The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
Professional Htaccess VB 4
Hi , Professional Htaccess For VBulletin 4 , Advantage : Fix Xss Bug Fix sql Injection Protect From Htaccess Not Run Bug In Forum And ... Code:
# Comment the following line (add '#' at the beginning) # to disable mod_rewrite functions. # Please note: you still need to disable the hack in # the vBSEO control panel to stop url rewrites. RewriteEngine On # Some servers require the Rewritebase directive to be # enabled (remove '#' at the beginning to activate) # Please note: when enabled, you must include the path # to your root vB folder (i.e. RewriteBase /forums/) #RewriteBase / #RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com #RewriteRule (.*) http://www.yourdomain.com/forums/$1 [L,R=301] RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L] RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap|api\.php) RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !/(admincp|modcp|clientscript|cpstyles|images)/ RewriteRule ^(.+)$ vbseo.php [L,QSA] RewriteEngine On RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L] <files ".htaccess"> order allow,deny deny from all </files> <FilesMatch "\.(gif|jpg|png|swf|html|css|js|fla)$"> deny from all </FilesMatch> <FilesMatch "^php5?\.(ini|cgi)$"> Order Deny,Allow Deny from All Allow from env=REDIRECT_STATUS </FilesMatch> RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] #proc/self/environ? no way! RewriteCond %{QUERY_STRING} proc\/self\/environ [NC,OR] <?php // LFI Vulnerable Code $redirect = $_GET[redirect]; include($redirect); ?> RewriteEngine On RewriteCond %{QUERY_STRING} act= [OR] RewriteCond %{QUERY_STRING} sw= [OR] RewriteCond %{QUERY_STRING} act [OR] RewriteCond %{QUERY_STRING} sw [OR] RewriteCond %{QUERY_STRING} 0x3a [OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} ^.*(;|<|>|�|�|\)|%0A|%0D|%22|%27|%3C|%3E|).*(/\*|union|concat).* [NC] RewriteRule .* - [L,F] # Prevent use of specified methods in HTTP Request RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR] # Block out use of illegal or unsafe characters in the HTTP Request RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR] # Block out use of illegal or unsafe characters in the Referer Variable of the HTTP Request RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] # Block out use of illegal or unsafe characters in any cookie associated with the HTTP Request RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] # Block out use of illegal characters in URI or use of malformed URI RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR] # Block out use of empty User Agent Strings # NOTE - disable this rule if your site is integrated with Payment Gateways such as PayPal RewriteCond %{HTTP_USER_AGENT} ^$ [OR] # Block out use of illegal or unsafe characters in the User Agent variable RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] # Measures to block out SQL injection attacks RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR] # Block out reference to localhost/loopback/127.0.0.1 in the Query String RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR] # Block out use of illegal or unsafe characters in the Query String variable RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC] |
#32
|
|||
|
|||
Here, I have revised your current htaccess for better security & to give your forum more speed and no rewrites as you said. But for protecting the admincp & cpanel this should help with most of that unless someone RAT's you or tries to Brute Force Crack your password.
