1. 首頁
  2. 問答
  3. Joomla Sites .htaccess不斷遭到黑客攻擊

Joomla Sites .htaccess不斷遭到黑客攻擊

2011-11-25 76 views
2

我運行的是1.5.25,不知何故.htaccess文件不斷在我的根目錄中創建。Joomla Sites .htaccess不斷遭到黑客攻擊

ErrorDocument 400 http:// redirected url index.php                              
ErrorDocument 404 http:// redirected url index.php index.php                              
ErrorDocument 500 http://redirected url /index.php 

<IfModule mod_rewrite.c>                               
RewriteEngine On                               
RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|baidu|youtube|wikipedia|qq|excite|altavista|msn|netscape|aol|hotbot|goto|infoseek|mamma|alltheweb|lycos|search|metacrawler|bing|dogpile|facebook|twitter|blog|live|myspace|mail|yandex|rambler|ya|aport|linkedin|flickr)\.(.*)                              
RewriteRule ^(.*)$ http://redirected url index.php [R=301,L]                              
</IfModule>

我想知道如何找出誰創建這個.htaccess文件,即使刪除。有沒有找到哪個腳本創建這個?哪個用戶創建它?

以前有過這個問題的人嗎?有沒有一種方法可以創建.htaccess並禁止它被更改。應用644權限設置似乎沒有幫助。

注:我已經變化了的實際重定向URL以重定向的URL的index.php

來源

2011-11-25 Churchill

+0

這個問題似乎是脫離主題,因爲它是關於編程,屬於http://security.stackexchange.com/ – bummi

回答

0

也許一個良好的檢查,看看是否有是誰做到這一點(的crontab -l)任何cronjobs。某些託管面板具有清除操作,並且只允許通過使用它們的UI修改.htaccess(因此它首先存儲在數據庫中)。

這可能會讓你進行得如此; http://www.infoq.com/articles/inotify-linux-file-system-event-monitoring

來源

2011-11-25 08:09:49 MartinIB

+0

$ crontab -l不給我太多。所有行都被評論。我使用SSH連接到Dreamhost服務器,所以我不認爲我可以在其上安裝該文件檢查程序。 – Churchill

+0

我更新了我的答案,好像以前的建議是僅限於Windows。這應該更好地滿足您的需求。 – MartinIB

4

Erm權限644表示該文件是可寫的 - 至少由擁有者。我不知道如何設置服務器以及所有者是您(ftp用戶)還是「無人」Web服務器。

你有可能是過時的Joomla版本的漏洞或過時和易受攻擊的附加組件。有人使用漏洞將'web shell'放入文件系統的可能性很高。這允許他連接到該文件併爲他提供控制面板的選項來編輯文件,上傳文件,運行任意命令。

這可能是服務器上的另一個帳戶受到攻擊,然後該帳戶中的文件會伸出服務器範圍 - 或者至少在服務器上的任何可寫文件/文件夾中。

你真的應該從網絡安全專家那裏得到幫助,但是如果你想自己嘗試做分析,這裏有幾個步驟。

在服務器上,您還可以使用'find'命令搜索文件系統,以查找最近x天或最近x小時內發生更改的文件。

您需要將網站脫機,聯繫您的主機並解釋問題並查看他們可以提供的信息。你應該下載你的文件,並作爲第一個措施運行通過一個強大的病毒掃描程序(這些現在識別大多數Web殼)。

搜索通過以下單詞/模式的文件 - grep的或類似的是有用的這些:

網\ S *外殼

砍死\ S *通過

R57

c99

base64_decode

Th \ s *的e行是正則表達式。 最後一個會提供很多誤報 - 檢查每個文件的可疑內容,看起來不像Joomla代碼的文件(顯然需要一點熟悉才能發現)。

升級Joomla和任何具有更新版本的附加組件。首先搜索http://exploit-db.com/獲取'joomla',然後查看是否列出了任何附加組件。

http://www.exploit-db.com/search/?action=search&filter_page=1&filter_exploit_text=joomla&filter_platform=0&filter_type=0&filter_lang_id=0

