I have a wordpress site. recently under a serious ddos attack in wp-login.php. I have renamed wp-login.php to a new mysitename-login.php. and creat a new empty file with name wp-login.php. I have joined cloudflare, still received attack log in access_log. I have tried mod_evasive, but it will kill googlebot
Now I am manully add them into my .htaccess like
<Limit GET POST>
order allow,deny
deny from 108.162.253.180
deny from 173.245.48.134
deny from 173.245.49.187
deny from 173.245.51.180
deny from 173.245.54.66
deny from 108.162.219.
deny from 109.239.235.
allow from all
</Limit>
And I have an idea to create the .htaccess dynamic.
in current wp-login.php
$ip=$_SERVER['REMOTE_ADDR'];
// INSERT INTO ip_table (ip) values ($ip);
// ip is unique index
$html='<Limit GET POST>/n/r'
$html.=//select * from ip_table loop all
$html.='allow from all/n/r</Limit>';
$html.=<<<TXT
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
TXT;
file_put_content($html,'/var/www/html/.htaccess');
But I am afraid, if there have some problem during the file_put_content, the .htaccess is broken, my site will be broken too...
Any better way, to create a blacklist by using the robot access wp_login.php and no risk to be broken site?
Thanks.
Instead of creating a Blacklist, why not make a Whitelist? This wouldn't work if you allow all users to login to Wordpress, for example if you're using a membership plugin, but if only you and a few select Admins login, then just get everyone's IP address and add those to your .htaccess file like this:
## Prevent anyone not on my ip whitelist from accessing wp admin
RewriteCond %{REQUEST_URI} ^(/wp-admin|/wp-login.php).*$
RewriteCond %{REMOTE_ADDR} !=111.111.111.111
RewriteCond %{REMOTE_ADDR} !=222.222.222.222
RewriteCond %{REMOTE_ADDR} !=333.333.333.333
RewriteRule ^.*$ / [R=301,L]
What about using mod_evasive for Apache? This way you can easily block all IPs that try to connect to the certain URL very often in a short period of time.
You could block all IPs that will try to connect to your fake login page as well.
Related
I have a site that is being attacked all the time and it is using joomla extensions
So I am trying to figure out what exploit are they using and I have decided to block those
I am using the below code:
RewriteEngine On
RewriteCond %{QUERY_STRING} (^|&)xqgu=(.*)
RewriteRule ^(.*)$ - [F]
RewriteCond %{QUERY_STRING} (^|&)fck=(.*)
RewriteRule ^(.*)$ - [F]
but its not working as I can still access the site on
site.com/index.php?fck=you
Can I block all get request that have paramer after index.php?=
that are not coming form my IP?
like
site.com/index.php?fck=uxsw
site.com/index.php?xqgu=otzd
site.com/index.php?some=thing
buy allow get on
site.com/index.php
order deny,allow
deny from all
allow from <your ip>
or
<RequireAll>
Require ip xx.xx.xx.xx yy.yy.yy.yy
</RequireAll>
I want to add a htaccess to allow visits from a specific ip.
The tree goes like this
domain
/abc/
/def/
I want to restrict the folder /abc/ but whitelist the folder /def/
Also, on the /abc/ there is a specific file called ghi.php. Can I allow access to that specific file ?
How can I do this?
This is what i have in /abc/ that redirects everyone who is not into the specified ip. However, I want to allow access to the ghi.php inside that dir.
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^125\.17\.119\.16$
RewriteRule ^ http://www.domain.com/ [R]
I would not use mod_rewrite for content protection, use the modules that are created for this:
# Default: deny all
Order Allow,Deny
# Allow the IP for everything
Allow from 125.17.119.16
# Allow access to this one PHP file
<Files /abc/ghi.php>
Allow from all
</Files>
# Allow access to everything inside that folder
<FilesMatch "^/def/">
Allow from all
</FilesMatch>
Try :
RewriteEngine on
#Allow access to the file
RewriteRule ^abc/ghi\.php$ - [L]
#forbid the request for /abc/* if ip not=1.2.3.4.5
RewriteCond %{REMOTE_ADDR} !^1\.2\.3\.4\.5$
RewriteRule ^abc - [F,L]
If you want to redirect the request to homepage, just change the line
RewriteRule ^abc - [F,L]
to
RewriteRule ^abc http://example.com/ [L,R]
I have mp3's in a directory called /mp3/ and I want to be able to access them only from another page.php in another directory /main/ on the site.
