Code: Select all
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com [NC]
RewriteCond %{REQUEST_FILENAME} /viewtopic.php
RewriteCond %{QUERY_STRING} ^.*\%
RewriteRule ^.*$ http://127.0.0.1/ [R,L]
Code: Select all
#
#----[ FIND ]------
#
$topic_url = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . '=' . $searchset[$i]['topic_id'] . "&highlight=$highlight_active");
$post_url = append_sid("viewtopic.$phpEx?" . POST_POST_URL . '=' . $searchset[$i]['post_id'] . "&highlight=$highlight_active") . '#' .
#
#----[ REPLACE WITH ]------
#
$topic_url = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . '=' . $searchset[$i]['topic_id']);
$post_url = append_sid("viewtopic.$phpEx?" . POST_POST_URL . '=' . $searchset[$i]['post_id']) . '#' . $searchset[$i]['post_id'];
BZebra wrote: RewriteCond %{QUERY_STRING} ^(.*)%
It blocks every URL with an %-sign in it and sends it to the 304 error-page, so this should work for all sorts of santy-viruses and every bot.
BZebra wrote: As far as I know %-signs only occur in serch links with special characters in the the highlight-part
tanrek wrote: If you look up all posts of the user 'Jim+Jane' the URL is
search.php?search_author=Jim%2BJane
Code: Select all
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} /viewtopic.php
RewriteCond %{QUERY_STRING} ^.*\%
RewriteRule ^.*$ http://127.0.0.1/ [R,L]
but now when the bots come calling at the request of the worm, they simply aren't going to find any recognizable forum pages to list for exploit.
Question: Once the MSNbot gets done finding the "somethingelse.php" file that replaced "viewtopic.php" and lists it, is the worm going to come back and try to overload that?
Joe User wrote: Here is another variant for mod_rewrite:
HTHCode: Select all
RewriteEngine On RewriteCond %{QUERY_STRING} ^(.*)wget\%20 [OR] RewriteCond %{QUERY_STRING} ^(.*)echr(.*) [OR] RewriteCond %{QUERY_STRING} ^(.*)esystem(.*) [OR]
Is there a way to use the .htaccess file to limit URLs to 500 characters?
Code: Select all
netstat -n | awk '{print $5}' | sort | uniq -c | sort -nk1