Skip to content
/ killer-htaccess Public

Secure your server, protect your web apps, load your sites faster, avoid malware, block malicious code, be Happy

21 stars 16 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

elitelinux/killer-htaccess

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
.htaccess
.htaccess
 
 
.htaccess.glpi
.htaccess.glpi
 
 
5g.htaccess
5g.htaccess
 
 
6g.htaccess
6g.htaccess
 
 
README.md
README.md
 
 
bb.htaccess
bb.htaccess
 
 
bbb.htaccess
bbb.htaccess
 
 
u.htaccess
u.htaccess
 
 

Repository files navigation

killer-htaccess

Secure your server, protect your web apps, load your sites faster, avoid malware, block malicious code, be Happy

Content

Apache htaccess rules to protect from DoS, Sql Injection, XSS and block bad bots.

PROTECT

Kill them all!:

  • E-mail harvesters
  • Content scrapers
  • Spam bots
  • Vulnerability scanners
  • Aggressive bots that provide little value
  • Bots linked to viruses or malware
  • Government surveillance bots
  • Russian search engine Yandex
  • Chinese search engine Baidu

SQL Injection Protection Attacks on web applications

SQL Injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker) SQL Injection Attack,

Protection XSS Attacks on web applications

XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy XSS Attack,

Yandex/Baidu

Unless your website is written in Russian or Chinese, you probably don't get any traffic from them. They mostly just waste bandwidth and consume resources.

Bots Are Liars

Bots try to make themselves look like other software by disguising their useragent. Their useragents may look harmless, perfectly legitimate even. For example, "^Java" but according to Project Honeypot, it's actually one of the most dangerous.

Setup

If you have a bizarre or complicated setup, be sure to look everything over before using it. But for anyone with something that resembles a standard Apache installation, this should work without any issues.

Xtras

Run this cmd in your shell to find malicious scripts in your server and security holes:

Find PHP backdoors ($>grep -RPnDskip "(passthru|shell_exec|system|phpinfo|base64_decode|chmod|mkdir|fopen|fclose|readfile) *(" /var/www/vhosts/myhost.com.co/httpdocs/ >sospechosos.txt)

Find vulnerable files in php ($>find / -type f -perm +6000 -ls >vulnerables1.txt)

Find PhP Simple Spammers ($>find /var/www/vhosts//httpdocs/ -type f -name ".php*" | xargs grep -l 'mail' | xargs grep -in 'mail' >resultado.txt)

Fix directories permissions: find /path/to/your/app/root/ -type d -exec chmod 755 {} ;

Fix file permissions: find /path/to/your/app/root/ -type f -exec chmod 644 {} ;

About

Secure your server, protect your web apps, load your sites faster, avoid malware, block malicious code, be Happy

Resources

Readme
Activity

Stars

21 stars

Watchers

6 watching

Forks

16 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages