something I need to do differently? Thanks!

Posted

Hello,

 

I do not see FWR Security Pro when I am in my admin>configuration therefore cannot set it to true. Is there something I need to do differently? Thanks!

You must have missed part of the installation instructions.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Posted

"Because you missed part of the installation instructions in Security Pro. The part where you add the link code to the 'menu.' " I am still not seeing where to do this in the directions... Sorry if this is so dull, could you please point out to me where I am missing this? Thank you

Posted

"Because you missed part of the installation instructions in Security Pro. The part where you add the link code to the 'menu.' " I am still not seeing where to do this in the directions... Sorry if this is so dull, could you please point out to me where I am missing this? Thank you

Ignore my stupid statement above... Which version os osC and Security Pro are you using?

 

If the sql statement completed correctly then it should be there. Run this sql in phpMyAdmin and see how many rows you get returned.

 

 

SELECT * FROM `configuration` WHERE `configuration_group_id` = '544'

 

Is there a Security Pro specific topic in the Add-Ons forum and post your problem there?

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Posted

Why are you posting here?

 

Security Pro has a support topic ..

 

http://www.oscommerce.com/forums/topic/293326-contribution-security-pro-querystring-protection-against-hackers/

 

if the settings aren't in admin then you haven't run the installer.

Posted

I just ran it and it returned an empty results set (which I am guessing is not good)

Correct. It means the installation was not successful. Thanks to FWR Media for providing the support link. I couldn't find it earlier...

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Posted

Correct. It means the installation was not successful. Thanks to FWR Media for providing the support link. I couldn't find it earlier...

Or could. I don't see where you are posting in the support thread yet...

 

Use phpMyAdmin and look in the Configuration_group table and see what the group id is for FWR Security Pro. If it is not 544 like we used in the query earlier substitute your correct group_id in the query and see if the install added the necessary information to the database. If it still returns an empty result or if your group_id is 544 like mine then your install was not successful and needs to be run again...

 

BUT, go to the support thread and post there. Looks like FWR Media does not want to help you here. He is the expert so you should go and ask there.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

  • 2 weeks later...
Posted

I would suggest everyone scan there site or sites with a PCI Compliance scan, the scan will look for vulnerabilities that you may have overlooked.

 

make sure though you add there ip address to the whitelist or your firewall.

 

I would also suggest the following if your running your own server:

 

Disable Root account and use SUDO instead ( I wont tell you how to do this just google it)

 

use SFTP instead of FTP and block port 21 using iptables or something like that

 

Delete CGI-Bin Directory

 

Create an unprivileged host user id to run the Apache server, I see so many people dont do this

 

example Apache

 

passwd –l Apache

 

To be sure the account is locked, issue the command:

 

#grep Apache /etc/shadow

 

 

…a :!: at the beginning of the line indicates that the password is locked.

 

Issue this command to remove the shell for this account:

 

# usermod –s /bin/false Apache

 

To be sure the account is locked, issue the command:

 

# grep Apache /etc/passwd

 

…/bin/false at the end of the line indicates that the shell is set to a non-existent shell.

 

 

 

Test the web server account to be sure you can’t login. Issue this command to try to log in:

 

> login Apache

 

Modules to disable

Generally, the following modules make it easier to configure/support your web server but also give too much information to attackers. We recommend that you disable the following default modules for your production server:

 

info: gives out too much information about your web server to potential attackers.

 

status: gives out server stats via web pages

 

autoindex: provides directory listings when no index.html file is present

 

imap: provides server-side mapping of index files

 

include: provides server-side includes (.shtml files)

 

userdir: translates URLs to user-specific directories

 

auth: you won’t need it – you’ll set up authentication against LDAP via mod_ldap

 

Enable Auth_Ldap

 

ServerTokens Prod

ServerSignature Off

 

Remove the Apache Manual

 

theres alot more but most likey you will get hacked if you dont do the steps.

Posted

I was in attack, I deleted all data and resore a fresh and clean one, then I installed security pro and sitemonitor, but AGAIN I'm under attack ...

 

/admin/customers.php/login.php

/admin/orders.php/login.php

/admin/categories.php/login.php

 

it's new way?

 

anybody can help me? temporary I changed admin folder name.

Posted

Nothing's wrong with osC, it's your hosting server security issues, if you're serious in E-commerce, you should consider to get a dedicated server with all up to date patched and pass PCI compliance.

 

If your site is hosting on a share server, it most likely get hack very easily.

