php.ini questions - Joomla! Forum - community, help and support
hello, totally confused php.ini wondering if tell me, if server have register globals turned off , have settings below in .htaccess, plus password protected administrator directory need make changes php.ini file boost security?
<files .htaccess>
order allow,deny
deny all
</files>
indexignore */*
options +followsymlinks
options -indexes
# block out script trying set mosconfig value through url
rewritecond %{query_string} mosconfig_[a-za-z_]{1,21}(=|\%3d) [or]
# block out script trying base64_encode crap send via url
rewritecond %{query_string} base64_encode.*\(.*\) [or]
# block out script includes <script> tag in url
rewritecond %{query_string} (\<|%3c).*script.*(\>|%3e) [nc,or]
# block out script trying set php globals variable via url
rewritecond %{query_string} globals(=|\[|\%[0-9a-z]{0,2}) [or]
# block out script trying modify _request variable via url
rewritecond %{query_string} _request(=|\[|\%[0-9a-z]{0,2})
# send blocked request homepage 403 forbidden error!
rewriterule ^(.*)$ index.php [f,l]
########## block bad user agents
rewritecond %{http_user_agent} ^blackwidow [or]
rewritecond %{http_user_agent} ^bot\ mailto:craftbot@yahoo.com [or]
rewritecond %{http_user_agent} ^chinaclaw [or]
rewritecond %{http_user_agent} ^custo [or]
rewritecond %{http_user_agent} ^disco [or]
rewritecond %{http_user_agent} ^download\ demon [or]
rewritecond %{http_user_agent} ^ecatch [or]
rewritecond %{http_user_agent} ^eirgrabber [or]
rewritecond %{http_user_agent} ^emailsiphon [or]
rewritecond %{http_user_agent} ^emailwolf [or]
rewritecond %{http_user_agent} ^express\ webpictures [or]
rewritecond %{http_user_agent} ^extractorpro [or]
rewritecond %{http_user_agent} ^eyenetie [or]
rewritecond %{http_user_agent} ^flashget [or]
rewritecond %{http_user_agent} ^getright [or]
rewritecond %{http_user_agent} ^getweb! [or]
rewritecond %{http_user_agent} ^go!zilla [or]
rewritecond %{http_user_agent} ^go-ahead-got-it [or]
rewritecond %{http_user_agent} ^grabnet [or]
rewritecond %{http_user_agent} ^grafula [or]
rewritecond %{http_user_agent} ^hmview [or]
rewritecond %{http_user_agent} httrack [nc,or]
rewritecond %{http_user_agent} ^image\ stripper [or]
rewritecond %{http_user_agent} ^image\ sucker [or]
rewritecond %{http_user_agent} indy\ library [nc,or]
rewritecond %{http_user_agent} ^interget [or]
rewritecond %{http_user_agent} ^internet\ ninja [or]
rewritecond %{http_user_agent} ^jetcar [or]
rewritecond %{http_user_agent} ^joc\ web\ spider [or]
rewritecond %{http_user_agent} ^larbin [or]
rewritecond %{http_user_agent} ^leechftp [or]
rewritecond %{http_user_agent} ^mass\ downloader [or]
rewritecond %{http_user_agent} ^midown\ tool [or]
rewritecond %{http_user_agent} ^mister\ pix [or]
rewritecond %{http_user_agent} ^navroad [or]
rewritecond %{http_user_agent} ^nearsite [or]
rewritecond %{http_user_agent} ^netants [or]
rewritecond %{http_user_agent} ^netspider [or]
rewritecond %{http_user_agent} ^net\ vampire [or]
rewritecond %{http_user_agent} ^netzip [or]
rewritecond %{http_user_agent} ^octopus [or]
rewritecond %{http_user_agent} ^offline\ explorer [or]
rewritecond %{http_user_agent} ^offline\ navigator [or]
rewritecond %{http_user_agent} ^pagegrabber [or]
rewritecond %{http_user_agent} ^papa\ foto [or]
rewritecond %{http_user_agent} ^pavuk [or]
rewritecond %{http_user_agent} ^pcbrowser [or]
rewritecond %{http_user_agent} ^realdownload [or]
rewritecond %{http_user_agent} ^reget [or]
rewritecond %{http_user_agent} ^sitesnagger [or]
rewritecond %{http_user_agent} ^smartdownload [or]
rewritecond %{http_user_agent} ^superbot [or]
rewritecond %{http_user_agent} ^superhttp [or]
rewritecond %{http_user_agent} ^surfbot [or]
rewritecond %{http_user_agent} ^takeout [or]
rewritecond %{http_user_agent} ^teleport\ pro [or]
rewritecond %{http_user_agent} ^voideye [or]
rewritecond %{http_user_agent} ^web\ image\ collector [or]
