Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Sun Dec 26, 2004 8:41 am Reply with quote

We have so many good threads on this, I thought I'd recap Wink Through added contributions by VinDSL and Mds, this is a synopsis. Not that this only applies if you are using Apache as a module and not CGI.

.htaccess only applies to Apache
mod_rewrite must be compiled in Apache
The lines to add at the top of .htaccess are (SOME-OTHER-PAGE needs to be replaced with a real redirect page)
Code:
#Check for Santy Worms and redirect them to a fake page 

#Variant -1
RewriteCond %{HTTP_USER_AGENT} ^LWP             [NC,OR]
#Variant -2
RewriteCond %{REQUEST_URI} ^visualcoders                [NC,OR]
#Variant -3
RewriteCond %{QUERY_STRING} rush=([^&]+)                [NC]
RewriteRule ^.*$ SOME-OTHER-PAGE.php [L]


This assumes that the user-agent does begin with LWP. If yours is different then make the needed adjustments.
 
View user's profile Send private message
sharlein
Member Emeritus


Joined: Nov 19, 2002
Posts: 322
Location: On the Road

PostPosted: Sun Dec 26, 2004 11:05 am Reply with quote

Raven, what does LWP stand for? I am using Firefox, would I enter mozilla for my agent? Thanks, Steve

_________________
Give Me Ambiguity Or Give Me Something Else! 
View user's profile Send private message
Raven
PostPosted: Sun Dec 26, 2004 12:10 pm Reply with quote

No. lwp is the start of many of the user agent's nem, like LWP::Simple and several others. So, ^LWP {NC} means any user agent beginning with LWP. The [NC] makes it case insensitive.
 
sharlein
PostPosted: Sun Dec 26, 2004 12:13 pm Reply with quote

Thank you.
 
64bitguy
The Mouse Is Extension Of Arm


Joined: Mar 06, 2004
Posts: 1159
Location: Sanbornton, NH USA

PostPosted: Sun Dec 26, 2004 12:14 pm Reply with quote

Raven, pardon the brain cramp, (I'm severely hung-over and it looks like my friends have raided the liquor cabinet again as they have started making another batch of "Christmas Punch" so there's not much hope of sobriety today either...

What would you put in place of

RewriteRule ^.*$ SOME-OTHER-PAGE.php [L]

to redirect to an off site URL?

Thanks

_________________
Steph Benoit Only registered users can see links on this board! Get registered or login!
1CMS, 100% Section 508 and W3C XHTML/CSS Compliant (Truly) 
View user's profile Send private message Visit poster's website
Raven
PostPosted: Sun Dec 26, 2004 12:21 pm Reply with quote

PC-Killer, or you could probably just put
RewriteRule ^.*$ [F] which will just give them the standard 403 Forbidden screen.


Last edited by Raven on Sun Dec 26, 2004 6:21 pm; edited 1 time in total 
64bitguy
PostPosted: Sun Dec 26, 2004 12:30 pm Reply with quote

No standard syntax to redirect to a defined off-site URL though?

Thanks!
 
Raven
PostPosted: Sun Dec 26, 2004 12:32 pm Reply with quote

Sure. RewriteRule ^.*$ Only registered users can see links on this board! Get registered or login! [L] although the FBI might not appreciate it Wink
 
sharlein
PostPosted: Sun Dec 26, 2004 12:54 pm Reply with quote

Where can I find my user agent's nem? Completely in the dark here.
 
Raven
PostPosted: Sun Dec 26, 2004 2:13 pm Reply with quote

Not YOUR user-agent, but THEIR user-agent as Sentinel reports it.
 
Savent
Regular
Regular


Joined: Jun 30, 2003
Posts: 81

PostPosted: Sun Dec 26, 2004 2:15 pm Reply with quote

Is the santy worm gone now? I haven't heard anything in the news about it, in like a week.

_________________
Only registered users can see links on this board! Get registered or login! [Online Arcade 340+ Games]
Image 
View user's profile Send private message Send e-mail Visit poster's website
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Sun Dec 26, 2004 2:20 pm Reply with quote

Its a safe bet that there is a rip off of it attacking portals whether they have phpbb installed or not.

