Quantcast
Channel: Comments on: Another Update on the osCommerce .htaccess Hack
Viewing all articles
Browse latest Browse all 2

By: Tim

0
0

Try this one


########## Hardcore Security for osCommerce HTACCESS v1.0.1 ###########
########## AUTHOR: TE TAIPO - rohepotae@gmail.com ###########
## See readme.txt for instructions ###########

Options +SymLinksIfOwnerMatch

# disable the server signature
ServerSignature off

# set the server administrator email
SetEnv SERVER_ADMIN default@yourdomain.com

# ~~~~ START OF FILTERING ~~~~~ #

# secure htaccess and other files

Order Allow,Deny
Deny from all

# add whatever configuration files here that are hosted on your server
# that you want blocked

Order allow,deny
Deny from all

# disable access to the osCommerce config.php

deny from all

# disable access to the osCommercce admin config.php

deny from all

RewriteEngine On
RewriteBase /

# server request method
RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD|OPTIONS) [OR]

# osCommerce 2.2x
RewriteCond %{THE_REQUEST} ^.*\.php/login\.php.*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*login.php\?action\=backupnow.*$ [NC,OR]

# _REQUEST
RewriteCond %{THE_REQUEST} \?\ HTTP/1. [NC,OR]
RewriteCond %{THE_REQUEST} \/\*\ HTTP/1. [NC,OR]
RewriteCond %{THE_REQUEST} %20HTTP/1. [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (showimg=|cookies=|passwd) [NC,OR]
RewriteCond %{QUERY_STRING} (file_get_contents\(|setcookie\() [NC,OR]
RewriteCond %{QUERY_STRING} (\,0x3a\,|unescape\(|fromcharcode|pwtoken_get|php_uname|passthru\() [NC,OR]
RewriteCond %{QUERY_STRING} (eval\%28|eval\%2528|eval\(|base64_(en|de)code[^(]*\([^)]*\)|base64_encode.*\(.*\)) [NC,OR]
RewriteCond %{QUERY_STRING} (JHs\=|replace\(|return\%20clk|boot\.ini|php\/password_for|announce\?info_hash) [NC,OR]
RewriteCond %{QUERY_STRING} (\_START\_|\=alert\(|mysql\_query|\.\.\/cmd|rush\=|EXTRACTVALUE\(|phpinfo\() [NC,OR]
RewriteCond %{QUERY_STRING} (\/frameset|\$\_SESSION|\$\_REQUEST|\$HTTP\_|mosConfig\_|inurl\:|\/iframe|onload\=) [NC,OR]
RewriteCond %{THE_REQUEST} (allow_url_fopen|\%23include\+\<|get_defined_vars\(|\%22\'\%2f|error_reporting\(0\)) [NC,OR]
RewriteCond %{THE_REQUEST} (fwrite\(|waitfor\%20delay|shell_exec|gzinflate\(|prompt\(|php_value\%20auto) [NC,OR]
RewriteCond %{THE_REQUEST} (onmouseover|onmousedown|ct\(this) [NC,OR]
RewriteCond %{THE_REQUEST} (ftp\:\/\/|1\=1\-\-|current\_user\(\)|\%3Cform|sha1\(|self\/environ) [NC,OR]
RewriteCond %{THE_REQUEST} (\<\%3Fphp|\%\%|1\+and\+1|\/iframe|\$\_GET|document\.cookie|onload\%3d|onunload\%3d) [NC,OR]
RewriteCond %{THE_REQUEST} (\%00|hex\_ent|ob\_starting|PHP\_SELF|etc\/passwd|shell\_exec|data\:\/\/|\$\_SERVER|\$\_POST) [NC,OR]
RewriteCond %{THE_REQUEST} (\%bf\%5c\%27|\%bf\%27|\%ef\%bb\%bf|\%8c\%5c|\%a3\%27) [NC,OR]
RewriteCond %{THE_REQUEST} (\=0\^\() [NC,OR]
RewriteCond %{THE_REQUEST} (\@\@datadir|\@\@version|version\(\)|localhost|\}\)\%3B|Set\-Cookie|\%253C\%2Fscript\%253E) [NC,OR]
RewriteCond %{THE_REQUEST} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