Code:
<IfModule mod_suphp.c> suPHP_ConfigPath /home/My Site/public_html <Files php.ini> order allow,deny deny from all </Files> </IfModule> <IfModule mod_rewrite.c> RewriteEngine on # If vbulletin is in a subdirectory, add it here RewriteBase / # Retrieve gamedata requests and send to new dbtech locations RewriteRule ^arcade/gamedata/(.*) dbtech/vbarcade/media/$1 [L] # Retrieve crossdomain requests and send to new dbtech location RewriteRule ^crossdomain\.xml dbtech/vbarcade/crossdomain.xml [L] # Send hardcoded pnf+ipa scores to arcade instead RewriteCond %{QUERY_STRING} func=storeScore [OR] RewriteCond %{QUERY_STRING} autocom=arcade [OR] RewriteCond %{QUERY_STRING} act=Arcade RewriteRule .* arcade.php [L,QSA] # Reroute v3arcade liveinstaller RewriteCond %{QUERY_STRING} do=liveinstall RewriteCond %{REQUEST_URI} v3arcade_admin\.php # If you renamed your admincp directory, change it here RewriteRule .* %{DOCUMENT_ROOT}/********/arcade_admin.php?%{QUERY_STRING}&do=review&import=browse&system=v3a [L,R=301] </IfModule> RewriteEngine On RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L] deny from 203.********* deny from 203.********* deny from 203.********* deny from 203.********* deny from 203.********* deny from 203.********* deny from 203.********* deny from 203.********* #Deny attempts to view the Htaccess file and other files. <Files .htaccess> Order allow,deny Deny from all </Files> <Files 403.shtml> order allow,deny Deny from all </Files> # BEGIN W3TC Browser Cache <IfModule mod_mime.c> AddType text/css .css AddType application/javascript .js AddType application/x-javascript .js AddType text/html .html .htm AddType text/richtext .rtf .rtx AddType image/svg+xml .svg .svgz AddType text/plain .txt AddType text/xsd .xsd AddType text/xsl .xsl AddType text/xml .xml AddType video/asf .asf .asx .wax .wmv .wmx AddType video/avi .avi AddType image/bmp .bmp AddType application/java .class AddType video/divx .divx AddType application/msword .doc .docx AddType application/x-msdownload .exe AddType image/gif .gif AddType application/x-gzip .gz .gzip AddType image/x-icon .ico AddType image/jpeg .jpg .jpeg .jpe AddType application/vnd.ms-access .mdb AddType audio/midi .mid .midi AddType video/quicktime .mov .qt AddType audio/mpeg .mp3 .m4a AddType video/mp4 .mp4 .m4v AddType video/mpeg .mpeg .mpg .mpe AddType application/vnd.ms-project .mpp AddType application/vnd.oasis.opendocument.database .odb AddType application/vnd.oasis.opendocument.chart .odc AddType application/vnd.oasis.opendocument.formula .odf AddType application/vnd.oasis.opendocument.graphics .odg AddType application/vnd.oasis.opendocument.presentation .odp AddType application/vnd.oasis.opendocument.spreadsheet .ods AddType application/vnd.oasis.opendocument.text .odt AddType audio/ogg .ogg AddType application/pdf .pdf AddType image/png .png AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx AddType audio/x-realaudio .ra .ram AddType application/x-shockwave-flash .swf AddType application/x-tar .tar AddType image/tiff .tif .tiff AddType audio/wav .wav AddType audio/wma .wma AddType application/vnd.ms-write .wri AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw AddType application/zip .zip </IfModule> <IfModule mod_expires.c> ExpiresActive On ExpiresByType text/css A31536000 ExpiresByType application/x-javascript A31536000 ExpiresByType text/html A3600 ExpiresByType text/richtext A3600 ExpiresByType image/svg+xml A3600 ExpiresByType text/plain A3600 ExpiresByType text/xsd A3600 ExpiresByType text/xsl A3600 ExpiresByType text/xml A3600 ExpiresByType video/asf A31536000 ExpiresByType video/avi A31536000 ExpiresByType image/bmp A31536000 ExpiresByType application/java A31536000 ExpiresByType video/divx A31536000 ExpiresByType application/msword A31536000 ExpiresByType application/x-msdownload A31536000 ExpiresByType image/gif A31536000 ExpiresByType application/x-gzip A31536000 ExpiresByType image/x-icon A31536000 ExpiresByType image/jpeg A31536000 ExpiresByType application/vnd.ms-access A31536000 ExpiresByType audio/midi A31536000 ExpiresByType video/quicktime A31536000 ExpiresByType audio/mpeg A31536000 ExpiresByType video/mp4 A31536000 ExpiresByType video/mpeg A31536000 ExpiresByType application/vnd.ms-project A31536000 ExpiresByType application/vnd.oasis.opendocument.database A31536000 ExpiresByType application/vnd.oasis.opendocument.chart A31536000 ExpiresByType application/vnd.oasis.opendocument.formula A31536000 ExpiresByType application/vnd.oasis.opendocument.graphics A31536000 ExpiresByType application/vnd.oasis.opendocument.presentation A31536000 ExpiresByType application/vnd.oasis.opendocument.spreadsheet A31536000 ExpiresByType application/vnd.oasis.opendocument.text A31536000 ExpiresByType audio/ogg A31536000 ExpiresByType application/pdf A31536000 ExpiresByType image/png A31536000 ExpiresByType application/vnd.ms-powerpoint A31536000 ExpiresByType audio/x-realaudio A31536000 ExpiresByType application/x-shockwave-flash A31536000 