有可以檢查很多很多其他的事情,而且也應該檢查 - 但這些都是一個很好的起點 - 但我強調,最好是保持人的幫助是誰在這方面經驗豐富。反黑客服務通常從500英鎊開始,上漲到約1000英鎊(800美元至1600美元)。

當你把網站恢復現場檢查 register_globals的是關閉 短開放標籤關閉

確保以下功能都可以通過php.ini中的這個disable_functions選項 disable_functions選項= EXEC,中繼殘疾人,了shell_exec,系統,proc_open,POPEN,curl_exec,curl_multi_exec,parse_ini_file,show_source

來源

2011-11-27 00:21:29

1

您可以使用下面的代碼爲您的.htaccess文件

## Disallow access to htaccess.txt and configuration.php-dist 
RewriteRule ^(htaccess\.txt|configuration\.php-dist)$ - [F,L]

下面是一個安全的.htaccess文件

########## End - Advanced server protection rules exceptions #### 

RewriteRule ^(images/stories/*\.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|ico|htm[l]?))$ $1 [L] 
RewriteCond %{REQUEST_FILENAME} -f 
RewriteCond %{HTTP_REFERER} !^http://www\.xxx\.com [NC] 
RewriteRule \.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|ico|htm[l]?)$ - [F,L] 

## Disallow visual fingerprinting of Joomla! sites (module position dump) 

RewriteCond %{QUERY_STRING} (^|&)tmpl=component [NC] 
RewriteRule ^(.*)$ $1 [L] 
RewriteCond %{QUERY_STRING} (^|&)tp= [NC,OR] 
RewriteCond %{QUERY_STRING} (^|&)template= [NC,OR] 
RewriteCond %{QUERY_STRING} (^|&)tmpl= [NC] 
RewriteRule ^(.*)$ - [F,L] 

## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine 
## your PHP version). See http://www.0php.com/php_easter_egg.php and 
## http://osvdb.org/12184 for more information 
RewriteCond %{QUERY_STRING} =PHP[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12} [NC] 
RewriteRule ^(.*)$ - [F,L] 

## Back-end protection 
## This also blocks fingerprinting attacks browsing for XML and INI files 
RewriteRule ^(administrator[/]?)$ administrator/index.php [L] 
RewriteRule ^(administrator/index.htm[l]?)$ $1 [L] 
RewriteRule ^(administrator/index.php)$ $1 [L] 
RewriteRule ^(administrator/index[2,3].php)$ $1 [L] 
RewriteRule ^(administrator/(components|modules|templates|images|plugins)/.*\.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|htm[l]?))$ $1 [L] 
RewriteRule ^administrator/(.*)$ - [F,L] 

## Explicitly allow access only to XML-RPC's xmlrpc/index.php or plain xmlrpc/ directory 
RewriteRule ^(xmlrpc/index\.php)$ $1 [L] 
RewriteRule ^xmlrpc/(.*)$ - [F,L] 

## Disallow front-end access for certain Joomla! system directories 
RewriteRule ^(includes/js/.*)$ $1 [L] 
RewriteRule ^(cache|includes|language|libraries|logs|tmp)/.*$ - [F,L] 

## Allow limited access for certain Joomla! system directories with client-accessible content 
RewriteRule ^((components|modules|plugins|templates)/.*\.(jp[g,2,eg]?|png|gif|bmp|css|js|swf|ico|htm[l]?))$ $1 [L] 
RewriteRule ^((components|modules|plugins|templates)/.*index\.php(.*))$ $1 [L] 
RewriteRule ^(templates/.*\.php)$ $1 [L] 
RewriteRule ^(components|modules|plugins|templates)/.*$ - [F,L] 

## Disallow access to htaccess.txt and configuration.php-dist 
RewriteRule ^(htaccess\.txt|configuration\.php-dist)$ - [F,L] 