# http referer
RewriteCond %{HTTP_REFERER} (|'|%0A|%0D|%00) [NC,OR]

# mysql related
RewriteCond %{QUERY_STRING} (null\,null|outfile|load_file) [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (order).*(by).*(\%[0-9A-Z]{0,2}) [NC,OR]
RewriteCond %{QUERY_STRING} (waitfor|delay|shutdown).*(nowait) [NC,OR]
RewriteCond %{QUERY_STRING} (union|and|position).*(select).*(ascii\(|bin\(|benchmark\(|cast\(|char\(|charset\(|collation\(|concat\(|concat_ws\(|table_schema) [NC,OR]
RewriteCond %{QUERY_STRING} (union|and|position).*(select).*(conv\(|convert\(|count\(|database\(|decode\(|diff\(|distinct\(|elt\(}encode\(|encrypt\() [NC,OR]
RewriteCond %{QUERY_STRING} (union|and|position).*(select).*(extract\(|field\(|floor\(|format\(|hex\(|if\(|in\(|information_schema|insert\(|instr\(|interval\(|lcase\() [NC,OR]
RewriteCond %{QUERY_STRING} (union|and|position).*(select).*(left\(|length\(|load_file\(|locate\(|lock\(|log\(|lower\(|lpad\(|ltrim\(|max\(|md5\(|mid\() [NC,OR]
RewriteCond %{QUERY_STRING} (union|and|position).*(select).*(mod\(|now\(|null\(|ord\(|password\(|position\(|quote\(|rand\(|repeat\(|replace\(|reverse\() [NC,OR]
RewriteCond %{QUERY_STRING} (union|and|position).*(select).*(right\(|rlike\(|row_count\(|rpad\(|rtrim\(|_set\(|schema\(|sha1\(|sha2\(|sleep\(|soundex\() [NC,OR]
RewriteCond %{QUERY_STRING} (union|and|position).*(select).*(space\(|strcmp\(|substr\(|substr_index\(|substring\(|sum\(|time\(|trim\(|truncate\(|ucase\() [NC,OR]
RewriteCond %{QUERY_STRING} (union|and|position).*(select).*(unhex\(|upper\(|_user\(|user\(|values\(|varchar\(|version\(|xor\() [NC,OR]

# cookies
RewriteCond %{HTTP_COOKIE} (|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_COOKIE} (eval\%28|eval\%2528|eval\(|information_schema) [NC,OR]
RewriteCond %{HTTP_COOKIE} (null\,null|outfile) [NC,OR]
RewriteCond %{HTTP_COOKIE} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{HTTP_COOKIE} (union|and|position).*(select).*(ascii\(|bin\(|benchmark\(|cast\(|char\(|charset\(|collation\(|concat\(|concat_ws\(|table_schema) [NC,OR]
RewriteCond %{HTTP_COOKIE} (union|and|position).*(select).*(conv\(|convert\(|count\(|database\(|decode\(|diff\(|distinct\(|elt\(}encode\(|encrypt\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (union|and|position).*(select).*(extract\(|field\(|floor\(|format\(|hex\(|if\(|in\(|information_schema|insert\(|instr\(|interval\(|lcase\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (union|and|position).*(select).*(left\(|length\(|load_file\(|locate\(|lock\(|log\(|lower\(|lpad\(|ltrim\(|max\(|md5\(|mid\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (union|and|position).*(select).*(mod\(|now\(|null\(|ord\(|password\(|position\(|quote\(|rand\(|repeat\(|replace\(|reverse\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (union|and|position).*(select).*(right\(|rlike\(|row_count\(|rpad\(|rtrim\(|_set\(|schema\(|sha1\(|sha2\(|sleep\(|soundex\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (union|and|position).*(select).*(space\(|strcmp\(|substr\(|substr_index\(|substring\(|sum\(|time\(|trim\(|truncate\(|ucase\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (union|and|position).*(select).*(unhex\(|upper\(|_user\(|user\(|values\(|varchar\(|version\(|xor\() [NC,OR]

# LFI and session hijacking
RewriteCond %{QUERY_STRING} \=(\.\./\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} \=(\.\.//\./?)+ [OR]
RewriteCond %{QUERY_STRING} \=(\.\.\\\.\./?)+ [OR]
RewriteCond %{QUERY_STRING} \=(\.\.\\\\\./?)+ [OR]
RewriteCond %{QUERY_STRING} \/tmp\/sess_ [NC,OR]
RewriteCond %{QUERY_STRING} php:\/\/filter\/read=convert\.base64-(en|de)code\/ [NC,OR]

# if expose_php is set to on
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC]

RewriteRule ^(.*)$ - [F,L]

# ~~~~ END OF FILTERING ~~~~~ #
# OPTIONAL EXTRAS
# Uncomment and use.
# If Error 500 encountered then comment out

# disable directory browsing, if error 500 encountered then comment out
# Options All -Indexes

# prevent folder listing, if error 500 encountered then comment out
# IndexIgnore *

# php_value session.use_trans_sid 0

# auto keep the config file read only
# chmod configure.php files 444

# turn off magic_quotes_gpc
#
# php_flag magic_quotes_gpc off
#

########## End of Hardcore Security for osCommerce HTACCESS v1.0.1 #################


Viewing all articles
Browse latest Browse all 2

Latest Images

Trending Articles





Latest Images