Professional Htaccess VB 4

[final kaoss]

Here, I have revised your current htaccess for better security & to give your forum more speed and no rewrites as you said. But for protecting the admincp & cpanel this should help with most of that unless someone RAT's you or tries to Brute Force Crack your password.

Code:

 <IfModule mod_suphp.c>
  suPHP_ConfigPath /home/My Site/public_html
  <Files php.ini>
   order allow,deny
   deny from all
  </Files>
 </IfModule>


<IfModule mod_rewrite.c>
  RewriteEngine on

  # If vbulletin is in a subdirectory, add it here
  RewriteBase /

  # Retrieve gamedata requests and send to new dbtech locations
  RewriteRule ^arcade/gamedata/(.*) dbtech/vbarcade/media/$1 [L]

  # Retrieve crossdomain requests and send to new dbtech location
  RewriteRule ^crossdomain\.xml dbtech/vbarcade/crossdomain.xml [L]

  # Send hardcoded pnf+ipa scores to arcade instead
  RewriteCond %{QUERY_STRING} func=storeScore [OR]
  RewriteCond %{QUERY_STRING} autocom=arcade [OR]
  RewriteCond %{QUERY_STRING} act=Arcade
  RewriteRule .* arcade.php [L,QSA]

  # Reroute v3arcade liveinstaller
  RewriteCond %{QUERY_STRING} do=liveinstall
  RewriteCond %{REQUEST_URI} v3arcade_admin\.php

  # If you renamed your admincp directory, change it here
  RewriteRule .* %{DOCUMENT_ROOT}/********/arcade_admin.php?%{QUERY_STRING}&do=review&import=browse&system=v3a [L,R=301]
</IfModule>
RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********

#Deny attempts to view the Htaccess file and other files.
<Files .htaccess>
Order allow,deny
Deny from all
</Files>

<Files 403.shtml>
order allow,deny
Deny from all
</Files>


# BEGIN W3TC Browser Cache
<IfModule mod_mime.c>
    AddType text/css .css
    AddType application/javascript .js
    AddType application/x-javascript .js
    AddType text/html .html .htm
    AddType text/richtext .rtf .rtx
    AddType image/svg+xml .svg .svgz
    AddType text/plain .txt
    AddType text/xsd .xsd
    AddType text/xsl .xsl
    AddType text/xml .xml
    AddType video/asf .asf .asx .wax .wmv .wmx
    AddType video/avi .avi
    AddType image/bmp .bmp
    AddType application/java .class
    AddType video/divx .divx
    AddType application/msword .doc .docx
    AddType application/x-msdownload .exe
    AddType image/gif .gif
    AddType application/x-gzip .gz .gzip
    AddType image/x-icon .ico
    AddType image/jpeg .jpg .jpeg .jpe
    AddType application/vnd.ms-access .mdb
    AddType audio/midi .mid .midi
    AddType video/quicktime .mov .qt
    AddType audio/mpeg .mp3 .m4a
    AddType video/mp4 .mp4 .m4v
    AddType video/mpeg .mpeg .mpg .mpe
    AddType application/vnd.ms-project .mpp
    AddType application/vnd.oasis.opendocument.database .odb
    AddType application/vnd.oasis.opendocument.chart .odc
    AddType application/vnd.oasis.opendocument.formula .odf
    AddType application/vnd.oasis.opendocument.graphics .odg
    AddType application/vnd.oasis.opendocument.presentation .odp
    AddType application/vnd.oasis.opendocument.spreadsheet .ods
    AddType application/vnd.oasis.opendocument.text .odt
    AddType audio/ogg .ogg
    AddType application/pdf .pdf
    AddType image/png .png
    AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx
    AddType audio/x-realaudio .ra .ram
    AddType application/x-shockwave-flash .swf
    AddType application/x-tar .tar
    AddType image/tiff .tif .tiff
    AddType audio/wav .wav
    AddType audio/wma .wma
    AddType application/vnd.ms-write .wri
    AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw
    AddType application/zip .zip
</IfModule>
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType text/css A31536000
    ExpiresByType application/x-javascript A31536000
    ExpiresByType text/html A3600
    ExpiresByType text/richtext A3600
    ExpiresByType image/svg+xml A3600
    ExpiresByType text/plain A3600
    ExpiresByType text/xsd A3600
    ExpiresByType text/xsl A3600
    ExpiresByType text/xml A3600
    ExpiresByType video/asf A31536000
    ExpiresByType video/avi A31536000
    ExpiresByType image/bmp A31536000
    ExpiresByType application/java A31536000
    ExpiresByType video/divx A31536000
    ExpiresByType application/msword A31536000
    ExpiresByType application/x-msdownload A31536000
    ExpiresByType image/gif A31536000
    ExpiresByType application/x-gzip A31536000
    ExpiresByType image/x-icon A31536000
    ExpiresByType image/jpeg A31536000
    ExpiresByType application/vnd.ms-access A31536000
    ExpiresByType audio/midi A31536000
    ExpiresByType video/quicktime A31536000
    ExpiresByType audio/mpeg A31536000
    ExpiresByType video/mp4 A31536000
    ExpiresByType video/mpeg A31536000
    ExpiresByType application/vnd.ms-project A31536000
    ExpiresByType application/vnd.oasis.opendocument.database A31536000
    ExpiresByType application/vnd.oasis.opendocument.chart A31536000
    ExpiresByType application/vnd.oasis.opendocument.formula A31536000
    ExpiresByType application/vnd.oasis.opendocument.graphics A31536000
    ExpiresByType application/vnd.oasis.opendocument.presentation A31536000
    ExpiresByType application/vnd.oasis.opendocument.spreadsheet A31536000
    ExpiresByType application/vnd.oasis.opendocument.text A31536000
    ExpiresByType audio/ogg A31536000
    ExpiresByType application/pdf A31536000
    ExpiresByType image/png A31536000
    ExpiresByType application/vnd.ms-powerpoint A31536000
    ExpiresByType audio/x-realaudio A31536000
    ExpiresByType application/x-shockwave-flash A31536000
    ExpiresByType application/x-tar A31536000
    ExpiresByType image/tiff A31536000
    ExpiresByType audio/wav A31536000
    ExpiresByType audio/wma A31536000
    ExpiresByType application/vnd.ms-write A31536000
    ExpiresByType application/vnd.ms-excel A31536000
    ExpiresByType application/zip A31536000
</IfModule>


