Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
gsicard
Regular
Regular


Joined: May 21, 2003
Posts: 50
Location: Suffolk, VA USA

PostPosted: Fri Mar 05, 2004 2:05 pm Reply with quote

Hi Raven,
I have not bothered your or Chatserv in a while because I am getting the hang of things. However - I now need to tap your God given talents again:

I am having a lot of problems using my htaccess file to secure my site's content and prevent hotlinking to my images. My bandwidth is being stolen and the htaccess protection I had on my other server does not work on this new server.

This is the htaccess file currently on my site and it does not offer the protection I need.
Code:


# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName Only registered users can see links on this board! Get registered or login!
AuthUserFile /home/virtual/site17/fst/var/www/html/_vti_pvt/service.pwd
AuthGroupFile /home/virtual/site17/fst/var/www/html/_vti_pvt/service.grp
deny from 68.13.130.102
deny from 68.11.74.5
deny from 68.12.236.102
deny from 212.202.171.44
deny from 68.111.216.133
deny from 209.183.15.229
deny from 68.110.81.201
deny from 216.39.49.90
deny from 68.10.43.53
deny from 64.140.49.68
deny from 209.34.33.120
deny from 217.208.109.126


This is the htaccess file that I used before and NEED to use again. This file however tells me that I am not authorized to access modules.php on my site.
Code:


# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName Only registered users can see links on this board! Get registered or login!
AuthUserFile /home/virtual/site17/fst/var/www/html/_vti_pvt/service.pwd
AuthGroupFile /home/virtual/site17/fst/var/www/html/_vti_pvt/service.grp

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.molosserdogs.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.molosserdogs.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://molosserdogs.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://molosserdogs.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.molosser.org/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://molosser.org/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.sicard.net/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://sicard.net/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.caucasian.org/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://caucasian.org/.*$      [NC]

RewriteCond %{HTTP_USER_AGENT} ^DISCo\Pump.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Drip.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Gets.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^IBrowse.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\Ninja.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^JustView.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\tool.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\PiX.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\Explorer.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\Foto.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Pockey.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Slurp.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^SpaceBison.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\Image\Collector.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\Sucker.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Webster.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^ia_archiver.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^lftp.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut.* [OR]

RewriteRule .*\.(mov|avi|mpg|gif|png|mpeg|zip|jpg)$
http://www.molosserdogs.com/modules.php?name=Content&pa=showpage&pid=60
[R,NC]


I need to know what to do to make this file work. The mod rewrite tester
is here: Only registered users can see links on this board! Get registered or login!

Could it be the RewriteEngine on command

Gaylen - Chat - if you need ftp access let me know in a PM or email Only registered users can see links on this board! Get registered or login!. Paypal will, as usual, smile on you!

Any ideas.

Best regards,

Gary
 
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger MSN Messenger
gsicard
PostPosted: Fri Mar 05, 2004 2:10 pm Reply with quote

Addendum: I emailed the host and ask them to check ModRewrite. If they write back that it's fixed - I'll try again. Please standby.
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Fri Mar 05, 2004 3:27 pm Reply with quote

My suspicion would be that the script is ending before reaching the rules you want. Try moving
Code:
RewriteRule .*\.(mov|avi|mpg|gif|png|mpeg|zip|jpg)$ 

http://www.molosserdogs.com/modules.php?name=Content&pa=showpage&pid=60
[R,NC]


right after the rewriteengine on statement.
 
View user's profile Send private message
gsicard
PostPosted: Fri Mar 05, 2004 8:04 pm Reply with quote

Hi Raven,
If we get to the Rule before the Cond - wouldn't that negate the parameters of the condition. In other words Anything after the Rule would be ignored - I think..
 
Raven
PostPosted: Fri Mar 05, 2004 9:10 pm Reply with quote

I was speaking in principle; meaning that rule is never getting called. Here is what I use
Code:
RewriteEngine on

RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} !^http://(.*)ravenphpscripts\.com/.*$ [NC]
RewriteRule .*\.([mpg|mpeg|zip|tar|exe|avi|mov|gif|jp
This assures me that unless you're coming from my site, you don't get these files.
 
outlaw
Hangin' Around


Joined: Mar 21, 2004
Posts: 29
Location: Maine

PostPosted: Mon Apr 26, 2004 10:41 am Reply with quote

hey Raven,

in that code, how do i make it so that my domain can access my files.

the .htaccess file would be in my root directory (eastcoastgamers.com), and my site is a subdomain (eastcoastgamers.com/tac)
 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Raven
PostPosted: Mon Apr 26, 2004 12:05 pm Reply with quote

Replace ravenphpscripts with your domain.
 
outlaw
PostPosted: Mon Apr 26, 2004 12:09 pm Reply with quote

yeah, i did that. i put in eastcoastgamers. but my site is at eastcoastgamers.com/tac. i think that is my problem.

i used your code with eastcoastgamers put in, but then i couldn't access my downloads from my site.
 
Raven
PostPosted: Mon Apr 26, 2004 12:12 pm Reply with quote

Strange. That code should work. Try this
!^http://(.*)eastcoastgamers\.com/(.*)$
 
outlaw
PostPosted: Mon Apr 26, 2004 12:19 pm Reply with quote

nope, still no access. here is the code that i am using:

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} !^http://(.*)eastcoastgamers\.com/(.*)$ [NC]
RewriteRule .*\.([mpg|mpeg|zip|tar|exe|avi|mov|gif|jpg])$ [NC]
 
outlaw
PostPosted: Mon Apr 26, 2004 12:26 pm Reply with quote

so this is how my site is setup.

i have root directory which is eastcoastgamers.com. then my nuke site is in /tac which is a directory within my root. i'm putting the .htaccess file in my downloads folder which is in my root directory.

so the tru target to my downloads is: eastcoastgamers.com/downloads
target to my nuke site: eastcoastgamers.com/tac
 
Raven
PostPosted: Mon Apr 26, 2004 12:28 pm Reply with quote

Have you tried !^http://(.*)eastcoastgamers\.com/tac/(.*)$
 
outlaw
PostPosted: Mon Apr 26, 2004 12:37 pm Reply with quote

here is the latest code that didn't work:

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?eastcoastgamers\.com/tac/(.*)$ [NC]
RewriteRule .*\.([mpg|mpeg|zip|tar|exe|avi|mov|gif|jpg])$ [NC]
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©