Posted

Are you on a host? If so I would look into a new host, I can give you some suggestion on a host if you private message me, most likely your host isnt secured or if your running your own server its not configured right.

Posted

Hi guys, please go easy on me as i am such a n00b! I added this into my .htaccess in my catalog folder.. and i got an internal error, then added it into my admin and did the same. any ideas why.. the instructions are very basic :(

 

 

RewriteEngine on

 

php_flag register_globals off

 

SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots

 

Deny from env=block_bad_bots

 

 

 

# Redirect index.php to domain.com

 

RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/

 

RewriteRule ^index\.php$ http://www.site.co.uk/ [R=301,L]

 

 

 

 

 

# Redirect domain.com to www.domain.com

 

RewriteCond %{HTTP_HOST} ^site.co.uk [NC]

 

RewriteRule ^(.*)$ http://www.site.co.uk/$1 [L,R=301]

 

 

 

 

 

RewriteBase /

 

# filter for most common exploits

 

RewriteCond %{HTTP_USER_AGENT} libwww-perl [OR]

 

RewriteCond %{QUERY_STRING} tool25 [OR]

 

RewriteCond %{QUERY_STRING} cmd.txt [OR]

 

RewriteCond %{QUERY_STRING} cmd.gif [OR]

 

RewriteCond %{QUERY_STRING} r57shell [OR]

 

RewriteCond %{QUERY_STRING} c99 [OR]

 

 

 

 

 

# ban spam bots

 

RewriteCond %{HTTP_USER_AGENT} almaden [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Anarchie [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^attach [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^BackWeb [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Bandit [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^BatchFTP [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:[email protected] [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Buddy [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^bumblebee [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^CICC [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Collector [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Copier [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Crescent [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^DA [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^DIIbot [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^DISCo\ Pump [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Download\ Wonder [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Downloader [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Drip [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^DSurf15a [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^EasyDL/2.99 [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]

 

RewriteCond %{HTTP_USER_AGENT} email [NC,OR]

 

RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^FileHound [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]

 

RewriteCond %{HTTP_USER_AGENT} FrontPage [NC,OR]

 

RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^GetSmart [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^gigabaz [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Go\!Zilla [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^gotit [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Grabber [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^grub-client [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^HTTrack [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^httpdown [OR]

 

RewriteCond %{HTTP_USER_AGENT} .*httrack.* [NC,OR]

 

RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Indy*Library [OR]

 

RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]

 

RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^InternetLinkagent [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^InternetSeer.com [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Iria [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^JBH*agent [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^JustView [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^LexiBot [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^lftp [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Link*Sleuth [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^likse [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Link [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Mag-Net [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Magnet [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Memo [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Mirror [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Indy [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Mozilla*MSIECrawler [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^MS\ FrontPage* [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^MSIECrawler [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^MSProxy [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^NetMechanic [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Ninja [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Openfind [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Ping [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^PingALink [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Pockey [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^psbot [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Pump [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^QRVA [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Reaper [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Recorder [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Scooter [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Seeker [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Siphon [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^sitecheck.internetseer.com [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^SlySearch [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Snake [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^SpaceBison [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^sproose [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Stripper [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Sucker [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Szukacz [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^URLSpiderPro [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Vacuum [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[bb]andit [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^webcollage [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Web\ Downloader [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebHook [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebMiner [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebMirror [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Website [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Webster [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]

 

RewriteCond %{HTTP_USER_AGENT} WebWhacker [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Whacker [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^x-Tractor [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Xenu [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Zeus

 

RewriteRule ^.* - [F,L]

 

RewriteCond %{HTTP_REFERER} ^http://www.site.co.uk$

 

RewriteRule !^http://[^/.]\.site.co.uk.* - [F,L]

 

 

 

 

 

BAN IP NUMBERS, ALL OF TURKEY

 

 

 

<Limit GET PUT POST>

 

order allow,deny

 

# ban domains

 

deny from .br.geocities.com

 