No direct linking from outside.
All of the pages are written in php
I put this code in the .htaccess file inside the /mp3/ directory...
Order deny,allow
deny from all
allow from 127.0.0.1
allow from localhost
allow from mydomain.com
allow from 123.45.678.90 # that's myserver's IP address (real one used in code)
Satisfy Any
But none of those work.
It does work however if I use the IP address of were I am.
allow from 1.2.3.4 # my internet connection (real one used in code)
But that means it would work for anyone and their IP address.
What am I missing here? Does this work only on certain servers?
How do I make it use the server's IP address and not my IP address?
Look into "hotlink protection" added to your .htaccess file. You can set it up for just .mp3 file extension, and forbid access by any foreign site or directly from browsers. You might even be able to restrict access from within your own site, but I can't see that being terribly useful.
Something like
RewriteEngine on
Options +FollowSymlinks
# hotlink protection and allowed list
# don't forget to add https: to allow accesss for any with SSL
## uncomment following line to PERMIT direct browser access of mp3 files
#RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com(/)?.*$ [NC]
RewriteRule .*\.mp3$ - [F,NC]
Place the files you want to protect out of the public folder. This way they are only accessible via your scripts.
-root
--mp3s
--public_html
---main
----index.php
----page.php
You are trying to limit a "referral" and not direct access?
Denying from an IP limits all access, whether referred to by your page.php or by typing it into the browser's URL location bar. If you're trying to limit referrals, you can try using something like:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?yourdomain.com/ [NC]
RewriteRule ^mp3/ - [L,F]
but be warned that referers can be spoofed.
What about something like this, in your .htaccess
<Files ~ ".mp3$">
Order allow,deny
Deny from all
</Files>
This will not allow direct access to any files with .mp3 from your web server.
Place this code in your mp3/.htaccess file:
RewriteEngine on
RewriteBase /mp3/
RewriteCond %{HTTP_REFERER} !^https?://(localhost|(www\.)?mydomain\.com)/ [NC]
RewriteRule ^ - [F]
I have a page running on phpbb where I want to disable registrations from certain counteries. I've ended up with this
<Files "ucp.php">
Order Allow,Deny
Allow from all
SetEnvIf GEOIP_COUNTRY_CODE {country} BlockCountry
Deny from env=BlockCountry
</Files>
as you can see I'm using geoip to detect the country. But now the problem is that this piece of code disallows already registered users to login from those countries, but I want just the registration part which is ucp.php?mode=register.
This however doesn't work even with backslashes so I don't know how make it work.
Thanks for your help
You could do something like this in your .htaccess
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(CA|US|MX)$
RewriteCond %{QUERY_STRING} ^(.*)mode=register(.*)$ [NC]
RewriteRule ^ucp.php$ deny_page_for_other_countries.php [L]
I would like to only let people view my subdomains not the original domain. And I only want the original domain to be viewed by me (I mean my IP).
hello.example.com -> view by anyone
example.com -> only view by me
is there any script that I can use for htaccess ?
thanks
Create a htaccess file on your main domain and write the following in it:
Order deny, allow
Deny from all
Allow from 123.45.67.89
Use your IP in the above code.
You can do a permanant redirection to hello.example.com. This will make sure everyone visit your site under hello.example.com. This would be more appropriate for your users.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com [nc]
RewriteRule ^hello/(.*)$ http://hello.example.com/$1 [r=301,nc]
If you really want to show a 403 Forbidden, you can do this
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com [nc]
RewriteRule ^hello/(.*)$ / [r=403,nc]
I figured out the answer. I added this code in htaccess located at example.com
order deny,allow
deny from all
allow from MYIP
and this code to hello.example.com
order deny,allow
allow from all
I'm not sure if it's a proper way to do this, but it help me to block people from viewing example.com ( main domain ) but still let them to view the subdomain ( hello.example.com )