ExpiresByType application/x-tar A31536000 ExpiresByType image/tiff A31536000 ExpiresByType audio/wav A31536000 ExpiresByType audio/wma A31536000 ExpiresByType application/vnd.ms-write A31536000 ExpiresByType application/vnd.ms-excel A31536000 ExpiresByType application/zip A31536000 </IfModule> # BEGIN Compress text files <ifModule mod_deflate.c> AddOutputFilterByType DEFLATE text/html text/xml text/css text/plain AddOutputFilterByType DEFLATE image/svg+xml application/xhtml+xml application/xml AddOutputFilterByType DEFLATE application/rdf+xml application/rss+xml application/atom+xml AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript application/json AddOutputFilterByType DEFLATE application/x-font-ttf application/x-font-otf AddOutputFilterByType DEFLATE font/truetype font/opentype BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html </ifModule> # END Compress text files # BEGIN Cache-Control Headers <ifModule mod_headers.c> <filesMatch "\.(ico|jpe?g|png|gif|swf)$"> Header set Cache-Control "public" </filesMatch> <filesMatch "\.(css)$"> Header set Cache-Control "public" </filesMatch> <filesMatch "\.(js)$"> Header set Cache-Control "private" </filesMatch> <filesMatch "\.(x?html?|php)$"> Header set Cache-Control "private, must-revalidate" </filesMatch> </ifModule> # END Cache-Control Headers # BEGIN Turn ETags Off FileETag None # END Turn ETags Off # proc/self/environ? no way! RewriteCond %{QUERY_STRING} proc/self/environ [OR] # Block out any script trying to set a mosConfig value through the URL RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] # Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR] # Block out any script that includes a <script> tag in URL RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2}) Establish FTP connection We will start with the FTP connection establishment. Open your FileZilla installation and enter the following details: Hostname - enter your domain name or the name of the hosting server where your account resides; Username - enter the FTP username (you can use your cPanel username or the one of a new FTP account); Password - enter the corresponding FTP password; Port - enter the FTP port (by default it is 21); Click on the Quickconnect button the establish the FTP connection. Once the FTP connection is opened you will see the listing of the remote server's files and folders. Manage Files Using FileZilla If you have a web site created on your local computer, you will want to make it live by uploading its files on your web server. The cPanel software is installed on all the SiteGround servers. The root folder for the web site content is public_html. Select the web site files in the Local site area. Drag and drop them in the public_html folder under the Remote site area. In this way they will be accessible through your domain name. Sometimes you need to edit a file's code and update the web site functionality. Right-click on the chosen file and pick the View/Edit option. The file will be opened in the default text editor. Edit it and then save the changes. The FTP client will recognize the file modifications. It will prompt you whether to upload the modified file back on the server and delete the local copy from your computer. The other actions which you can perform on the files and folders are: Download - this option allows you to download files and folders from the remote server to your local computer; Add files to queue - allows to schedule a later transfer of the files; Create Directory - allows you to create a new folder under your current location; Delete - using it you can delete files and folders; Rename - you can rename files and folders; File Permissions - allows you to change the file permissions of files and folders; You can alter the owner, the group and the public permissions. You can define whether the files are readable, writable and executable. You can find more details about the file permissions in our cPanel tutorial. |
Благодарность от: | ||
Max Taxable |
#33
|
|||
|
|||
@Final kaoss
You are great man Just 1 question I am using only VBSEO hack https://vborg.vbsupport.ru/showthread.php?t=253516 not a complete software if i use this code i am secure 100% ? i mean upper you give. i am not using filezilla i use only direct upload |
#34
|
|||
|
|||
Will any of this work with vBulletin 3.8.x ?
|
#35
|
|||
|
|||
Quote:
But with this code , you can be secure more and your forum won't hack soon and easy |
#36
|
|||
|
|||
Hi, how is this works? i just have to upload it?
|
#37
|
|||
|
|||
Yes it works , Just upload it in to your root forum
|
#38
|
||||
|
||||
Well it depends what he has there currently. If he uploads this and overwrites his existing he could have issues.
Great work though. I really hate working with htaccess but have learned alot from guys like you. Thanks for posting this. |
#39
|
||||
|
||||
nice one but i am not useing vbseo what should i do then?
|
Thread Tools | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|