## SQLi first line of defense 
## May cause problems on legitimate requests 

RewriteCond %{QUERY_STRING} concat.*\([NC,OR] 
RewriteCond %{QUERY_STRING} union.*select.*\([NC,OR] 
RewriteCond %{QUERY_STRING} union.*all.*select.* [NC] 
RewriteRule ^(.*)$ - [F,L] 

########## End - Advanced server protection

來源

2012-01-06 11:56:01 user1132928

3

有擔保的Joomla網站,你可以使用下面的代碼,只需編輯您的.htaccess文件及以下的船舶與Joomla網站充分保護幾個設置。此外,它會使用Joomla Core SEF更新您的網址(您必須啓用它)。轉到管理面板並更新您的Apache的Mode/ReadWrite。

您可以使用下面的代碼

RewriteEngine On   
DirectoryIndex index.php index.html 

IndexIgnore * 
Options +FollowSymLinks All -Indexes 

FileETag MTime Size 
ExpiresActive On 

# Default expiration: 1 hour after request 
ExpiresDefault "now plus 1 hour" 

# CSS and JS expiration: 1 week after request 
ExpiresByType text/css "now plus 1 week" 
ExpiresByType application/javascript "now plus 1 week" 
ExpiresByType application/x-javascript "now plus 1 week" 

# Image files expiration: 1 year after request 
ExpiresByType image/bmp "now plus 1 year" 
ExpiresByType image/gif "now plus 1 year" 
ExpiresByType image/jpeg "now plus 1 year" 
ExpiresByType image/jp2 "now plus 1 year" 
ExpiresByType image/pipeg "now plus 1 year" 
ExpiresByType image/png "now plus 1 year" 
ExpiresByType image/svg+xml "now plus 1 year" 
ExpiresByType image/tiff "now plus 1 year" 
ExpiresByType image/vnd.microsoft.icon "now plus 1 year" 
ExpiresByType image/x-icon "now plus 1 year" 
ExpiresByType image/ico "now plus 1 year" 
ExpiresByType image/icon "now plus 1 year" 
ExpiresByType text/ico "now plus 1 year" 
ExpiresByType application/ico "now plus 1 year" 
ExpiresByType image/vnd.wap.wbmp "now plus 1 year" 
ExpiresByType application/vnd.wap.wbxml "now plus 1 year" 
ExpiresByType application/smil "now plus 1 year" 

# Audio files expiration: 1 year after request 
ExpiresByType audio/basic "now plus 1 year" 
ExpiresByType audio/mid "now plus 1 year" 
ExpiresByType audio/midi "now plus 1 year" 
ExpiresByType audio/mpeg "now plus 1 year" 
ExpiresByType audio/x-aiff "now plus 1 year" 
ExpiresByType audio/x-mpegurl "now plus 1 year" 
ExpiresByType audio/x-pn-realaudio "now plus 1 year" 
ExpiresByType audio/x-wav "now plus 1 year" 

# Movie files expiration: 1 year after request 
ExpiresByType application/x-shockwave-flash "now plus 1 year" 
ExpiresByType x-world/x-vrml "now plus 1 year" 
ExpiresByType video/x-msvideo "now plus 1 year" 
ExpiresByType video/mpeg "now plus 1 year" 
ExpiresByType video/mp4 "now plus 1 year" 
ExpiresByType video/quicktime "now plus 1 year" 
ExpiresByType video/x-la-asf "now plus 1 year" 
ExpiresByType video/x-ms-asf "now plus 1 year" 

########## End - Optimal expiration time 

########## Begin - block bandwidth hoggers 

SetEnvIf user-agent "Indy Library" stayout=1 
SetEnvIf user-agent "libwww-perl" stayout=1 
SetEnvIf user-agent "Wget" stayout=1 

