Stop executions of scripts in .htaccess

[Slackervaara]

It seems that hackers uploads or place scripts on many sites. I wonder, if anyone has been succesful by adding protection in htaccess, so that some scripts can't be executed by hackers even, if they succeed in uploading them.

I have found this for .htaccess by googling:

AddType text/plain .pl .cgi .php .sh

http://codex.wordpress.org/htaccess_for_subdirectories

Could something like this be useful?

[brian]

Please see http://docs.joomla.org/Htaccess_examples_(security)

[mandville]

there is a relevant section within http://docs.joomla.org/Security_Checkli ... ermissions
that also covers it. I understood you had read this document thoroughly and recommend it

[guanioramon]

@Slackervaara,
Whatever code help you to prevent hacking is very useful.
Generally the shell injection attack likely on
1.images folder
2.tmp folder
i use to write in htaccess for this 2 folder

Code: Select all

<FilesMatch "\.(php|js)$">
ForceType text/plain
</FilesMatch>

you can add more extension but this 2 will help a lot to prevent direct execution of script.

[Slackervaara]

Thanks! I have now protected my images and tmp folder with this.

I remember that, when I used PHP-Nuke there were a very good anti-hacker extension, that could be equipped with an add-on that when the anti-hacker extension blocked the hacker also wiped out the hackers harddrive. Is there something similar for Joomla? Personally I would like to be 100 % sure it is a hacker, so I would manually like to put an ip-adress of a hacker, which then would get his harddrive wiped out when he visited the site next time.

[brian]

That would be a criminal offence

[mandville]

Topic locked due to the nature of recent posts.
http://forum.joomla.org/viewtopic.php?f=8&t=65

Do not discuss illegal activities. Our server is hosted in the USA and so is subject to US law. Please do not expose us to any unnecessary legal liability.

Continuing such discussions in the forums may have unwanted implications imposed on the poster