Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Bandwidth Protection and HTACCESS
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
gsicard
Regular
Regular



Joined: May 21, 2003
Posts: 50
Location: Suffolk, VA USA
PostPosted: Fri Mar 05, 2004 2:05 pm Reply with quote
Hi Raven,
I have not bothered your or Chatserv in a while because I am getting the hang of things. However - I now need to tap your God given talents again:

I am having a lot of problems using my htaccess file to secure my site's content and prevent hotlinking to my images. My bandwidth is being stolen and the htaccess protection I had on my other server does not work on this new server.

This is the htaccess file currently on my site and it does not offer the protection I need.
Code:



# -FrontPage-





IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*





<Limit GET POST>


order deny,allow


deny from all


allow from all


</Limit>


<Limit PUT DELETE>


order deny,allow


deny from all


</Limit>


AuthName [ Only registered users can see links on this board! Get registered or login! ]


AuthUserFile /home/virtual/site17/fst/var/www/html/_vti_pvt/service.pwd


AuthGroupFile /home/virtual/site17/fst/var/www/html/_vti_pvt/service.grp


deny from 68.13.130.102


deny from 68.11.74.5


deny from 68.12.236.102


deny from 212.202.171.44


deny from 68.111.216.133


deny from 209.183.15.229


deny from 68.110.81.201


deny from 216.39.49.90


deny from 68.10.43.53


deny from 64.140.49.68


deny from 209.34.33.120


deny from 217.208.109.126


This is the htaccess file that I used before and NEED to use again. This file however tells me that I am not authorized to access modules.php on my site.
Code:



# -FrontPage-





IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*





<Limit GET POST>


order deny,allow


deny from all


allow from all


</Limit>


<Limit PUT DELETE>


order deny,allow


deny from all


</Limit>


AuthName [ Only registered users can see links on this board! Get registered or login! ]


AuthUserFile /home/virtual/site17/fst/var/www/html/_vti_pvt/service.pwd


AuthGroupFile /home/virtual/site17/fst/var/www/html/_vti_pvt/service.grp





RewriteEngine on


RewriteCond %{HTTP_REFERER} !^http://www.molosserdogs.com/.*$      [NC]


RewriteCond %{HTTP_REFERER} !^http://www.molosserdogs.com/.*$      [NC]


RewriteCond %{HTTP_REFERER} !^http://molosserdogs.com/.*$      [NC]


RewriteCond %{HTTP_REFERER} !^http://molosserdogs.com/.*$      [NC]


RewriteCond %{HTTP_REFERER} !^http://www.molosser.org/.*$      [NC]


RewriteCond %{HTTP_REFERER} !^http://molosser.org/.*$      [NC]


RewriteCond %{HTTP_REFERER} !^http://www.sicard.net/.*$      [NC]


RewriteCond %{HTTP_REFERER} !^http://sicard.net/.*$      [NC]


RewriteCond %{HTTP_REFERER} !^http://www.caucasian.org/.*$      [NC]


RewriteCond %{HTTP_REFERER} !^http://caucasian.org/.*$      [NC]





RewriteCond %{HTTP_USER_AGENT} ^DISCo\Pump.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^Drip.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^EirGrabber.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^FlashGet.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^GetRight.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^Gets.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^Grafula.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^IBrowse.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^InterGET.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^Internet\Ninja.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^JetCar.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^JustView.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^MIDown\tool.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^Mister\PiX.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^NearSite.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^NetSpider.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^Offline\Explorer.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^PageGrabber.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^Papa\Foto.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^Pockey.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^ReGet.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^Slurp.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^SpaceBison.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^Teleport.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^WebAuto.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^WebCopier.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^WebFetch.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^WebReaper.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^WebSauger.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^WebStripper.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^WebWhacker.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^WebZIP.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^Web\Image\Collector.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^Web\Sucker.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^Webster.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^Wget.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^eCatch.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^ia_archiver.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^lftp.* [OR]


RewriteCond %{HTTP_USER_AGENT} ^tAkeOut.* [OR]





RewriteRule .*\.(mov|avi|mpg|gif|png|mpeg|zip|jpg)$ 


http://www.molosserdogs.com/modules.php?name=Content&pa=showpage&pid=60 


[R,NC]


I need to know what to do to make this file work. The mod rewrite tester
is here: [ Only registered users can see links on this board! Get registered or login! ]

Could it be the RewriteEngine on command

Gaylen - Chat - if you need ftp access let me know in a PM or email [ Only registered users can see links on this board! Get registered or login! ]. Paypal will, as usual, smile on you!