# ban entire country ~ Turkey

 

deny from 62.29.0.0/17

 

deny from 62.56.128.0/22

 

deny from 62.85.128.0/19

 

deny from 62.108.64.0/19

 

deny from 62.113.0.0/19

 

deny from 62.184.58.0/27

 

deny from 62.185.166.64/26

 

deny from 62.184.178.96/29

 

deny from 62.186.77.0/26

 

deny from 62.201.192.0/18

 

deny from 62.229.128.0/24

 

deny from 62.229.130.0/24

 

deny from 62.244.192.0/18

 

deny from 62.248.0.0/17

 

deny from 64.18.138.0/24

 

deny from 64.28.128.0/20

 

deny from 65.182.7.0/24

 

deny from 66.178.5.0/24

 

deny from 66.178.52.0/24

 

deny from 66.205.36.0/22

 

deny from 69.30.204.0/23

 

deny from 80.71.128.0/20

 

deny from 80.88.138.224/27

 

deny from 80.88.141.160/27

 

deny from 80.251.0.0/20

 

deny from 80.251.32.0/20

 

deny from 81.6.64.0/18

 

deny from 81.8.0.0/17

 

deny from 81.21.160.0/20

 

deny from 81.22.97.0/24

 

deny from 81.31.193.224/29

 

deny from 81.31.195.112/29

 

deny from 81.31.195.136/29

 

deny from 81.31.195.216/30

 

deny from 81.31.196.172/30

 

deny from 81.31.197.16/29

 

deny from 81.31.197.64/30

 

deny from 81.31.197.128/30

 

deny from 81.31.198.152/29

 

deny from 81.31.198.216/29

 

deny from 81.31.199.72/29

 

deny from 81.31.199.140/30

 

deny from 81.31.199.160/29

 

deny from 81.31.200.64/29

 

deny from 81.31.200.76/30

 

deny from 81.212.0.0/14

 

deny from 82.145.224.0/19

 

deny from 82.151.128.0/19

 

deny from 82.222.0.0/16

 

deny from 83.66.0.0/16

 

deny from 83.166.48.0/28

 

deny from 84.11.37.192/26

 

deny from 84.17.64.0/19

 

deny from 84.44.0.0/17

 

deny from 84.51.0.0/18

 

deny from 85.96.0.0/12

 

deny from 85.153.0.0/16

 

deny from 85.158.96.0/21

 

deny from 85.159.64.0/21

 

deny from 85.235.64.0/24

 

deny from 86.108.128.0/17

 

Deny from 88.240.0.0/16

 

deny from 139.179.0.0/16

 

deny from 144.122.0.0/16

 

deny from 155.223.0.0/16

 

deny from 160.75.0.0/16

 

deny from 161.9.0.0/16

 

deny from 168.139.0.0/16

 

deny from 192.70.133.0/23

 

deny from 192.129.87.0/24

 

deny from 192.160.21.0/24

 

deny from 193.23.156.0/24

 

deny from 193.25.124.0/23

 

deny from 193.41.2.0/23

 

deny from 193.42.216.0/24

 

deny from 193.95.0.0/17

 

deny from 193.108.213.0/24

 

deny from 193.109.134.0/23

 

deny from 193.110.170.0/23

 

deny from 193.110.208.0/21

 

deny from 193.140.0.0/16

 

deny from 193.178.218.0/24

 

deny from 193.188.198.0/23

 

deny from 193.192.96.0/19

 

deny from 193.201.149.192/26

 

deny from 193.201.157.0/25

 

deny from 193.218.113.0/24

 

deny from 193.218.200.0/24

 

deny from 193.219.208.0/30

 

deny from 193.220.68.0/24

 

deny from 193.243.192.0/19

 

deny from 193.254.228.0/23

 

deny from 193.254.252.0/23

 

deny from 193.255.0.0/16

 

deny from 194.9.174.0/24

 

deny from 194.24.224.0/23

 

deny from 194.27.0.0/16

 

deny from 194.29.208.0/21

 

deny from 194.54.32.0/19

 

deny from 194.67.205.0/23

 

deny from 194.69.206.0/24

 

deny from 194.117.97.172/30

 

deny from 194.117.110.80/28

 

deny from 194.117.113.72/30

 

deny from 194.117.114.4/30

 

deny from 194.117.118.40/30

 

deny from 194.117.119.4/32

 

deny from 194.117.119.18/32

 

deny from 194.117.119.20/32

 

deny from 194.117.119.22/32

 

deny from 194.117.119.24/32

 

deny from 194.117.119.27/32

 

deny from 194.117.119.34/32

 

deny from 194.117.119.53/32

 

deny from 194.117.119.55/32

 

deny from 194.117.119.58/32

 

deny from 194.117.119.61/32

 

deny from 194.117.119.73/32

 

deny from 194.117.119.76/32

 

deny from 194.117.119.80/32

 

deny from 194.117.119.86/32

 

