Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Not a member yet? Click here to register.
Forgot Password?
  1. Home
  2. Discussion Forum
  3. The Chill Out Zone
  4. General Discussion
  5. Protect your website from webshells

Protect your website from webshells

Asked Modified Viewed 5,141 times
Back to Forum Index Previous Topic Next Topic
Print
Z
Zilvinas
Z
Zilvinas 10
  • Junior Member, joined since
  • Contributed 19 posts on the community forums.
  • Started 2 threads in the forums
  • Started this discussions
asked
Junior Member

Use this tutorial if you want to protect your website and stop webshells getting uploaded to your site. Hacker with webshell in your website, can view your config.php, delete files, run server commands, download your mysql DB etc.

.htaccess

Step 1
Create a .htaccess file with content below and put it in your php-fusion root directory.
Code Download source
RewriteCond %{QUERY_STRING} mosConfig_[0-9a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteCond %{QUERY_STRING} [0-9,a-z,A-Z].SELECT.[0-9,a-z,A-Z]
RewriteCond %{QUERY_STRING} [0-9,a-z,A-Z].FROM.[0-9,a-z,A-Z]
RewriteCond %{QUERY_STRING} [0-9,a-z,A-Z].WHERE.[0-9,a-z,A-Z]
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files .php>
order allow,deny
deny from all
</Files>
<Files .js>
order allow,deny
deny from all
</Files>
<Files .css>
order allow,deny
deny from all
</Files>


---------------------
Step 2

Now create another .htaccess file with content below. Put this .htaccess file in images/avatars directory:

Code Download source
AddHandler server-parsed .php
SetHandler image/gif
AddHandler image/gif .php
order deny,allow
Deny from All
<FilesMatch "\.(gif|jpe?g|png)$">
Allow from All
</FilesMatch>


Step 3

Create a .htaccess file with content below and put it in these directories:

* administration/db_backups/
* images/
* images/articles/
* images/news/
* images/news_cats/
* images/photoalbum/
* images/photoalbum/submissions/
* forum/attachments/
Code Download source

AddHandler server-parsed .php
SetHandler image/gif
AddHandler image/gif .php


Please make sure that your server/hosting supports .htaccess files.
Also in all directories that you put our .htaccess file (except in the root directory) rename index.php to index.html. Now, try to put .php file into one of those directories and try to execute it! The .php file will not be executed! It should only let you to download it:

www.hpc.lt/paveiksleliai/execute.gif


I hope it will help you to protect your web from webshells.
Zilvinas (zilvinas @ hpc .lt)
By HPC.LT
Edited by Zilvinas on 13-01-2007 16:35,
0 replies

4 posts

M
Matonor
M
Impossible things are there to be made possible
  • Veteran Member, joined since
  • Contributed 1,022 posts on the community forums.
  • Started 3 threads in the forums
answered
Veteran Member

This is actually a simple but really effective idea.
Great!
0 replies
A
agl
A
agl 10
  • Junior Member, joined since
  • Contributed 17 posts on the community forums.
  • Started 2 threads in the forums
answered
Junior Member

thanks. gotta try it. btw a question. should i delete my previous .htaccess or append your code to it?
my previous one:
Code Download source
# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName www.hentai-enishi.com
AuthUserFile /home/hentai/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/hentai/public_html/_vti_pvt/service.grp
0 replies
Z
Zilvinas
Z
Zilvinas 10
  • Junior Member, joined since
  • Contributed 19 posts on the community forums.
  • Started 2 threads in the forums
  • Started this discussions
answered
Junior Member

Quote

agl wrote:
thanks. gotta try it. btw a question. should i delete my previous .htaccess or append your code to it?
my previous one:
Code Download source
# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName www.hentai-enishi.com
AuthUserFile /home/hentai/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/hentai/public_html/_vti_pvt/service.grp


Sorry for late reply, that should work:
Code Download source
# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName www.hentai-enishi.com
AuthUserFile /home/hentai/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/hentai/public_html/_vti_pvt/service.grp

RewriteCond %{QUERY_STRING} mosConfig_[0-9a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteCond %{QUERY_STRING} [0-9,a-z,A-Z].SELECT.[0-9,a-z,A-Z]
RewriteCond %{QUERY_STRING} [0-9,a-z,A-Z].FROM.[0-9,a-z,A-Z]
RewriteCond %{QUERY_STRING} [0-9,a-z,A-Z].WHERE.[0-9,a-z,A-Z]
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files .php>
order allow,deny
deny from all
</Files>
<Files .js>
order allow,deny
deny from all
</Files>
<Files .css>
order allow,deny
deny from all
</Files>
0 replies
A
agl
A
agl 10
  • Junior Member, joined since
  • Contributed 17 posts on the community forums.
  • Started 2 threads in the forums
answered
Junior Member

thanks and np. i did the same thing and added it after the current content of the .htaccess file :)
0 replies

Category Forum

General Discussion

Labels

None yet

Statistics

  • Views 0 views
  • Posts 4 posts
  • Votes 0 votes
  • Topic users 3 members

3 participants

M
M
Impossible things are there to be made possible
  • Veteran Member, joined since
  • Contributed 1,022 posts on the community forums.
  • Started 3 threads in the forums
Z
Z
Zilvinas 10
  • Junior Member, joined since
  • Contributed 19 posts on the community forums.
  • Started 2 threads in the forums
  • Started this discussions
A
A
agl 10
  • Junior Member, joined since
  • Contributed 17 posts on the community forums.
  • Started 2 threads in the forums

Notifications

Track thread

You are not receiving notifications from this thread.

Related Questions

Not yet