Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

Protect your website from webshells

Use this tutorial if you want to protect your website and stop webshells getting uploaded to your site. Hacker with webshell in your website, can view your config.php, delete files, run server commands, download your mysql DB etc.

.htaccess

Step 1
Create a .htaccess file with content below and put it in your php-fusion root directory.
CodeDownload  
RewriteCond %{QUERY_STRING} mosConfig_[0-9a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteCond %{QUERY_STRING} [0-9,a-z,A-Z].SELECT.[0-9,a-z,A-Z]
RewriteCond %{QUERY_STRING} [0-9,a-z,A-Z].FROM.[0-9,a-z,A-Z]
RewriteCond %{QUERY_STRING} [0-9,a-z,A-Z].WHERE.[0-9,a-z,A-Z]
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files .php>
order allow,deny
deny from all
</Files>
<Files .js>
order allow,deny
deny from all
</Files>
<Files .css>
order allow,deny
deny from all
</Files>



---------------------
Step 2

Now create another .htaccess file with content below. Put this .htaccess file in images/avatars directory:

CodeDownload  
AddHandler server-parsed .php
SetHandler image/gif
AddHandler image/gif .php
order deny,allow
Deny from All
<FilesMatch "\.(gif|jpe?g|png)$">
Allow from All
</FilesMatch>



Step 3

Create a .htaccess file with content below and put it in these directories:

* administration/db_backups/
* images/
* images/articles/
* images/news/
* images/news_cats/
* images/photoalbum/
* images/photoalbum/submissions/
* forum/attachments/

CodeDownload  

AddHandler server-parsed .php
SetHandler image/gif
AddHandler image/gif .php



Please make sure that your server/hosting supports .htaccess files.
Also in all directories that you put our .htaccess file (except in the root directory) rename index.php to index.html. Now, try to put .php file into one of those directories and try to execute it! The .php file will not be executed! It should only let you to download it:


www.hpc.lt/paveiksleliai/execute.gif


I hope it will help you to protect your web from webshells.
Zilvinas (zilvinas @ hpc .lt)
By HPC.LT
This is actually a simple but really effective idea.
Great!
thanks. gotta try it. btw a question. should i delete my previous .htaccess or append your code to it?
my previous one:
CodeDownload  
# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName www.hentai-enishi.com
AuthUserFile /home/hentai/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/hentai/public_html/_vti_pvt/service.grp

Quote

agl wrote:
thanks. gotta try it. btw a question. should i delete my previous .htaccess or append your code to it?
my previous one:
CodeDownload  
# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName www.hentai-enishi.com
AuthUserFile /home/hentai/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/hentai/public_html/_vti_pvt/service.grp



Sorry for late reply, that should work:
CodeDownload  
# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName www.hentai-enishi.com
AuthUserFile /home/hentai/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/hentai/public_html/_vti_pvt/service.grp

RewriteCond %{QUERY_STRING} mosConfig_[0-9a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteCond %{QUERY_STRING} [0-9,a-z,A-Z].SELECT.[0-9,a-z,A-Z]
RewriteCond %{QUERY_STRING} [0-9,a-z,A-Z].FROM.[0-9,a-z,A-Z]
RewriteCond %{QUERY_STRING} [0-9,a-z,A-Z].WHERE.[0-9,a-z,A-Z]
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files .php>
order allow,deny
deny from all
</Files>
<Files .js>
order allow,deny
deny from all
</Files>
<Files .css>
order allow,deny
deny from all
</Files>

thanks and np. i did the same thing and added it after the current content of the .htaccess file :)
Thread Information
Author
Zilvinas
Posted In
Replies
5 posts
Views
4832 times
Last Post
Last updated on 14 years ago
You can view all discussion threads in this forum.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
Users who participated in discussion: Matonor, Zilvinas, agl