GoFuckYourself.com - Adult Webmaster Forum - View Single Post

jimmycastor · 04-14-2014, 01:23 AM

putting stuff like this in your .htaccess helps too
(my not be the best solution but it helps)

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

<Files ~ "^\.ht"> Order allow,deny Deny from all </Files>
<Files xmlrpc.php>
Order Deny,Allow
Deny from all
Allow from PUT YOUR DESIRED IP HERE

</Files>
<Files wp-signup.php>
Order Deny,Allow
Deny from all
Allow from PUT YOUR DESIRED IP HERE
</Files>
<Files wp-login.php>
AuthUserFile /var/www/html/.htpasswd
AuthName "Private access"
AuthType Basic
require user PUTYOURUSERNAMEHERE
</Files>
# 5G:[QUERY STRINGS]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (\"|%22).*(<|>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (javascript

.*(\;) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (\\|\.\./|`|=\'$|=%27$) [NC,OR]
RewriteCond %{QUERY_STRING} (\;|\'|\"|%22).*(union|select|insert|drop|update|m d5|benchmark|or|and|if) [NC,OR]
RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
RewriteRule .* - [F]
</IfModule>
# 5G:[USER AGENTS]
<IfModule mod_setenvif.c>
# SetEnvIfNoCase User-Agent ^$ keep_out
SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|fe edfinder|flicky|ia_archiver|jakarta|kmccrew|nutch| planetwork|purebot|pycurl|skygrid|sucker|turnit|vi kspider|zmeu) keep_out
<limit GET POST PUT>
Order Allow,Deny
Allow from all
Deny from env=keep_out
</limit>
</IfModule>

04-14-2014, 01:23 AM
jimmycastor So Fucking Banned Join Date: Jul 2006 Posts: 342	putting stuff like this in your .htaccess helps too (my not be the best solution but it helps) Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} (\<\|%3C).script.(\>\|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=\|\[\|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=\|\[\|\%[0-9A-Z]{0,2}) RewriteRule ^(.)$ index.php [F,L] <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> <Files xmlrpc.php> Order Deny,Allow Deny from all Allow from PUT YOUR DESIRED IP HERE </Files> <Files wp-signup.php> Order Deny,Allow Deny from all Allow from PUT YOUR DESIRED IP HERE </Files> <Files wp-login.php> AuthUserFile /var/www/html/.htpasswd AuthName "Private access" AuthType Basic require user PUTYOURUSERNAMEHERE </Files> # 5G:[QUERY STRINGS] <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{QUERY_STRING} (\"\|%22).(<\|>\|%3) [NC,OR] RewriteCond %{QUERY_STRING} (javascript.(\;) [NC,OR] RewriteCond %{QUERY_STRING} (<\|%3C).script.(>\|%3) [NC,OR] RewriteCond %{QUERY_STRING} (\\\|\.\./\|`\|=\'$\|=%27$) [NC,OR] RewriteCond %{QUERY_STRING} (\;\|\'\|\"\|%22).(union\|select\|insert\|drop\|update\|m d5\|benchmark\|or\|and\|if) [NC,OR] RewriteCond %{QUERY_STRING} (base64_encode\|localhost\|mosconfig) [NC,OR] RewriteCond %{QUERY_STRING} (boot\.ini\|echo.kae\|etc/passwd) [NC,OR] RewriteCond %{QUERY_STRING} (GLOBALS\|REQUEST)(=\|\[\|%) [NC] RewriteRule . - [F] </IfModule> # 5G:[USER AGENTS] <IfModule mod_setenvif.c> # SetEnvIfNoCase User-Agent ^$ keep_out SetEnvIfNoCase User-Agent (binlar\|casper\|cmsworldmap\|comodo\|diavol\|dotbot\|fe edfinder\|flicky\|ia_archiver\|jakarta\|kmccrew\|nutch\| planetwork\|purebot\|pycurl\|skygrid\|sucker\|turnit\|vi kspider\|zmeu) keep_out <limit GET POST PUT> Order Allow,Deny Allow from all Deny from env=keep_out </limit> </IfModule>