# The following rules are for bandwidth-hogging download tools 
SetEnvIf user-agent "Download Demon" stayout=1 
SetEnvIf user-agent "GetRight" stayout=1 
SetEnvIf user-agent "GetWeb!" stayout=1 
SetEnvIf user-agent "Go!Zilla" stayout=1 
SetEnvIf user-agent "Go-Ahead-Got-It" stayout=1 
SetEnvIf user-agent "GrabNet" stayout=1 
SetEnvIf user-agent "TurnitinBot" stayout=1 

# This line denies access to all of the above tools 
deny from env=stayout 
########## End - block bandwidth hoggers 


# Compress text, html, javascript, css, xml, kudos to Komra.de 
AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript 
########## End - Automatic compression of resources 

########## Begin - Google Apps redirection, by Sashi 
Redirect 301 /mail http://mail.google.com/a/ 
########## End - Google Apps redirection 

########## Begin - Redirect index.php to/

RewriteCond %{THE_REQUEST} ^.*/index\.php$ 
RewriteRule ^index\.php$ http://www.example.com/ [R,L] 
########## End - Redirect index.php to/

########## Begin - Redirect non-www to www 
RewriteCond %{HTTP_HOST} !^www\. [NC] 
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R,L] 
########## End - Redirect non-www to www 

########## Begin - Redirect www to non-www 
## WARNING: Comment out the non-www to www rule if you choose to use this 
#RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] 
#RewriteRule ^(.*)$ http://%1/$1 [R,L] 
########## End - Redirect non-www to www 

########## Begin - Redirect example.com to www.example.com 
RewriteCond %{HTTP_HOST} ^example.com [NC] 
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R] 
########## End - Redirect example.com to www.example.com 

########## Begin - Force HTTPS for certain pages 

RewriteCond %{HTTPS} ^off$ [NC] 

RewriteRule ^foobar\.html$ https://www.example.com/foobar.html [L,R] 
# Add mode rules below this line 


########## Block bad user agents 

RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:[email protected] [OR] 
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR] 
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR] 
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR] 
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR] 
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR] 
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR] 
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR] 
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR] 
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR] 
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR] 
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR] 
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR] 
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR] 
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR] 
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR] 
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR] 
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR] 
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR] 
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR] 
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR] 
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR] 
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR] 
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR] 
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR] 
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR] 
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR] 
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Zeus 
## Note: The final RewriteCond must NOT use the [OR] flag. 

## Return 403 Forbidden error. 
RewriteRule .* - [F] 

ServerSignature Off 
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR] 
RewriteCond %{THE_REQUEST} (\\r|\\n|%0A|%0D) [NC,OR] 

RewriteCond %{HTTP_REFERER} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] 
RewriteCond %{HTTP_COOKIE} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] 
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|」>|」<|/|\\\.\.\\).{0,9999} [NC,OR] 

RewriteCond %{HTTP_USER_AGENT} ^$ [OR] 
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget) [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} (winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} (libwww-perl|curl|wget|python|nikto|scan) [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] 

#Block mySQL injects 
RewriteCond %{QUERY_STRING} (;|<|>|’|」|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark) [NC,OR] 

RewriteCond %{QUERY_STRING} \.\./\.\. [OR] 

RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR] 
RewriteCond %{QUERY_STRING} \.[a-z0-9] [NC,OR] 
RewriteCond %{QUERY_STRING} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC] 
# Note: The final RewriteCond must NOT use the [OR] flag. 

# Return 403 Forbidden error. 
RewriteRule .* index.php [F] 

########## Begin - File injection protection 

RewriteCond %{REQUEST_METHOD} GET 
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]\=http:\/\/(.*) 
RewriteRule ^(.*)$ - [F,L] 

