11
Swain
Re: my site got hacked
  • 2006/7/30 2:30

  • Swain

  • Not too shy to talk

  • Posts: 198

  • Since: 2006/6/27


Here is one I use. You will notice I actually deny user agents as this seems the most effective way:



order allow,deny

deny from localhost.removed.com

deny from progressiveupdate.net

allow from all





Redirect temp /cgi-bin/formmail.pl http://www.yourdomain.org/spambot.html



RewriteEngine On

RewriteCond %{HTTP_user_agent} ^-?$

RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]

RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]

RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]

RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]

RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]

RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]

RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]

RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]

RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]

RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]

RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]

RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]

RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]

RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]

RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]

RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]

RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]

RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]

RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]

RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]

RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]

RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]

RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]

RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]

RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]

RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]

RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]

RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]

RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]

RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]

RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]

RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]

RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]

RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]

RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]

RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]

RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]

RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]

RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]

RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]

RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]

RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]

RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]

RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]

RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]

RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]

RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]

RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]

RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]

RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]

RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]

RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]

RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]

RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]

RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]

RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]

RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]

RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]

RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]

RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]

RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]

RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]

RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]

RewriteCond %{HTTP_USER_AGENT} ^Zeus [OR]

RewriteCond %{HTTP_USER_AGENT} ^

RewriteRule /* http://www.yourdomain.org/spambot.txt [R,L]





*/

12
ghettonet
Re: my site got hacked
  • 2006/7/30 2:41

  • ghettonet

  • Not too shy to talk

  • Posts: 176

  • Since: 2005/12/4


Here is a link to mine (well, some of it is cut out - just some IP specific stuff) http://living-abomination.stufftoread.com/htaccesspart.txt

So far it's done pretty well for us on all of our sites.

[edit] - the one above is much better than mine. nice work, zeroram

13
eejut
Re: my site got hacked
  • 2006/7/30 11:45

  • eejut

  • Just popping in

  • Posts: 86

  • Since: 2005/5/16


hi again, many thanks for the repy..so where do i put all that text?
in the .htaccess file..exactly as its writtien above? or what changes do i have to do
also will this stop the bots like google yahoo etc etc because i rely on them for traffic and iwouldnt like to block myself from the search engines etc

ihave already added the guys ip range to the deny part of the .htaccess file so hope fully hes locked out
he uploaded a php file and then made a cmd to grab the db name username and password to the db, from there he altered the admin username and pass
i have installed the protecter module ,its pretty good at stopping any uploading to the site
i have to disable it though when i want to add downloads to my site ,or it wont let me..i turn it off to do the admin work then turn it on after ..bitof a pain when iam busy ,but if it stops them sending bad php files top gain access then i can live with it

14
Swain
Re: my site got hacked
  • 2006/7/31 13:27

  • Swain

  • Not too shy to talk

  • Posts: 198

  • Since: 2006/6/27


Yes, add all that to your .htaccess. It sounds like you are doing pretty good though at making sure it never happens again.

BTW, the spambot.txt mentioned in mine above is a txt file stating we do not tolerate spamming or hacking. You can redirect it to anything you want, or delete the line and let them get a 403 error.

15
eejut
Re: my site got hacked
  • 2006/7/31 16:20

  • eejut

  • Just popping in

  • Posts: 86

  • Since: 2005/5/16


hi again,swain can i just confirm that txt you have shown me above for the .htaccess will not block the search engine bots such as google/yahoo etc etc...and do u also have an example of what you put in the
spambot.txt please
thanks in advance

[edit]
just tried inserting your txt into the htaccess file and it gave my site a sevr error ..any ideas?

16
ghettonet
Re: my site got hacked
  • 2006/7/31 19:05

  • ghettonet

  • Not too shy to talk

  • Posts: 176

  • Since: 2005/12/4


What number error did you get (500/404,etc)? That .htaccess will not block any of the good bots - Google, Yahoo, etc. What it is doing is picking out the bad ones and denying them specifically.

17
eejut
Re: my site got hacked
  • 2006/7/31 19:12

  • eejut

  • Just popping in

  • Posts: 86

  • Since: 2005/5/16


Hello ghettonet it was a server 500 error ,when i removed the text .the error went away

18
Swain
Re: my site got hacked
  • 2006/7/31 19:44

  • Swain

  • Not too shy to talk

  • Posts: 198

  • Since: 2006/6/27


Hmmm, do not know why it would give a server error. It works fine on my server. It could be you did not get everything copied in right, or perhaps you pasted it too close to other text. I am not sure. My spambot.txt is as follows:

"You are getting this message because you are either a bot trying to illegally access our scripts or harvest email address, or because you have not identified your User Agent. We realize many innocent folk like to surf without any part of their identity being revealed. However, by allowing us to know what browser you are using, we can safeguard our site from malicious deeds, and further tailor our pages to your browser. None of your privacy is given up by allowing us to know your User Agent, anymore than putting a license plate on your car violates your privacy. "

19
svaha
Re: my site got hacked
  • 2006/8/1 16:42

  • svaha

  • Just can't stay away

  • Posts: 896

  • Since: 2003/8/2 2


I don't understand this part :


Redirect temp /cgi-bin/formmail.pl http://www.yourdomain.org/spambot.html

Could you explain this?

20
Swain
Re: my site got hacked
  • 2006/8/1 17:09

  • Swain

  • Not too shy to talk

  • Posts: 198

  • Since: 2006/6/27


For that line you need to create an html text explaining to them why you denied their request. I use it just in case it is a legitmate user with browser problems or someone masking their User Agent for privacy. You could instead direct them to robots.txt, the 403 page, or anywhere you want.

Login

Who's Online

300 user(s) are online (225 user(s) are browsing Support Forums)


Members: 0


Guests: 300


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits