It seems that hackers uploads or place scripts on many sites. I wonder, if anyone has been succesful by adding protection in htaccess, so that some scripts can't be executed by hackers even, if they succeed in uploading them.
I have found this for .htaccess by googling:
AddType text/plain .pl .cgi .php .sh
http://codex.wordpress.org/htaccess_for_subdirectories
Could something like this be useful?
Stop executions of scripts in .htaccess
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
- Slackervaara
- Joomla! Ace
- Posts: 1115
- Joined: Sat Aug 13, 2011 6:27 am
Stop executions of scripts in .htaccess
Last edited by Slackervaara on Tue Jul 02, 2013 5:56 pm, edited 1 time in total.
- brian
- Joomla! Master
- Posts: 12787
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: Stop executions of scripts in .htacess
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Stop executions of scripts in .htacess
there is a relevant section within http://docs.joomla.org/Security_Checkli ... ermissions
that also covers it. I understood you had read this document thoroughly and recommend it
that also covers it. I understood you had read this document thoroughly and recommend it
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
- Joomla! Intern
- Posts: 58
- Joined: Thu May 30, 2013 6:01 pm
- Contact:
Re: Stop executions of scripts in .htacess
@Slackervaara,
Whatever code help you to prevent hacking is very useful.
Generally the shell injection attack likely on
1.images folder
2.tmp folder
i use to write in htaccess for this 2 folder
you can add more extension but this 2 will help a lot to prevent direct execution of script.
Whatever code help you to prevent hacking is very useful.
Generally the shell injection attack likely on
1.images folder
2.tmp folder
i use to write in htaccess for this 2 folder
Code: Select all
<FilesMatch "\.(php|js)$">
ForceType text/plain
</FilesMatch>
Dont expect to much dont expect to less
- Slackervaara
- Joomla! Ace
- Posts: 1115
- Joined: Sat Aug 13, 2011 6:27 am
Re: Stop executions of scripts in .htacess
Thanks! I have now protected my images and tmp folder with this.
I remember that, when I used PHP-Nuke there were a very good anti-hacker extension, that could be equipped with an add-on that when the anti-hacker extension blocked the hacker also wiped out the hackers harddrive. Is there something similar for Joomla? Personally I would like to be 100 % sure it is a hacker, so I would manually like to put an ip-adress of a hacker, which then would get his harddrive wiped out when he visited the site next time.
I remember that, when I used PHP-Nuke there were a very good anti-hacker extension, that could be equipped with an add-on that when the anti-hacker extension blocked the hacker also wiped out the hackers harddrive. Is there something similar for Joomla? Personally I would like to be 100 % sure it is a hacker, so I would manually like to put an ip-adress of a hacker, which then would get his harddrive wiped out when he visited the site next time.
- brian
- Joomla! Master
- Posts: 12787
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: Stop executions of scripts in .htaccess
That would be a criminal offence
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Stop executions of scripts in .htaccess
Topic locked due to the nature of recent posts.
http://forum.joomla.org/viewtopic.php?f=8&t=65
http://forum.joomla.org/viewtopic.php?f=8&t=65
Continuing such discussions in the forums may have unwanted implications imposed on the posterDo not discuss illegal activities. Our server is hosted in the USA and so is subject to US law. Please do not expose us to any unnecessary legal liability.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}