1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 4:14 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

mod rewrite to make requests for ?act= return 404?

mod_rewrite queries to 404?

         

IchBinGlitched

1:05 am on Jul 22, 2010 (gmt 0)

10+ Year Member



Hello.

My mom's company has a tiny little website that is basically 7 paragraphs in Drupal.

this website was compromised by a weak plugin and had the c99modshell script installed.

after noticing what the problem was everything was reinstalled and updated, permissions were corrected, passwords were changed, php had Safe Mode activated (that was the search query that led the hacker to the site in the first place), etc.

my mom's site should be fairly safe from that type of attack now, but google has thousands upon thousands of links to her site that all start with "?act=" and i'd like to get requests for that string redirected as 404 so google will remove them from the index.

the site doesn't need ?act= in any way, but it DOES need ?q

everything that i've tried in mod_rewrite has either failed back to the main page (apparently drupal takes a string and works with it from right to left until it fits something that fits... which in this case is the index.php file.)

i've tried to keep google from indexing the files by adding the following to the robots.txt file but time will tell on that one:
Disallow: *act=

i've tried several variations on mod_rewrite things i've read here but they either cause a 500 error or don't appear to do anything.

I was hoping that somebody could help me either make the rule myself or by specifically writing the rule yourself to make those "?act=" queries die so google will stop crawling for them (she had under 2,000 page hits from the hackers themselves over a 2 week period but has 18,000 page hits from googlebot since then...)

I've tried things like these but none of them worked: 


conds (not at the same time)
rewriteCond %{query_string} ^act=(.*)$ 
RewriteCond %{QUERY_STRING} ^act=*
RewriteCond %{QUERY_STRING} &?act=

and rules (these were all linked with the above conds)
RewriteRule ^ - [R=404,L]

RewriteRule ^?act= /fakeurl.html

RewriteRule /index.php?act=(.*) /fakeurl.php$1

RewriteRule ^?act=(.*)$ http://herdomain.com/fakedirectory/$1 [L,QSA]

RewriteRule ^ /fakefile.php [L]


when i make changes in there it either creates a 500 error for bad grammar or it doesn't appear to do anything. I've read in other threads here that the location of this rewrite rule matters so i'm also attaching the .htaccess file in hopes the placement can be properly identified.

many thanks in advance for any and all who might be able to help. I wish I was more skilled with mod_rewrite so I could help my mom out of this puzzle myself. 

#
# Apache/PHP/Drupal settings:
#

# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format)$">
 Order allow,deny
</FilesMatch>

# Don't show directory listings for URLs which map to a directory.
Options -Indexes

# Follow symbolic links in this directory.
Options +FollowSymLinks

# Make Drupal handle any 404 errors.
ErrorDocument 404 /index.php

# Force simple error message for requests for non-existent favicon.ico.
<Files favicon.ico>
 # There is no end quote below, for compatibility with Apache 1.3.
 ErrorDocument 404 "The requested file favicon.ico was not found.
</Files>

# Set the default handler.
DirectoryIndex index.php

# Override PHP settings. More in sites/default/settings.php
# but the following cannot be changed at runtime.

# PHP 4, Apache 1.
<IfModule mod_php4.c>
 php_value magic_quotes_gpc  0
 php_value register_globals  0
 php_value session.auto_start  0
 php_value mbstring.http_input  pass
 php_value mbstring.http_output  pass
 php_value mbstring.encoding_translation 0
</IfModule>

# PHP 4, Apache 2.
<IfModule sapi_apache2.c>
 php_value magic_quotes_gpc  0
 php_value register_globals  0
 php_value session.auto_start  0
 php_value mbstring.http_input  pass
 php_value mbstring.http_output  pass
 php_value mbstring.encoding_translation 0
</IfModule>

# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
 php_value magic_quotes_gpc  0
 php_value register_globals  0
 php_value session.auto_start  0
 php_value mbstring.http_input  pass
 php_value mbstring.http_output  pass
 php_value mbstring.encoding_translation 0
</IfModule>

# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
 # Enable expirations.
 ExpiresActive On

 # Cache all files for 2 weeks after access (A).
 ExpiresDefault A1209600

 <FilesMatch \.php$>
 # Do not allow PHP scripts to be cached unless they explicitly send cache
 # headers themselves. Otherwise all scripts would have to overwrite the
 # headers set by mod_expires if they want another caching behavior. This may
 # fail if an error occurs early in the bootstrap process, and it may cause
 # problems if a non-Drupal PHP file is installed in a subdirectory.
 ExpiresActive Off
 </FilesMatch>
</IfModule>

# Various rewrite rules.
<IfModule mod_rewrite.c>
 RewriteEngine on

 # If your site can be accessed both with and without the 'www.' prefix, you
 # can use one of the following settings to redirect users to your preferred
 # URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
 #
 # To redirect all users to access the site WITH the 'www.' prefix,
 # (http://example.com/... will be redirected to http://www.example.com/...)
 # adapt and uncomment the following:
 # RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
 # RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
 #
 # To redirect all users to access the site WITHOUT the 'www.' prefix,
 # (http://www.example.com/... will be redirected to http://example.com/...)
 # uncomment and adapt the following:
 # RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
 # RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]

 # Modify the RewriteBase if you are using Drupal in a subdirectory or in a
 # VirtualDocumentRoot and the rewrite rules are not working properly.
 # For example if your site is at http://example.com/drupal uncomment and
 # modify the following line:
 # RewriteBase /drupal
 #
 # If your site is running in a VirtualDocumentRoot at http://example.com/,
 # uncomment the following line:
 # RewriteBase /

 # Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteCond %{REQUEST_URI} !=/favicon.ico
 RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
</IfModule>

# $Id: .htaccess,v 1.90.2.5 2010/02/02 07:25:22 dries Exp $

g1smd

5:57 am on Jul 22, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Looks like the bog standard Drupal code is as badly written as the standard Wordpress code is. Yuk.

Your first and third RewriteConds have correct syntax. None of the RewriteRules has correct syntax.

In particular RewriteRule cannot see the query string. That's why you need the separate RewriteCond.

In conjunction with the right RewriteCond, the code 
RewriteRule ^(index\.php)?$ - [F]
should nail it, as long as this stuff is at the beginning of the .htaccess file ahead of the specific Drupal code.

IchBinGlitched

2:29 pm on Jul 22, 2010 (gmt 0)

10+ Year Member



I was hoping the fix would be something simple like that.

thank you very much. I replaced the [F] with [G] (i didn't know about either of those flags) because the people i talked to on the google webmaster tools site said that the query should return 404 or 410 for google to de-index them. I'm not sure if 403 is treated the same way.

again, thank you very much. that was the final thing that needed to be done before I could be satisfied that the "hack" had been properly dealt with.

g1smd

7:24 pm on Jul 22, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Yes! I meant to post [G] so you get a 410.

Yes, [F] gives the 403. It's a typo I have made before; once on a live site. Ooops.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 4:14 am May 2, 2026