########## End 


## Allow UddeIM CAPTCHA 
RewriteRule ^(components/com_uddeim/captcha15\.php)$ $1 [L] 

## Allow Phil Taylor's Turbo Gears 
RewriteRule ^(plugins/system/GoogleGears/gears-manifest\.php) $1 [L] 

## Allow JoomlaWorks AllVideos 
RewriteRule ^(plugins/content/jw_allvideos/includes/jw_allvideos_scripts\.php) $1 [L] 

# Add more rules to single PHP files here 

## Allow Agora attachments, but not PHP files in that directory! 
RewriteCond %{REQUEST_FILENAME} -f 
RewriteCond %{REQUEST_FILENAME} !(\.php)$ 
RewriteRule ^(components/com_agora/img/members/.*) $1 [L] 

# Add more rules for allowing full access (except PHP files) on more directories here 

## Uncomment to allow full access to the cache directory (strongly not recommended!) 
#RewriteRule ^(cache/.*)$ $1 [L] 

## Uncomment to allow full access to the tmp directory (strongly not recommended!) 
#RewriteRule ^(tmp/.*)$ $1 [L] 

# Add more full access rules here 

########## End - Advanced server protection rules exceptions #### 

RewriteRule ^(images/stories/*\.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|ico|htm[l]?))$ $1 [L] 
RewriteCond %{REQUEST_FILENAME} -f 
RewriteCond %{HTTP_REFERER} !^http://www\.example\.com [NC] 
RewriteRule \.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|ico|htm[l]?)$ - [F,L] 

## Disallow visual fingerprinting of Joomla! sites (module position dump) 

RewriteCond %{QUERY_STRING} (^|&)tmpl=component [NC] 
RewriteRule ^(.*)$ $1 [L] 
RewriteCond %{QUERY_STRING} (^|&)tp= [NC,OR] 
RewriteCond %{QUERY_STRING} (^|&)template= [NC,OR] 
RewriteCond %{QUERY_STRING} (^|&)tmpl= [NC] 
RewriteRule ^(.*)$ - [F,L] 

## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine 
## your PHP version). See http://www.0php.com/php_easter_egg.php and 
## http://osvdb.org/12184 for more information 
RewriteCond %{QUERY_STRING} =PHP[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12} [NC] 
RewriteRule ^(.*)$ - [F,L] 

## Back-end protection 
## This also blocks fingerprinting attacks browsing for XML and INI files 
RewriteRule ^(administrator[/]?)$ administrator/index.php [L] 
RewriteRule ^(administrator/index.htm[l]?)$ $1 [L] 
RewriteRule ^(administrator/index.php)$ $1 [L] 
RewriteRule ^(administrator/index[2,3].php)$ $1 [L] 
RewriteRule ^(administrator/(components|modules|templates|images|plugins)/.*\.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|htm[l]?))$ $1 [L] 
RewriteRule ^administrator/(.*)$ - [F,L] 

## Explicitly allow access only to XML-RPC's xmlrpc/index.php or plain xmlrpc/ directory 
RewriteRule ^(xmlrpc/index\.php)$ $1 [L] 
RewriteRule ^xmlrpc/(.*)$ - [F,L] 

## Disallow front-end access for certain Joomla! system directories 
RewriteRule ^(includes/js/.*)$ $1 [L] 
RewriteRule ^(cache|includes|language|libraries|logs|tmp)/.*$ - [F,L] 

## Allow limited access for certain Joomla! system directories with client-accessible content 
RewriteRule ^((components|modules|plugins|templates)/.*\.(jp[g,2,eg]?|png|gif|bmp|css|js|swf|ico|htm[l]?))$ $1 [L] 
RewriteRule ^((components|modules|plugins|templates)/.*index\.php(.*))$ $1 [L] 
RewriteRule ^(templates/.*\.php)$ $1 [L] 
RewriteRule ^(components|modules|plugins|templates)/.*$ - [F,L] 

## Disallow access to htaccess.txt and configuration.php-dist 
RewriteRule ^(htaccess\.txt|configuration\.php-dist)$ - [F,L] 

## SQLi first line of defense 
## May cause problems on legitimate requests 

RewriteCond %{QUERY_STRING} concat.*\([NC,OR] 
RewriteCond %{QUERY_STRING} union.*select.*\([NC,OR] 
RewriteCond %{QUERY_STRING} union.*all.*select.* [NC] 
RewriteRule ^(.*)$ - [F,L] 

