Apache forbidden rule for Santy.A worm

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
eyedenigh
Registered User
Posts: 48
Joined: Tue May 25, 2004 10:29 am
Contact:

Post by eyedenigh » Tue Jan 25, 2005 4:06 am

singletrack wrote: Dang...I was getting hammered all day. Did a traceroute on a few and they were the Googlebot so I just figured something weird was going on and they all were search bots. Then checked these forums and realized they weren't. Added the code to common.php and within a few minutes things went back to normal. I'd like to edit my 'most ever online' back to the last known high level...anyone know how to quickly do this as I go off digging in the database :)


it's in your phpbb_config table

Hynee: Thanks heaps for that , my 200 Guests nearly instantly disapeared :)

singletrack
Registered User
Posts: 17
Joined: Thu Dec 05, 2002 4:00 am
Contact:

Post by singletrack » Tue Jan 25, 2005 4:29 am

not the time frame, the total users. so instead of it saying my high user count was 100 something on such and such day it would go back to saying 30 on such and such day. is that value calculated or stored in the database? haven't found it yet.

oh, sorry for the off topic...sort of...but it is related to fixing the problem that caused it.

kirtok
Registered User
Posts: 28
Joined: Mon Aug 04, 2003 6:38 am

Post by kirtok » Tue Jan 25, 2005 4:29 am

Hi everybody
I've added the highlight code to my .htaccess file, and number of guests decreased instantly. But I have able2know seo mod and not logged in guests get .html pages and it messed up my mod, and people have to login to be able to get the right pages, otherwise they get an error.
Here's my .htaccess file now:

Code: Select all

RewriteEngine On 
RewriteRule ^community.* index.php [L,NC]
RewriteRule ^post-([0-9]*).html&highlight=([a-zA-Z0-9]*) viewtopic.php?p=$1&highlight=$2 [L,NC]
RewriteRule ^post-([0-9]*).* viewtopic.php?p=$1 [L,NC]
RewriteRule ^view-poll([0-9]*)-([0-9]*)-([a-zA-Z]*).* viewtopic.php?t=$1&postdays=$2&postorder=$3&vote=viewresult [L,NC]
RewriteRule ^ecommerce([0-9]*).html&highlight=([a-zA-Z0-9]*) viewtopic.php?t=$1&highlight=$2 [L,NC]
RewriteRule ^ecommerce([0-9]*).html&view=newest viewtopic.php?t=$1&view=newest [L,NC]
RewriteRule ^ecommerce([0-9]*)-([0-9]*)-([a-zA-Z]*)-([0-9]*).* viewtopic.php?t=$1&postdays=$2&postorder=$3&start=$4 [L,NC]
RewriteRule ^ecommerce([0-9]*)-([0-9]*).* viewtopic.php?t=$1&start=$2 [L,NC]
RewriteRule ^ecommerce([0-9]*).* viewtopic.php?t=$1 [L,NC]
RewriteRule ^ecommerce([0-9]*).html viewtopic.php?t=$1&start=$2&postdays=$3&postorder=$4&highlight=$5 [L,NC]
RewriteRule ^mark-forum([0-9]*).html* viewforum.php?f=$1&mark=topics [L,NC]
RewriteRule ^updates-topic([0-9]*).html* viewtopic.php?t=$1&watch=topic [L,NC]
RewriteRule ^stop-updates-topic([0-9]*).html* viewtopic.php?t=$1&unwatch=topic [L,NC]
RewriteRule ^forum-([0-9]*).html viewforum.php?f=$1 [L,NC]
RewriteRule ^forum-([0-9]*).* viewforum.php?f=$1 [L,NC]
RewriteRule ^topic-([0-9]*)-([0-9]*)-([0-9]*).* viewforum.php?f=$1&topicdays=$2&start=$3 [L,NC]
RewriteRule ^ptopic([0-9]*).* viewtopic.php?t=$1&view=previous [L,NC]
RewriteRule ^ntopic([0-9]*).* viewtopic.php?t=$1&view=next [L,NC]

RewriteEngine On 
RewriteBase / 

RewriteCond %{QUERY_STRING} ^(.*)highlight=\%2527 [OR] 
RewriteCond %{HTTP_USER_AGENT} ^lwp [NC] 
RewriteRule ^.*$        -       [F,L] 
I'd appreciate any help.

Subsim
Registered User
Posts: 173
Joined: Mon Apr 08, 2002 5:12 pm

Post by Subsim » Tue Jan 25, 2005 4:49 am

When I FTP the htaccess.txt file to my server and rename it .htaccess

after I refresh, the file disappears. Where is it? Now my forums are down, I get this message:

Forbidden
You don't have permission to access /phpBB_subclub/index.php on this server.


:cry:

Subsim
Registered User
Posts: 173
Joined: Mon Apr 08, 2002 5:12 pm

Post by Subsim » Tue Jan 25, 2005 5:15 am

Rebooted server, still cannot get phpBB to work.

Forbidden
You don't have permission to access /phpBB/index.php on this server.