deny from 194.117.119.93/31

 

deny from 194.117.119.96/32

 

deny from 194.117.119.99/31

 

deny from 194.117.119.108/32

 

deny from 194.117.120.15/32

 

deny from 194.117.120.114/32

 

deny from 194.117.120.233/32

 

deny from 194.117.121.30/32

 

deny from 194.117.121.70/32

 

deny from 194.117.121.96/32

 

deny from 194.117.121.101/32

 

deny from 194.117.121.168/32

 

deny from 194.117.121.192/31

 

deny from 194.117.121.217/32

 

deny from 194.125.232.0/22

 

deny from 194.126.230.0/24

 

deny from 194.133.65.0/24

 

deny from 194.133.160.0/20

 

deny from 194.133.240.0/23

 

deny from 194.133.251.0/24

 

deny from 194.133.253.0/28

 

deny from 194.133.255.0/24

 

deny from 194.242.32.0/24

 

deny from 195.8.109.0/24

 

deny from 195.33.192.0/18

 

deny from 195.39.224.0/23

 

deny from 195.46.128.0/19

 

deny from 195.49.216.0/21

 

deny from 195.64.128.0/18

 

deny from 195.74.32.0/19

 

deny from 195.75.202.0/26

 

deny from 195.75.202.128/25

 

deny from 195.75.222.0/28

 

deny from 195.75.222.24/29

 

deny from 195.75.222.160/27

 

deny from 195.75.236.0/28

 

deny from 195.75.236.96/29

 

deny from 195.75.236.112/28

 

deny from 195.75.238.0/25

 

deny from 195.79.199.192/29

 

deny from 195.79.204.192/27

 

deny from 195.85.242.0/24

 

deny from 195.85.255.0/24

 

deny from 195.87.0.0/16

 

deny from 195.112.128.0/19

 

deny from 195.112.160.16/30

 

deny from 195.112.166.12/30

 

deny from 195.112.166.52/30

 

deny from 195.112.166.60/30

 

deny from 195.112.166.68/29

 

deny from 195.112.166.80/30

 

deny from 195.128.32.0/21

 

deny from 195.128.254.0/23

 

deny from 195.137.222.0/23

 

deny from 195.140.196.0/22

 

deny from 195.142.0.0/16

 

deny from 195.149.85.0/24

 

deny from 195.149.116.0/24

 

deny from 195.155.0.0/16

 

deny from 195.174.0.0/15

 

deny from 195.177.206.0/23

 

deny from 195.177.230.0/23

 

deny from 195.183.236.192/26

 

deny from 195.212.230.0/24

 

deny from 195.212.244.8/29

 

deny from 195.213.69.144/28

 

deny from 195.214.128.0/18

 

deny from 195.234.165.0/24

 

deny from 195.242.122.0/23

 

deny from 195.244.32.0/19

 

deny from 195.245.227.0/24

 

deny from 195.254.128.0/19

 

deny from 196.3.132.0/20

 

deny from 196.29.64.0/19

 

deny from 196.32.32.0/19

 

deny from 196.203.0.0/16

 

deny from 199.89.210.0/24

 

deny from 200.3.176.0/21

 

deny from 200.9.216.0/24

 

deny from 200.108.0.0/19

 

deny from 201.238.64.0/18

 

deny from 209.94.192.0/19

 

deny from 212.2.192.0/19

 

deny from 212.12.128.0/19

 

deny from 212.15.0.0/19

 

deny from 212.21.197.240/29

 

deny from 212.29.64.0/18

 

deny from 212.31.0.0/19

 

deny from 212.33.0.0/19

 

deny from 212.45.64.0/19

 

deny from 212.48.224.0/19

 

deny from 212.50.32.0/19

 

deny from 212.57.0.0/19

 

deny from 212.58.0.0/19

 

deny from 212.63.170.168/30

 

deny from 212.63.172.212/30

 

deny from 212.63.172.224/30

 

deny from 212.63.180.0/30

 

deny from 212.63.180.8/30

 

deny from 212.63.180.16/30

 

deny from 212.63.180.28/30

 

deny from 212.63.180.40/29

 

deny from 212.63.180.56/30

 

deny from 212.63.180.68/30

 

deny from 212.63.180.84/30

 

deny from 212.63.180.92/30

 

deny from 212.63.180.108/29

 

deny from 212.63.180.120/29

 

deny from 212.63.180.200/30

 

deny from 212.64.192.0/19

 

