need help with .htaccess

djoe · Post by **djoe** » Tue Nov 10, 2009 5:11 am

Hey all,

Recently there have been hacking attempts to break our server and one of the attacks is using the query string phpbb_root_path

How can I prevent this using htaccess? From google I found this

Code: Select all

RewriteCond %{QUERY_STRING} ^.*(phpbb_root_path=|album_root_path=|module_root_path=|mx_root_path=|upi2db_file_path=|option=).*$

What does that code actually do? Because when I type a url with the phpbb_root_path query string and press enter, it will show the index.php AND the url is still there with the phpbb_root_path. Theoritically, the browser url should show index.php only rite?

thanks for any response

dynamicnet · Post by **dynamicnet** » Tue Nov 10, 2009 2:07 pm

Greetings:

First off, I would try to find the article that contained the code as the article may have a complete or otherwise better explanation.

The "|" symbol means "or" so basically the code is checking for **any** of the following conditions being true:

Code: Select all

phpbb_root_path=
album_root_path=
module_root_path=
mx_root_path=
upi2db_file_path=
option=

As part of the {QUERY_STRING}.

Now, whether this offers any protection or of what kind, I don't know... what's where finding the article that contained the suggestion to use the code would be more helpful.

Thank you.

djoe · Post by **djoe** » Tue Nov 10, 2009 10:39 pm

Recently in the jstats table, we found several attempts to access our server like this

http://www.mysite.com/index.php?phpbb_r ... s/test.txt

We believed it's a hacking attempt. So we decided to strengthen our htaccess policy to not allow URL injection like that and we found this

http://www.icyphoenix.com/viewtopic.php?t=213

However we feel no difference after we applied the code.

dynamicnet · Post by **dynamicnet** » Wed Nov 11, 2009 12:09 am

Greetings:

http://www.icyphoenix.com/viewtopic.php?t=213 appears to be specifically for their CMS based on phpBB; and that's a different animal (so to write) than Joomla.

I would recommend installing mod_security, disabling insecure PHP functions as well as turning off fopen_url.

Thank you.

djoe · Post by **djoe** » Wed Nov 11, 2009 12:31 am

Thanks for the suggestions

I understand that they are different but because our site is attacked in a similar way, so we just want to strengthen our htaccess and would like to ask advice on how to do it properly (against similar type of attack, including but not limited to phpbb_root_path) and whether it's necessary.

We don't even have phpbb on our site

dynamicnet · Post by **dynamicnet** » Wed Nov 11, 2009 3:58 am

Greetings:

I gave my advice when I stated, "I would recommend installing mod_security, disabling insecure PHP functions as well as turning off fopen_url."

Thank you.

djoe · Post by **djoe** » Wed Nov 11, 2009 5:42 am

Then I say thank you again as I also agree that your advice is useful and opened my eyes on something i didn't notice before

I'm just still curious if there's anyone else using htaccess to secure their site. I know there are lots of other useful way like what dynamicnet suggest. However is there anything htaccess specific?

PS. I also already read the one that is stickied in this forum.

Thanks again

The Joomla! Forum™

need help with .htaccess

need help with .htaccess

Re: need help with .htaccess

Re: need help with .htaccess

Re: need help with .htaccess

Re: need help with .htaccess

Re: need help with .htaccess

Re: need help with .htaccess