Any ideas.

Best regards,

Gary
 
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger MSN Messenger
gsicard
PostPosted: Fri Mar 05, 2004 2:10 pm Reply with quote
Addendum: I emailed the host and ask them to check ModRewrite. If they write back that it's fixed - I'll try again. Please standby.
 
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088
PostPosted: Fri Mar 05, 2004 3:27 pm Reply with quote
My suspicion would be that the script is ending before reaching the rules you want. Try moving
Code:
RewriteRule .*\.(mov|avi|mpg|gif|png|mpeg|zip|jpg)$ 


http://www.molosserdogs.com/modules.php?name=Content&pa=showpage&pid=60 


[R,NC]


right after the rewriteengine on statement.
 
View user's profile Send private message
gsicard
PostPosted: Fri Mar 05, 2004 8:04 pm Reply with quote
Hi Raven,
If we get to the Rule before the Cond - wouldn't that negate the parameters of the condition. In other words Anything after the Rule would be ignored - I think..
 
Raven
PostPosted: Fri Mar 05, 2004 9:10 pm Reply with quote
I was speaking in principle; meaning that rule is never getting called. Here is what I use
Code:
RewriteEngine on


RewriteCond %{HTTP_REFERER} ^$ [OR]


RewriteCond %{HTTP_REFERER} !^http://(.*)ravenphpscripts\.com/.*$ [NC]


RewriteRule .*\.([mpg|mpeg|zip|tar|exe|avi|mov|gif|jp
This assures me that unless you're coming from my site, you don't get these files.
 
outlaw
Hangin' Around



Joined: Mar 21, 2004
Posts: 29
Location: Maine
PostPosted: Mon Apr 26, 2004 10:41 am Reply with quote
hey Raven,

in that code, how do i make it so that my domain can access my files.

the .htaccess file would be in my root directory (eastcoastgamers.com), and my site is a subdomain (eastcoastgamers.com/tac)
 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Raven
PostPosted: Mon Apr 26, 2004 12:05 pm Reply with quote
Replace ravenphpscripts with your domain.
 
outlaw
PostPosted: Mon Apr 26, 2004 12:09 pm Reply with quote
yeah, i did that. i put in eastcoastgamers. but my site is at eastcoastgamers.com/tac. i think that is my problem.

i used your code with eastcoastgamers put in, but then i couldn't access my downloads from my site.
 
Raven
PostPosted: Mon Apr 26, 2004 12:12 pm Reply with quote
Strange. That code should work. Try this
!^http://(.*)eastcoastgamers\.com/(.*)$
 
outlaw
PostPosted: Mon Apr 26, 2004 12:19 pm Reply with quote
nope, still no access. here is the code that i am using:

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} !^http://(.*)eastcoastgamers\.com/(.*)$ [NC]
RewriteRule .*\.([mpg|mpeg|zip|tar|exe|avi|mov|gif|jpg])$ [NC]
 
outlaw
PostPosted: Mon Apr 26, 2004 12:26 pm Reply with quote
so this is how my site is setup.

i have root directory which is eastcoastgamers.com. then my nuke site is in /tac which is a directory within my root. i'm putting the .htaccess file in my downloads folder which is in my root directory.

so the tru target to my downloads is: eastcoastgamers.com/downloads
target to my nuke site: eastcoastgamers.com/tac
 
Raven
PostPosted: Mon Apr 26, 2004 12:28 pm Reply with quote
Have you tried !^http://(.*)eastcoastgamers\.com/tac/(.*)$
 
outlaw
PostPosted: Mon Apr 26, 2004 12:37 pm Reply with quote
here is the latest code that didn't work:

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?eastcoastgamers\.com/tac/(.*)$ [NC]
RewriteRule .*\.([mpg|mpeg|zip|tar|exe|avi|mov|gif|jpg])$ [NC]
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©