Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
mrix
Client


Joined: Dec 04, 2004
Posts: 757

PostPosted: Tue Apr 26, 2005 4:44 am Reply with quote

Hello all, I have installed the Next Gen Google Tap and have uploaded the .htaccess file but I also have nuke sentinal installed which as most of you know needs this added to the .htaccess file

Options All -Indexes
DirectoryIndex index.php index.htm index.html

# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .staccess>
deny from all
</Files>

<Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted"
AuthType Basic
AuthUserFile /home/kingkoss/public_html/.staccess
</Files>

# -------------------------------------------
# Start of NukeSentinel(tm) DENY FROM area
# -------------------------------------------

thing is how do I go about adding this code to the next gen .htaccess, I have tried just adding it to the top of the next gen file but doesnt work.
thanks for any help
mrix
 
View user's profile Send private message Visit poster's website
64bitguy
The Mouse Is Extension Of Arm


Joined: Mar 06, 2004
Posts: 1159
Location: Sanbornton, NH USA

PostPosted: Tue Apr 26, 2005 7:45 am Reply with quote

That should be applied at the top of your .htaccess file; however, I don't have the first two lines at all in my .htaccess.

I would try it without the first two lines of:
Code:


Options All -Indexes
DirectoryIndex index.php index.htm index.html


Hope this helps.
Steph

_________________
Steph Benoit Only registered users can see links on this board! Get registered or login!
1CMS, 100% Section 508 and W3C XHTML/CSS Compliant (Truly) 
View user's profile Send private message Visit poster's website
mrix
PostPosted: Tue Apr 26, 2005 9:37 am Reply with quote

Thanks for the help I added that piece of code to the top of the file without the text you mentioned but unfortunately now I cant seem to log in when I put user and pass the box keeps popping up to add the user / pass again.
Cheers
mrix
 
64bitguy
PostPosted: Tue Apr 26, 2005 10:06 am Reply with quote

Mine looks like this:

Code:
<FilesMatch "\.(inc|tpl|h|ihtml|sql|ini|conf|class|bin|spd|theme|module)$">

</FilesMatch>
<Limit GET PUT POST>
  Order Allow,Deny
  Allow from all
</Limit>
<Files /home/.htpasswds/.staccess>
  deny from all
</Files>
<Files admin.php>
   <Limit GET POST PUT>
      require valid-user
   </Limit>
   AuthName "Restricted"
   AuthType Basic
   AuthUserFile /home/.htpasswds/.staccess
</Files>
RewriteEngine on
Rewritebase /


Then all of the adbot rules ending with:
Code:
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE                [OR]

RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider       [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xenu's                  [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.*$ http://127.0.0.1 [L]


Followed by some security measures:
Code:
RewriteCond %{HTTP_USER_AGENT} ^LWP                   [NC,OR]

RewriteCond %{REQUEST_URI} ^visualcoders              [NC,OR]
RewriteCond %{QUERY_STRING} rush=([^&]+)              [NC,OR]
RewriteCond %{REQUEST_URI} ^envidiosos                [NC,OR]
RewriteCond %{REQUEST_URI} ^civa                      [NC]
#variant-6 redirect all inner http:// request
RewriteCond %{QUERY_STRING} ^(.*)http://(.*)            [NC,OR]
#variant-7 redirect all inner http request regardless if encoded
RewriteCond %{QUERY_STRING} ^(.*)http%3A%2F%2F(.*)      [NC]
RewriteRule ^.*$ http://127.0.0.1 [R,L]

#Check for AWStats exploits and redirect them to a phantom site
RewriteCond %{QUERY_STRING} ^(.*)configdir(.*)          [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)highlight=\%2527 [OR]
RewriteCond %{QUERY_STRING} ^(.*)rush=\%65\%63\%68 [OR]
RewriteCond %{QUERY_STRING} ^(.*)rush=echo [OR]
RewriteCond %{QUERY_STRING} ^(.*)wget\%20
RewriteRule ^.*$ http://127.0.0.1 [L]


Followed by all of my GT-NextGen Rules starting with:
Code:
RewriteRule ^index.html index.php [L]


Followed by all of my NukeSentinel IP Bans like
Code:
deny from 66.152.98.127


Hope this helps!

P.S... As a heads-up, don't forget to change all of the properties in your main title bar (header) menu. They still point to php pages.

I think I even had to recode my login block, but it's been so long, I honestly can't remember.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©