My wordpress is infected by malware. I found malicious code attached right after jquery codes in every js file.
Also I found multiple requests being made to unknown host/ip. I'm unable to find which script makes this call.
So I'm thinking to block any request to third party domain or IP via htaccess. But it doesn't seem to work.
Please advice the correct way to write this.
path to .htaccess file:
public_html\.htaccess
The content if it (before changes):
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I tried:
attempt 1
//but I don't think this is relevant as it's meant for incoming
requests
order allow,deny
allow from all
deny from 134.249.116.78
attempt 2
Deny from 134.249.116.78
This is how network tab looks like:
And the header like this:
You will need to do this at the Web Server level of your stack. In your case using Apache configuration.
Specifically, the important one for your question is:
Header always append X-Frame-Options SAMEORIGIN
Additionally for the issue of XSS
Header set X-XSS-Protection “1; mode=block”
It should be noted that is not all that is necessary to lock down a server and that will not stop all XSS but it is a step towards a more secure server environment.
Related
I need to develop a plugin that can write into the WP htaccess file and "simulate" subdomains.
I have a new WP installation with basic htaccess on example.com
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Is there a way via htaccess that if I go to about.example.com I see the page example.com/about, without changing the URL (meaning that I still see about.example.com in the browser address bar)?
And also, is it possible that if I go to about.example.com/category1 I see the page example.com/about/category1?
I tried using the following code by adding it to the end of the htaccess, but it doesn't work:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?example.com.com$
RewriteRule ^(/)?$ about [L]
You should be able to do that using the following rule in your .htaccess:
RewirieEngine On
RewriteCond %{HTTP_HOST} ^about.example.com [OR]
RewriteCond %{HTTP_HOST} ^www.about.example.com
RewriteRule ^(.*) http://example.com/about/$1 [P]
What this does is check for the address about.example.com, if the condition is met it should redirect to example.com/about/.... but keeping the original address.
The [P] flag causes the request to be handled by mod_proxy, and handled via a proxy request.
However, keep in mind that using mod_proxy can cause security issues:
Take care when constructing the target URL of the rule, considering
the security impact from allowing the client influence over the set of
URLs to which your server will act as a proxy. Ensure that the scheme
and hostname part of the URL is either fixed, or does not allow the
client undue influence.
Normally using .htaccess you cannot go from one domain to another domain keeping the original URL. It can be a security nightmare as mentioned above. However, since this is a subdomain it should work.
Make sure you clear your cache before testing this.
Alternative
You can use ProxyPass - which would be a more secure option. You can find more information on how to use this via the Apache Documentation via this link. But this would need to done on a level higher than .htaccess. Through the config files.
I hope this helps.
I've been trying fix my error, first here is my .htaccess code:
# Clean Url for User Profiles
AddDefaultCharset UTF-8
Header unset ETag
FileETag None
Options +FollowSymLinks -MultiViews
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/+friend\.php\?user_name=([^\s&]+) [NC]
RewriteRule ^ friend/%1? [R=301,L]
RewriteRule ^friend/([^/]+)/?$ friend.php?user_name=$1 [L,QSA]
# End Clean Url Htaccess
My intentions with this code is to make this URL http://localhost:8888/circlepanda/friend?user_name=kendrick
Display like this http://localhost:8888/circlepanda/friend/kendrick and work.
The page opens good, burr the parameter isn't parsed. How do I fix this?
There are a number of issues with your code. I tried to fix what I see, here is my version of what you probably are trying to implement:
Options -MultiViews
RewriteEngine on
# external: /..../friend?username=joe >> /..../friend/joe
RewriteCond %{QUERY_STRING} user_name=([^&]+)
RewriteRule ^friend/?$ friend/%1 [R=301,QSA]
# internal: /friend/joe >> friend.php?user_name=joe
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^friend/([^/]+)/?$ friend.php?user_name=$1 [END,QSA]
Depending on your specific situation it might be that you need to add a RewriteBase. See the official documentation for that.
If you experience an internal server error using above lines chances are that you operate a very old version of the apache http server. In that case you need to replace the [END] flag with the [L] flag.
And a general hint: you should always prefer to place such rules inside the http servers (virtual) host configuration instead of using dynamic configuration files (.htaccess style files). Those files are notoriously error prone, hard to debug and they really slow down the server. They are only provided as a last option for situations where you do not have control over the host configuration (read: really cheap hosting service providers) or if you have an application that relies on writing its own rewrite rules (which is an obvious security nightmare).