deny from 212.65.128.0/19

 

deny from 212.79.96.0/22

 

deny from 212.79.122.0/23

 

deny from 212.98.0.0/19

 

deny from 212.98.192.0/18

 

deny from 212.101.96.0/19

 

deny from 212.108.128.0/19

 

deny from 212.109.96.0/19

 

deny from 212.109.224.0/19

 

deny from 212.115.0.0/19

 

deny from 212.125.0.0/19

 

deny from 212.127.96.0/19

 

deny from 212.133.128.0/17

 

deny from 212.146.128.0/17

 

deny from 212.154.0.0/17

 

deny from 212.156.0.0/16

 

deny from 212.174.0.0/15

 

deny from 212.252.0.0/15

 

deny from 213.14.0.0/16

 

deny from 213.31.190.48/28

 

deny from 213.31.223.144/28

 

deny from 213.43.0.0/16

 

deny from 213.62.14.64/26

 

deny from 213.62.40.192/26

 

deny from 213.74.0.0/16

 

deny from 213.138.0.0/19

 

deny from 213.139.192.0/18

 

deny from 213.143.224.0/19

 

deny from 213.144.96.0/19

 

deny from 213.148.64.0/19

 

deny from 213.150.160.0/19

 

deny from 213.153.128.0/17

 

deny from 213.155.96.0/19

 

deny from 213.159.32.0/19

 

deny from 213.161.128.0/19

 

deny from 213.181.38.192/26

 

deny from 213.186.128.0/19

 

deny from 213.194.64.0/18

 

deny from 213.202.0.0/19

 

deny from 213.204.64.0/18

 

deny from 213.208.3.192/29

 

deny from 213.208.39.0/24

 

deny from 213.209.169.144/29

 

deny from 213.232.0.0/18

 

deny from 213.236.32.0/19

 

deny from 213.238.128.0/18

 

deny from 213.243.0.0/18

 

deny from 213.248.128.0/18

 

deny from 213.254.128.0/19

 

deny from 216.139.188.192/27

 

deny from 217.17.144.0/20

 

deny from 217.21.68.0/22

 

deny from 217.23.110.96/27

 

deny from 217.31.224.0/19

 

deny from 217.64.144.0/20

 

deny from 217.64.208.0/20

 

deny from 217.68.208.0/20

 

deny from 217.77.241.113/32

 

deny from 217.77.241.218/32

 

deny from 217.77.242.169/32

 

deny from 217.77.246.192/30

 

deny from 217.131.0.0/16

 

deny from 217.138.38.248/29

 

deny from 217.169.192.0/20

 

deny from 217.173.157.128/28

 

deny from 217.173.157.192/27

 

deny from 217.173.158.64/27

 

deny from 217.174.32.0/20

 

deny from 217.174.224.0/20

 

deny from 217.194.135.160/28

 

deny from 217.195.192.0/20

 

# Ban a few extra ips

 

deny from 81.169.137.114

 

deny from 74.53.46.98

 

deny from 75.126.134.16

 

deny from 203.194.159.159

 

deny from 203.196.161.116

 

deny from 201.72.166.36

 

deny from 212.65.64.19

 

deny from 212.12.114.142

 

deny from 212.241.213.57

 

deny from 219.95.39.53

 

deny from 209.200.253.165

 

deny from 201.72.166.36

 

deny from 213.203.223.25

 

deny from 66.249.67.86

 

deny from 200.140.15.3

 

deny from 83.11.204.75

 

deny from 83.11.202.74

 

deny from 83.11.241.28

 

deny from 83.240.152.23

 

deny from 83.217.84.73

 

deny from 83.145.82.134

 

deny from 85.108.245.115

 

deny from 61.222.92.150

 

deny from 24.83.72.98

 

deny from 59.94.170.4

 

allow from all

 

</Limit>

 

 

 

# deny most common except .php

 

<FilesMatch "\.(inc|tpl|h|ihtml|sql|ini|conf|class|bin|spd|theme|module|exe)$">

 

deny from all

 

</FilesMatch>

 

 

 

# Disable .htaccess viewing from browser

 

<Files ~ "^\.ht">

 

Order allow,deny

 

Deny from all

 

Satisfy All

 

</Files>

 

 

 

# Disable access to config.php

 

<Files ~ "includes\configure.php$">

 

deny from all

 

</Files>

 

 

 

FORCE TYPE

 

<Files site>

 

ForceType application/x-httpd-php

 

</Files>

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...