This after uploading the suggested .htaccess file. Someone help. I can FTP into the server, but where does the .htaccess file go? I do not see it.

emmzee
Registered User
Posts: 4
Joined: Sat Sep 28, 2002 6:56 am

Post by emmzee » Tue Jan 25, 2005 5:57 am

Your FTP program must not be showing the file to you, I know that when I used WSFTP_Lite it didn't show .htaccess files ... I use the FileZilla FTP program, it's free open source FTP software, you can get it from:

http://filezilla.sourceforge.net/

It will show you the .htaccess file so you can delete it.

(Click 'Download' then get the FileZilla_2_2_10_setup.exe file assuming you use Windows.)
Last edited by emmzee on Tue Jan 25, 2005 5:58 am, edited 1 time in total.

Psychotic_Carp
Registered User
Posts: 556
Joined: Fri Dec 03, 2004 1:45 pm

Post by Psychotic_Carp » Tue Jan 25, 2005 5:58 am

liluli wrote:
Psychotic_Carp wrote: have you checked to see if you have any viruses?


Sorry to be a newbie to this. I have searched for strange/unusual files across all my folders through my ftp and found nothing. Is that what you mean?

My site today is constantly being hit and have disabled the board for the time being, however obviously they are still there on the forum index.

Could .htaccess not be working due to my server's configuration? Do I need to ask for it to be enabled to work or something? Thanks


no i said check and see if YOU have the virus

Subsim
Registered User
Posts: 173
Joined: Mon Apr 08, 2002 5:12 pm

Post by Subsim » Tue Jan 25, 2005 6:24 am

emmzee wrote: Your FTP program must not be showing the file to you, I know that when I used WSFTP_Lite it didn't show .htaccess files ... I use the FileZilla FTP program, it's free open source FTP software, you can get it from:

http://filezilla.sourceforge.net/

It will show you the .htaccess file so you can delete it.

(Click 'Download' then get the FileZilla_2_2_10_setup.exe file assuming you use Windows.)


Thanks. I just thought of using the File Manager through the server, I deleted the .htaccess file but still getting the "Forbidden" message.

Everything on my server is down. Rebooted, nothing.

Subsim
Registered User
Posts: 173
Joined: Mon Apr 08, 2002 5:12 pm

Post by Subsim » Tue Jan 25, 2005 12:27 pm

Anybody.... the corpse of a webmaster needs you :(

Psychotic_Carp
Registered User
Posts: 556
Joined: Fri Dec 03, 2004 1:45 pm

Post by Psychotic_Carp » Tue Jan 25, 2005 1:17 pm

Subsim wrote: Anybody.... the corpse of a webmaster needs you :(


use my method of making one and throw it in the same place you put the other one, hopefully it will overwrite the old one (make it blank) i dont know exactly where it should go either, there is one that comes with phpbb, its in the cache folder

espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom » Tue Jan 25, 2005 3:38 pm

WS_FTP will show you the "dot files" like .htaccess, if you use it in "sftp" mode, rather than ftp. This can only be done with version 8 and later.

It accomplishes this by using a secure shell connection, rather than FTP, for transfers, so it can "see" the hidden files. The file list command on most FTP servers won't even respond with hidden files, unless specifically set up to do so.

SFTP is better for most uses in any case, because it encrypts the password exchange, as well as the data. If you're on a cable modem, your packets are viewable by anyone who knows how to hack a cable modem to show all traffic.

pieman666
Registered User
Posts: 11
Joined: Tue Nov 30, 2004 11:45 am

Post by pieman666 » Tue Jan 25, 2005 4:14 pm

Well I am just waiting for my ISP to put my forums back online as they had to remove them last night due to excessive calls to the mysql db :(

Hopefuly the common.php hack will prevent the huge numbers of calls to the db if I read it right as the .htaccess comands are not supported by my isp...

jsundqui
Registered User
Posts: 40
Joined: Thu Apr 29, 2004 2:25 am

Post by jsundqui » Tue Jan 25, 2005 5:02 pm

As far as I know, every common operating system comes with a command line FTP program. Well at least windows and linux do. I assume MacOS X does, too since it is Unix. The windows and linux ftp programs see all the files just fine. Just run "ls -la" without the quotes after logging in to see all the files (inlcuding .htaccess). "ls -latr" sorts them with the most recently changed last so that you can see if any cracker modified/replaced anything lately.

espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom » Tue Jan 25, 2005 5:22 pm

jsundqui wrote: Just run "ls -la" without the quotes after logging in to see all the files (inlcuding .htaccess). "ls -latr" sorts them with the most recently changed last so that you can see if any cracker modified/replaced anything lately.


Usually works, but not always. If the server is running proftpd, for example, the default configuration will not only not show you the dot files, it won't let you send/receive them. Proftpd is the default FTP server for Mandrake Linux, and probably others, because it is more secure.

jsundqui
Registered User
Posts: 40
Joined: Thu Apr 29, 2004 2:25 am

Post by jsundqui » Tue Jan 25, 2005 5:47 pm

I guess my hosting outfit doesn't have the default configuration on their (Red Hat) proftpd installation, as dot files show up OK. I'll have to see tonight how my Mandrake boxes at home respond to ftp requests.

Locked

Return to “2.0.x Support Forum”