Im trying to create a maintenance page for my website and have added the following to .htaccess
##SETTINGS##
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteBase /
Allow From All
RewriteCond %{REMOTE_ADDR} !^00\.00\.00\.00
RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif|css) [NC]
RewriteCond %{REQUEST_URI} !^/maintenance.php [NC]
RewriteRule .* /maintenance.php [R=302,L]
## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access 1 week"
</IfModule>
## ADDITIONAL REWRITE RULES BELOW HERE ##
This works on my local MAMP environment but when i upload it to my hosting provider (GoDaddy) it gets stuck in an infinite redirect loop and the maintenance page wont load. Changing the first line to my own ip address allows me access to the site (as intended) but others still get stuck in the redirect loop.
I followed the guide at moz.com with a few alterations to get images and css loading on the maintenance page.
Please Help a n00b in need...
EDIT: Added the top of my .htaccess so people don't think thats why its not working
EDIT2: Added all other redirect rules as requested
EDIT3: Removed additional redirect rules as not relevant to question
To be honest, those rules look pretty correct. In fact, in addition to running them locally, you can always lint them using something like http://htaccess.madewithlove.be/
In this instance, I would recommend reaching out to GoDaddy about the issue. It's possible that they have another config set globally for your account which is affecting your rules.
The rules look fine, but my guess is either your other rules are redirecting back to something other than maintenance.php or your maintenance.php file is redirecting to somewhere. Try adding this right below the Allow From All line:
RewriteRule ^maintenance.php - [L]
so that your other rules won't get applied.
Removing the [R] flag on the RewriteRule has fixed the redirect loop. I also had to removed the forward slash before the page name as that created a Server error once i had removed the [R] flag due to the RewriteBase already being set to "/".
The maintenance page is now displaying correctly and i can access the whole site from my own IP address.
Changed
RewriteRule .* /maintenance.php [R=302,L]
to
RewriteRule .* maintenance.php [L]
Guess it must have been some weird GoDaddy settings, at least it saves me calling them...
Thank you for the help Chris and Jon Lin :)
I am having troubles using my url parameters to write to a blue host DB.
As soon as I pass parameters into the url I get a server error(500).
I am also not receiving any error reports on the PHP side.
what am I doing wrong?
I have reloaded the page, cleared all cookies, and I am fairly sure it is not a gateway Timeout.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
There are a couple more .htacces rules but those contain this:
# Use PHP54CGI as default
AddHandler fcgid54-script .php
# BEGIN WordPress
# END WordPress
What i suggest is using a different hosting provider as this problem is not easy to be solved.
I moved my database to a different provider and it works now.
However this does not solve the problem for people who encounter the same
By any chance are you using the shared secure URL like "https://secure.bluehost.com/~userid" ?
I discovered that the .htaccess code for php 5.4:
AddHandler fcgid54-script .php
causes a failure when using the shared SSL url. Of course when you take it out, you are back on php 5.2.
I am using a PHP application I downloaded, and it is half working on my server, however I am having what I believe is a re-write error.
The application is a "job board" where people will be able to browse available positions, and apply online.
Currently it is "technically" working. A person can view the site, and postings, and they can fill out the application form. The message is sent properly.
The problem is that once the submit button is pressed the browser shows that the page is loading, but nothing ever loads. So the message is sent, but the following page is not loaded.
The application uses htaccess rewrites, and I believe this is where the problem is.
The application is supposed to work out-of-the-box on a top level domain, however I am trying to use it on a subdomain. Am I correct in assuming that technically there is not much difference when using a subdomain? After all, the pages all load fine until the form is submitted.
The application is running at http://volunteer.essentialtransit.com
What you see is the application after initially being set up, and I added one sample "job".
You can try applying to see the problem I am referring to. It is a very simple application form that only takes a few seconds to complete.
Here is the htaccess file:
# AddType x-mapp-php5 .php
# AddHandler x-mapp-php5 .php
RewriteEngine on
Options +FollowSymlinks
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
ErrorDocument 404 /page-unavailable/
<files ~ "\.tpl$">
order deny,allow
allow from none
deny from all
</files>
Perhaps if someone can explain what the htaccess rules are doing I can figure out the problem.
EDIT: So the page actually does load, but only after a very long time. The browser shows that the form is sent, and then following page starts to load, but then it takes minutes to actually load. All other pages on the site load quicker than that. The other strange things is that when a "job" page is initially opened it loads quick, after applying it just redirects back to the same "job" page, however this time it takes forever to load.
Rules are self explanatory:
RewriteEngine on # Enables rewrite engine (obviously)
Options +FollowSymlinks # Tells Apache to follow symbolic links
RewriteCond %{REQUEST_FILENAME} !-f # Here it redirects non-files
RewriteCond %{REQUEST_FILENAME} !-d # and non directories
RewriteRule . index.php [L] # to index.php
ErrorDocument 404 /page-unavailable/ # Sets 404 page address
<files ~ "\.tpl$"> # Denies access to templates
order deny,allow
allow from none
deny from all
</files>
I doubt your issues have something to do with these rules.