Robot Portal

Easily manage all aspects of your account | Knowledgebase |

LiveChat | Let's Talk
Customer Portal

Home MEMBERS HOME

Knowledgebase

  1. Portal Home
  2. Knowledgebase
  3. Security Issue
  4. .htaccess against MySQL injections and other hacks!

.htaccess against MySQL injections and other hacks!

MySQL injection attempts are one of the most common hacking attacks against PHP websites. If your website is hosted on a dedicated or virtual server, the best solution is to your server hardened with proper mod_security rules. However, if you're on shared hosting, this is not an option. If you now think that it's not possible to protect your website against various hacking methods on shared hosting, you're wrong. Although it's not possible to use advanced strategies to protect your website, you're still able to protect it against hacking attempts using .htaccess rules. To implement such a protection, append your current .htaccess file with the following code, or create a new file called .htaccess, if you don't use any yet, and place it in your website's main folder:

#####################################################

# Script: htaccess Security                                                                   #

# Version: 1.0                                                                                     # 

#  ### Changelog ###                                                                        #

# v1.0 - 2012-02-14                                                                            #

#####################################################

# No web server version and indexes

ServerSignature Off

Options -Indexes

 

# Enable rewrite engine

RewriteEngine On

 

# Block suspicious request methods

RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]

RewriteRule ^(.*)$ - [F,L]

 

# Block WP timthumb hack

RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]

RewriteRule . - [S=1]

 

# Block suspicious user agents and requests

RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]

RewriteCond %{HTTP_USER_AGENT} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]

RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]

RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]

RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]

RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]

RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]

RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]

 

# Block MySQL injections, RFI, base64, etc.

RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]

RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]

RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]

RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]

RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]

RewriteCond %{QUERY_STRING} ftp\: [NC,OR]

RewriteCond %{QUERY_STRING} http\: [NC,OR]

RewriteCond %{QUERY_STRING} https\: [NC,OR]

RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]

RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]

RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]

RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]

RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]

RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]

RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]

RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]

RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]

RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]

RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]

RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]

RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|encode) [NC,OR]

RewriteCond %{QUERY_STRING} (sp_executesql) [NC]

RewriteRule ^(.*)$ - [F,L]

 

# Deny browser access to config files

 

Order allow,deny

Deny from all

#Allow from 1.2.3.4


It should work fine with most PHP scripts and has been tested with WordPress and Joomla!. If you want to run your install.php or directly access a config file with your browser, remove the hash symbol at the end of the file before "Allow from 1.2.3.4" and replace "1.2.3.4" with your external IP. .htaccess files will only work with Apache and LiteSpeed.
  • 102 Users Found This Useful

Was this answer helpful?

Related Articles

My Joomla has been hacked!

A Joomla is usually compromised when it or its components / modules are outdated. Another very...

What happens to someone abusing system resources?

The offending site will be suspended and the owner will be given an opportunity to fix the...

How to submit a DMCA complaint?

Reporting copyright infringement? You must follow these steps before submitting any information...

SQL injection, insertion!

SQL injection is an attack where malicious code is passed to an SQL Server for execution. The...

My account was hacked!

If you are the victim of a hacker you can mail to our support department and our experts will...

  Tag Cloud

.htaccess browser leverage caching Tomcat

  Support

  My Support Tickets   Announcements   Knowledgebase   Downloads   Network Status   Open Ticket
Secured by Certum
certum seal tag
Robot Engine | v8.2.5

Over 20000 Satisfied Customers!

  • web hosting reviewer
    Valerie Quinn
    CTO, Acteon Group

    Centriohost staff were fantastic, I had a concern with a domain and they got back to me very quickly and they helped me to resolve the issue! ~ . . . Read more

  • Joomla hosting reviewer
    Collin Bryan
    Photographer, Allister Freeman

    I'm using centrio for my portfolio since 2006. The transition was seamless, the support was immediate, and everything works perfectly. ~ . . . Read more

  • dedicated server reviewer
    Harry Collett
    Actor, A&J Artists

    Very easy to understand & use even though I am not very technologically minded. No complications whatsoever & I wouldn't hesitate to recommend it to all. ~ . . . Read more

  • vps web hosting reviewer
    Porfirio Santos
    Technician, Diageo PLC

    Centrio support team have been amazingly responsive and helpful to any of my queries, thank you so much to the Centriohost have been amazingly responsive and helpful to any of my queries 👍👍👍 ~ . . . Read more

  • wordpress hosting plans reviewer
    Catherine Auer
    Doctor, SmartClinics

    Anytime I've had a problem I can't solve, I've found Centriohost to be diligent and persistent. They simply won't let an issue go until the client is happy. ~ . . . Read more

  • reseller hosting reviewer
    Effectivo Social
    Freelancer, Fiverr

    Recommend their shared hosting for all my SME web design clients. Their cloud or VME offerings are too great to deal with. Pricing is perfect and suitable for all users (͠≖ ͜ʖ͠≖) 👌 ~ . . . Read more