Helpful modification to htaccess

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
jeffchannell
Joomla! Ace
Joomla! Ace
Posts: 1964
Joined: Tue Jun 09, 2009 2:21 am
Location: WV
Contact:

Helpful modification to htaccess

Post by jeffchannell » Thu May 27, 2010 6:35 pm

After noticing the sheer number of attempts to load /proc/self/environ using LFI exploits, I added the following line to my .htaccess :

Code: Select all

RewriteCond %{QUERY_STRING} proc\/self\/environ [OR]
See below for where I placed it:

Code: Select all

########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc\/self\/environ [OR]
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14774
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Helpful modification to htaccess

Post by mandville » Fri May 28, 2010 12:00 am

good spot. i thin we might need to build a decent htaccess file in the docs again
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

enzo24
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Fri Sep 12, 2008 6:34 am

Re: Helpful modification to htaccess

Post by enzo24 » Wed Jun 02, 2010 6:46 am

Thank you MUCHO ! :)

deleted user

Re: Helpful modification to htaccess

Post by deleted user » Fri Jun 25, 2010 5:40 pm

Thanks for this. Shutting off error reporting also helps, for example:

Code: Select all

php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off

User avatar
C0nw0nk
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 248
Joined: Tue Jun 15, 2010 1:12 am
Location: United Kingdom, London
Contact:

Re: Helpful modification to htaccess

Post by C0nw0nk » Fri Jun 25, 2010 6:23 pm

ah nice find thanks so much :D <3 helps fix another security exploit.

User avatar
SOAMJENA
Joomla! Ace
Joomla! Ace
Posts: 1274
Joined: Thu May 01, 2008 12:36 pm
Location: QubeSys Technologies Pvt. Ltd ,INDIA
Contact:

Re: Helpful modification to htaccess

Post by SOAMJENA » Mon Jul 05, 2010 3:10 pm

from php.ini ?

Anyway, we can place this on htaccess ?
dpk wrote:Thanks for this. Shutting off error reporting also helps, for example:

Code: Select all

php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
Web Design, eCommerce and Software Development
Joomla Premium Extensions,Templates and Support Packages

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14774
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Helpful modification to htaccess

Post by mandville » Mon Jul 05, 2010 3:48 pm

HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

Aznet1
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sun May 17, 2009 3:27 am

Re: Helpful modification to htaccess

Post by Aznet1 » Wed Jul 07, 2010 3:18 am

I'm new at this, my site has been hacked 3 times now. I was able to add the line from the 1st post but not sure where to place the code to shut off the error reporting, can you help?

Thanks


Locked

Return to “Security in Joomla! 1.5”