# BEGIN Compress text files
<ifModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/xml text/css text/plain
  AddOutputFilterByType DEFLATE image/svg+xml application/xhtml+xml application/xml
  AddOutputFilterByType DEFLATE application/rdf+xml application/rss+xml application/atom+xml
  AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript application/json
  AddOutputFilterByType DEFLATE application/x-font-ttf application/x-font-otf
  AddOutputFilterByType DEFLATE font/truetype font/opentype


  BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</ifModule>
# END Compress text files
 
 
# BEGIN Cache-Control Headers
<ifModule mod_headers.c>
  <filesMatch "\.(ico|jpe?g|png|gif|swf)$">
    Header set Cache-Control "public"
  </filesMatch>
  <filesMatch "\.(css)$">
    Header set Cache-Control "public"
  </filesMatch>
  <filesMatch "\.(js)$">
    Header set Cache-Control "private"
  </filesMatch>
  <filesMatch "\.(x?html?|php)$">
    Header set Cache-Control "private, must-revalidate"
  </filesMatch>
</ifModule>
# END Cache-Control Headers
 
# BEGIN Turn ETags Off
FileETag None
# END Turn ETags Off




# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})

Here's how to for beginners. Thank siteground.

Establish FTP connection
We will start with the FTP connection establishment.

Open your FileZilla installation and enter the following details:

Hostname - enter your domain name or the name of the hosting server where your account resides;

Username - enter the FTP username (you can use your cPanel username or the one of a new FTP account);

Password - enter the corresponding FTP password;

Port - enter the FTP port (by default it is 21);


Click on the Quickconnect button the establish the FTP connection.

Once the FTP connection is opened you will see the listing of the remote server's files and folders.

Manage Files Using FileZilla
If you have a web site created on your local computer, you will want to make it live by uploading its files on your web server. The cPanel software is installed on all the SiteGround servers. The root folder for the web site content is public_html. Select the web site files in the Local site area. Drag and drop them in the public_html folder under the Remote site area. In this way they will be accessible through your domain name.


Sometimes you need to edit a file's code and update the web site functionality. Right-click on the chosen file and pick the View/Edit option.


The file will be opened in the default text editor. Edit it and then save the changes. The FTP client will recognize the file modifications. It will prompt you whether to upload the modified file back on the server and delete the local copy from your computer.


The other actions which you can perform on the files and folders are:

Download - this option allows you to download files and folders from the remote server to your local computer;

Add files to queue - allows to schedule a later transfer of the files;

Create Directory - allows you to create a new folder under your current location;

Delete - using it you can delete files and folders;

Rename - you can rename files and folders;

File Permissions - allows you to change the file permissions of files and folders; You can alter the owner, the group and the public permissions. You can define whether the files are readable, writable and executable. You can find more details about the file permissions in our cPanel tutorial.

[tanzeelniazi]

@Final kaoss
You are great man
Just 1 question
I am using only VBSEO hack https://vborg.vbsupport.ru/showthread.php?t=253516
not a complete software if i use this code i am secure 100% ? i mean upper you give.
i am not using filezilla i use only direct upload

[MylesM]

Will any of this work with vBulletin 3.8.x ?

[Moh4m4d]

Quote:

Originally Posted by tanzeelniazi

@Final kaoss
You are great man
Just 1 question
I am using only VBSEO hack https://vborg.vbsupport.ru/showthread.php?t=253516
not a complete software if i use this code i am secure 100% ? i mean upper you give.
i am not using filezilla i use only direct upload

Secure will never ever 100%
But with this code , you can be secure more and your forum won't hack soon and easy

[ceroalreves]

Hi, how is this works? i just have to upload it?

[Moh4m4d]

Quote:

Originally Posted by ceroalreves

Hi, how is this works? i just have to upload it?

Yes it works , Just upload it in to your root forum

[RichieBoy67]

Quote:

Originally Posted by Moh4m4d

Yes it works , Just upload it in to your root forum

Well it depends what he has there currently. If he uploads this and overwrites his existing he could have issues.

Great work though. I really hate working with htaccess but have learned alot from guys like you. Thanks for posting this.

[friendlymela]

nice one but i am not useing vbseo what should i do then?