########## End - Advanced server protection 

########## Begin - Basic antispam Filter 
## I removed some common words, tweak to your liking 

RewriteCond %{query_string} \bviagra\b [NC,OR] 
RewriteCond %{query_string} \bambien\b [NC,OR] 
RewriteCond %{query_string} \bblue\spill\b [NC,OR] 
RewriteCond %{query_string} \bcialis\b [NC,OR] 
RewriteCond %{query_string} \bcocaine\b [NC,OR] 
RewriteCond %{query_string} \bejaculation\b [NC,OR] 
RewriteCond %{query_string} \berectile\b [NC,OR] 
RewriteCond %{query_string} \berections\b [NC,OR] 
RewriteCond %{query_string} \bhoodia\b [NC,OR] 
RewriteCond %{query_string} \bhuronriveracres\b [NC,OR] 
RewriteCond %{query_string} \bimpotence\b [NC,OR] 
RewriteCond %{query_string} \blevitra\b [NC,OR] 
RewriteCond %{query_string} \blibido\b [NC,OR] 
RewriteCond %{query_string} \blipitor\b [NC,OR] 
RewriteCond %{query_string} \bphentermin\b [NC,OR] 
RewriteCond %{query_string} \bprosac\b [NC,OR] 
RewriteCond %{query_string} \bsandyauer\b [NC,OR] 
RewriteCond %{query_string} \btramadol\b [NC,OR] 
RewriteCond %{query_string} \btroyhamby\b [NC,OR] 
RewriteCond %{query_string} \bultram\b [NC,OR] 
RewriteCond %{query_string} \bunicauca\b [NC,OR] 
RewriteCond %{query_string} \bvalium\b [NC,OR] 
RewriteCond %{query_string} \bviagra\b [NC,OR] 
RewriteCond %{query_string} \bvicodin\b [NC,OR] 
RewriteCond %{query_string} \bxanax\b [NC,OR] 
RewriteCond %{query_string} \bypxaieo\b [NC] 
RewriteRule ^(.*)$ - [F,L] 

########## End - Basic antispam Filter 

########## Begin - Joomla! core SEF Section 
# 
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] 
RewriteCond %{REQUEST_URI} !^/index.php 
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|\.ini|\.zip|\.json|/[^.]*)$ [NC] 
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule (.*) index.php [L] 
# 
########## End - Joomla! core SEF Section

來源

2012-01-06 12:02:22 user484156

+0

將http://www.xxx.com更新爲http://www.yoursitename。com找不到和替換。 – user484156

+0

這看起來是一個很好的過濾器列表,我建議將它們放在Apache conf文件或vhost文件中,而不是.htaccess中,如果您可以在主機上更改該文件,以便它們存儲在內存中而不會在每次頁面加載時重新檢查 – tristanbailey

1

我不得不與別人侵入我的.htaccess文件中一個嚴重的問題,我唯一的解決辦法是使文件牢不可破的。首先,我清理了.htaccess文件和所有黑客的任何PHP文件。然後我在.htaccess文件上將文件權限更改爲444(644仍允許訪問)。然後,我使用shell訪問我的帳戶,使文件「不可變」,這意味着它不能改變!

當你有你的Linux服務器上您的帳戶shell訪問, 輸入以下命令:#chattr命令+我的.htaccess

現在,即使是那些具有root訪問權限不能改變的文件!

它,你需要撤消此,請輸入:#chattr命令-i的.htaccess

如果你沒有到您的帳戶shell訪問,問你的虛擬主機對進入此爲您做出的文件不變。

對於非Linux帳戶,只需在Google或Bing中爲您的Web服務器類型輸入「使文件不可變」即可。這應該給你你需要的信息。

來源

2013-09-08 16:15:16 Bob

相關問題

 相關問題