Posted by shimmyshack on 09/09/07 08:14

On Sep 9, 4:33 am, "Reffo" <min_onkels_nevoe@varm_mail.com> wrote:
> "Ian Hobson" <ian.hob...@ntlworld.com> skrev i meldingnews:ZtGEi.28744$Db6.19105@newsfe3-win.ntli.net...
>
> > Reffo wrote:
> >> Hi.
>
> > Hi Reffo,
>
> >> I'm very new to PHP, and just want to stop some attacks, and spammers.
>
> >> They all are using =http:// in the query string,
>
> > Not a php answer, but as you are using Apache, you might try
>
> > RewriteEngine on
> > RewriteCond %{QUERY_STRING} .*http:\/\/.*
> > Rewriterule ^(.*) /ignore [F]
>
> > This will return a "forbidden 403" error to any url where the query string
> > contains http:// anywhere in it.
>
> > I know that I will stop
> >> some other
> >> visitors too.
> > Nah.
> > I can't think of a legitimate visitor ever needing to put this in the
> > query string.
>
> Hi. Yes, The AltaVista transaltor an other web based translators is using
> =http
>
> But, thank you. At least I have a start for now, I've tested it, and it's
> working.
> The bad beavhiors is writtened in the htaccess file.
>
> If I find any leagal engine that uses this strings, I only have to remove
> them from
> the htaccess file. They won't be banned anymore.
>
> Than-You once again!
>
> Regards,
> Trond
>
>
>
> >> Is it possible to put a script in my index.php to redirect people /
> >> robots using
> >> such commands / remote attacks? If so, I would like an example please!
>
> > It could be done with php, but the above will be quicker, and cover all
> > file pages, not just index.php.
>
> >> I would like to redirect them to another place that is banning them from
> >> my site.
> > I don't understand what this means.
>
> > You could send then elsewhere with
>
> > Rewriterule ^(.*) http://www.elsewhere.com/[L]
>
> > in place of the Rewriterule above.
>
> >> I've tried using query_sting in htaccess without any luck.
>
> > You can place the code above in server config (anywhere in hpptd.conf),
> > virtual host, directory, or .htaccess context. For .htaccess to work
> > allowoverride must not be none.
>
> > For anything to work. mod-rewrite must be loaded. i.e. you find a line in
> > httpd.comf that is like...
>
> > LoadModule rewrite_module modules/mod_rewrite.so
>
> > And remove any leading #
>
> > Regards
>
> > Ian

you could also install the mod_security module and visit the "cool
rules" project to get a load of rules to protect your server form all
kinds of attacks not just the one you mentioned. I recommend this as
it gives you peace of mind when you see worms and other nasties in
your logs.

• Next in forum: Re: Confused on load balancing
• Prev in forum: Re: PHP Scripts to run in another directory with IIS
• Thread view: Re: Redirection based on Query string

[Reply to this message]