Posted By

dennyhalim on 05/26/09


Tagged

htaccess block exploit


Versions (?)

Who likes this?

4 people have marked this snippet as a favorite

dennyhalim
montanaflynn
vali29
wirenaught


block common wordpress exploit


 / Published in: Apache
 

URL: http://www.askapache.com/htaccess/htaccess-plugin-blocks-spam-hackers-and-password-protects-blog.html

  1. RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
  2. RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ ///.*\ HTTP/ [NC,OR]
  3. RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\=?(http|ftp|ssl|https):/.*\ HTTP/ [NC,OR]
  4. RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\?.*\ HTTP/ [NC,OR]
  5. RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(asp|ini|dll).*\ HTTP/ [NC,OR]
  6. RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(htpasswd|htaccess|aahtpasswd).*\ HTTP/ [NC]
  7. RewriteRule .* - [F,NS,L]

Report this snippet  

Comments

RSS Icon Subscribe to comments
Posted By: montanaflynn on June 18, 2009

Is this still needed with 2.8?

You need to login to post a comment.