rewritecond %{http_user_agent} ^web\ sucker [or]
rewritecond %{http_user_agent} ^webauto [or]
rewritecond %{http_user_agent} ^webcopier [or]
rewritecond %{http_user_agent} ^webfetch [or]
rewritecond %{http_user_agent} ^webgo\ [or]
rewritecond %{http_user_agent} ^webleacher [or]
rewritecond %{http_user_agent} ^webreaper [or]
rewritecond %{http_user_agent} ^websauger [or]
rewritecond %{http_user_agent} ^website\ extractor [or]
rewritecond %{http_user_agent} ^website\ quester [or]
rewritecond %{http_user_agent} ^webstripper [or]
rewritecond %{http_user_agent} ^webwhacker [or]
rewritecond %{http_user_agent} ^webzip [or]
rewritecond %{http_user_agent} ^widow [or]
rewritecond %{http_user_agent} ^wwwoffle [or]
rewritecond %{http_user_agent} ^xaldon\ webspider [or]
rewritecond %{http_user_agent} ^zeus
serversignature off
rewritecond %{request_method} ^(head|trace|delete|track) [nc,or]
rewritecond %{the_request} ^.*(\\r|\\n|%0a|%0d).* [nc,or]
rewritecond %{http_referer} ^(.*)(<|>|’|%0a|%0d|%27|%3c|%3e|%00).* [nc,or]
rewritecond %{http_cookie} ^.*(<|>|’|%0a|%0d|%27|%3c|%3e|%00).* [nc,or]
rewritecond %{request_uri} ^/(,|;|:|<|>|”>|”<|/|\\\.\.\\).{0,9999}.* [nc,or]
rewritecond %{http_user_agent} ^$ [or]
rewritecond %{http_user_agent} ^(java|curl|wget).* [nc,or]
rewritecond %{http_user_agent} ^.*(winhttp|httrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [nc,or]
rewritecond %{http_user_agent} ^.*(libwww-perl|curl|wget|python|nikto|scan).* [nc,or]
rewritecond %{http_user_agent} ^.*(<|>|’|%0a|%0d|%27|%3c|%3e|%00).* [nc,or]
#block mysql injects
rewritecond %{query_string} ^.*(;|<|>|’|”|\)|%0a|%0d|%22|%27|%3c|%3e|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [nc,or]
thanks!
<files .htaccess>
order allow,deny
deny all
</files>
indexignore */*
options +followsymlinks
options -indexes
# block out script trying set mosconfig value through url
rewritecond %{query_string} mosconfig_[a-za-z_]{1,21}(=|\%3d) [or]
# block out script trying base64_encode crap send via url
rewritecond %{query_string} base64_encode.*\(.*\) [or]
# block out script includes <script> tag in url
rewritecond %{query_string} (\<|%3c).*script.*(\>|%3e) [nc,or]
# block out script trying set php globals variable via url
rewritecond %{query_string} globals(=|\[|\%[0-9a-z]{0,2}) [or]
# block out script trying modify _request variable via url
rewritecond %{query_string} _request(=|\[|\%[0-9a-z]{0,2})
# send blocked request homepage 403 forbidden error!
rewriterule ^(.*)$ index.php [f,l]
########## block bad user agents
rewritecond %{http_user_agent} ^blackwidow [or]
rewritecond %{http_user_agent} ^bot\ mailto:craftbot@yahoo.com [or]
rewritecond %{http_user_agent} ^chinaclaw [or]
rewritecond %{http_user_agent} ^custo [or]
rewritecond %{http_user_agent} ^disco [or]
rewritecond %{http_user_agent} ^download\ demon [or]
rewritecond %{http_user_agent} ^ecatch [or]
rewritecond %{http_user_agent} ^eirgrabber [or]
rewritecond %{http_user_agent} ^emailsiphon [or]
rewritecond %{http_user_agent} ^emailwolf [or]
rewritecond %{http_user_agent} ^express\ webpictures [or]
rewritecond %{http_user_agent} ^extractorpro [or]
rewritecond %{http_user_agent} ^eyenetie [or]
rewritecond %{http_user_agent} ^flashget [or]
rewritecond %{http_user_agent} ^getright [or]
rewritecond %{http_user_agent} ^getweb! [or]
rewritecond %{http_user_agent} ^go!zilla [or]
rewritecond %{http_user_agent} ^go-ahead-got-it [or]
rewritecond %{http_user_agent} ^grabnet [or]
rewritecond %{http_user_agent} ^grafula [or]
rewritecond %{http_user_agent} ^hmview [or]
rewritecond %{http_user_agent} httrack [nc,or]
rewritecond %{http_user_agent} ^image\ stripper [or]
rewritecond %{http_user_agent} ^image\ sucker [or]
rewritecond %{http_user_agent} indy\ library [nc,or]
rewritecond %{http_user_agent} ^interget [or]
rewritecond %{http_user_agent} ^internet\ ninja [or]
rewritecond %{http_user_agent} ^jetcar [or]