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
Himmel
Regular
Regular


Joined: May 08, 2004
Posts: 77

PostPosted: Sun Dec 26, 2004 5:20 pm Reply with quote

Raven wrote:
No. lwp is the start of many of the user agent's nem, like LWP::Simple and several others. So, ^LWP {NC} means any user agent beginning with LWP. The [NC] makes it case insensitive.


Hi Raven..
I put those lines in my .htaccess and it didnt stop
User Agent: LWP::Simple/5.79

Any suggestions?


Thx Wink
 
View user's profile Send private message
Raven
PostPosted: Sun Dec 26, 2004 5:21 pm Reply with quote

Is mod_rewrite installed?
 
Himmel
PostPosted: Sun Dec 26, 2004 5:30 pm Reply with quote

Euh.. i guess not. Is this something that the host should do?
 
PHrEEkie
Subject Matter Expert


Joined: Feb 23, 2004
Posts: 358

PostPosted: Sun Dec 26, 2004 5:33 pm Reply with quote

Himmel wrote:
Euh.. i guess not. Is this something that the host should do?


Seeing as mod_rewrite presents no security concern to the server itself, and instead is a desirable option for any dynamic content site, the answer is a resounding YES, your host should have that enabled...

PHrEEk
 
View user's profile Send private message
Raven
PostPosted: Sun Dec 26, 2004 5:37 pm Reply with quote

Run phpinfo() to verify if it is installed or not.
 
Himmel
PostPosted: Sun Dec 26, 2004 5:47 pm Reply with quote

Raven wrote:
Run phpinfo() to verify if it is installed or not.


Sorry ..but dont know where and how Embarassed
 
Raven
PostPosted: Sun Dec 26, 2004 5:51 pm Reply with quote

<?
phpinfo();
?>

Save that as info.php, ftp it to your web server and run it.
 
Himmel
PostPosted: Sun Dec 26, 2004 6:01 pm Reply with quote

Loaded Modules mod_log_bytes, mod_frontpage, mod_php4, mod_ssl, mod_setenvif, mod_auth, mod_access, mod_rewrite, mod_alias, mod_userdir, mod_actions, mod_imap, mod_asis, mod_cgi, mod_dir, mod_autoindex, mod_include, mod_status, mod_negotiation, mod_mime, mod_log_config, mod_env, http_core

Yep it is...

Maybe i made a mistake in the .htaccess :

#Check for Santy Worms and redirect them to a fake page
#Variant -1
RewriteCond %{HTTP_USER_AGENT} ^LWP [NC,OR]
#Variant -2
RewriteCond %{REQUEST_URI} ^visualcoders [NC,OR]
#Variant -3
RewriteCond %{QUERY_STRING} rush=([^&]+) [NC]
RewriteRule ^.*$ [F} [L]
 
Muffin
Client


Joined: Apr 10, 2004
Posts: 649
Location: UK

PostPosted: Sun Dec 26, 2004 6:02 pm Reply with quote

Raven (and everyone who contributed) thank you so much for the cure, I've not had any pesky emails from Sentinel since I added it to my htaccess file.

_________________
Classic Mini rules the bends & bends the rules!
[img] 
View user's profile Send private message
Raven
PostPosted: Sun Dec 26, 2004 6:11 pm Reply with quote

Himmel,

Where did you get this? It's wrong
Code:
RewriteRule ^.*$ [F} [L]

It should be
Code:
RewriteRule ^.*$ [F]
 
Himmel
PostPosted: Sun Dec 26, 2004 6:17 pm Reply with quote

Raven wrote:
PC-Killer, or you could probably just put
RewriteRule ^.*$ [F} which will just give them the standard 403 Forbidden screen.


Sorry.. used that1

and: RewriteRule ^.*$ SOME-OTHER-PAGE.php [L]

Will make the change now Wink


Last edited by Himmel on Sun Dec 26, 2004 6:23 pm; edited 1 time in total 
Raven
PostPosted: Sun Dec 26, 2004 6:21 pm Reply with quote

Mad - Stupid fingers SORRY!!!
 
Himmel
PostPosted: Sun Dec 26, 2004 6:24 pm Reply with quote

Hehehe.. noproblem .. im the 1 who doesnt understand php Wink
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©