rewritecond %{http_user_agent} ^joc\ web\ spider [or]
rewritecond %{http_user_agent} ^larbin [or]
rewritecond %{http_user_agent} ^leechftp [or]
rewritecond %{http_user_agent} ^mass\ downloader [or]
rewritecond %{http_user_agent} ^midown\ tool [or]
rewritecond %{http_user_agent} ^mister\ pix [or]
rewritecond %{http_user_agent} ^navroad [or]
rewritecond %{http_user_agent} ^nearsite [or]
rewritecond %{http_user_agent} ^netants [or]
rewritecond %{http_user_agent} ^netspider [or]
rewritecond %{http_user_agent} ^net\ vampire [or]
rewritecond %{http_user_agent} ^netzip [or]
rewritecond %{http_user_agent} ^octopus [or]
rewritecond %{http_user_agent} ^offline\ explorer [or]
rewritecond %{http_user_agent} ^offline\ navigator [or]
rewritecond %{http_user_agent} ^pagegrabber [or]
rewritecond %{http_user_agent} ^papa\ foto [or]
rewritecond %{http_user_agent} ^pavuk [or]
rewritecond %{http_user_agent} ^pcbrowser [or]
rewritecond %{http_user_agent} ^realdownload [or]
rewritecond %{http_user_agent} ^reget [or]
rewritecond %{http_user_agent} ^sitesnagger [or]
rewritecond %{http_user_agent} ^smartdownload [or]
rewritecond %{http_user_agent} ^superbot [or]
rewritecond %{http_user_agent} ^superhttp [or]
rewritecond %{http_user_agent} ^surfbot [or]
rewritecond %{http_user_agent} ^takeout [or]
rewritecond %{http_user_agent} ^teleport\ pro [or]
rewritecond %{http_user_agent} ^voideye [or]
rewritecond %{http_user_agent} ^web\ image\ collector [or]
rewritecond %{http_user_agent} ^web\ sucker [or]
rewritecond %{http_user_agent} ^webauto [or]
rewritecond %{http_user_agent} ^webcopier [or]
rewritecond %{http_user_agent} ^webfetch [or]
rewritecond %{http_user_agent} ^webgo\ [or]
rewritecond %{http_user_agent} ^webleacher [or]
rewritecond %{http_user_agent} ^webreaper [or]
rewritecond %{http_user_agent} ^websauger [or]
rewritecond %{http_user_agent} ^website\ extractor [or]
rewritecond %{http_user_agent} ^website\ quester [or]
rewritecond %{http_user_agent} ^webstripper [or]
rewritecond %{http_user_agent} ^webwhacker [or]
rewritecond %{http_user_agent} ^webzip [or]
rewritecond %{http_user_agent} ^widow [or]
rewritecond %{http_user_agent} ^wwwoffle [or]
rewritecond %{http_user_agent} ^xaldon\ webspider [or]
rewritecond %{http_user_agent} ^zeus
serversignature off
rewritecond %{request_method} ^(head|trace|delete|track) [nc,or]
rewritecond %{the_request} ^.*(\\r|\\n|%0a|%0d).* [nc,or]
rewritecond %{http_referer} ^(.*)(<|>|’|%0a|%0d|%27|%3c|%3e|%00).* [nc,or]
rewritecond %{http_cookie} ^.*(<|>|’|%0a|%0d|%27|%3c|%3e|%00).* [nc,or]
rewritecond %{request_uri} ^/(,|;|:|<|>|”>|”<|/|\\\.\.\\).{0,9999}.* [nc,or]
rewritecond %{http_user_agent} ^$ [or]
rewritecond %{http_user_agent} ^(java|curl|wget).* [nc,or]
rewritecond %{http_user_agent} ^.*(winhttp|httrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [nc,or]
rewritecond %{http_user_agent} ^.*(libwww-perl|curl|wget|python|nikto|scan).* [nc,or]
rewritecond %{http_user_agent} ^.*(<|>|’|%0a|%0d|%27|%3c|%3e|%00).* [nc,or]
#block mysql injects
rewritecond %{query_string} ^.*(;|<|>|’|”|\)|%0a|%0d|%22|%27|%3c|%3e|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [nc,or]
thanks!
possibly..... <shrug>
you need review php security pages, security sites , determine other setting server has configured , else acheived. there suhosin herdened php project idea assist in cause.
[edit] security guide in notes above forum, contains suggestions commonly used , provide additional protection or @ least, reduce risks involved in public facing php website.
you need review php security pages, security sites , determine other setting server has configured , else acheived. there suhosin herdened php project idea assist in cause.
[edit] security guide in notes above forum, contains suggestions commonly used , provide additional protection or @ least, reduce risks involved in public facing php website.
Comments
Post a Comment