Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2015-03-29 08:07:41

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

block with htaccess

Following an attack from over 170,000 different IPs in one of my sites a few days ago I am trying to block access to urls containing specific keywords but I am totally lost as everything I try either does not work or returns a 500 error

Basically the code below does not work

<FilesMatch /?m=any&q=|/?m=any=|/index.php?s=|/?m=any&q=1>
order allow,deny
deny from all
</FilesMatch>

whereas

RewriteCond %{QUERY_STRING} ^m\=any$- [F]
RewriteRule ^ - [F]

and

RewriteEngine On
RewriteCond %{THE_REQUEST} ^.*(wp-login).* [NC]
RewriteRule ^(.*)$ - [F,L]

return 500 errors.

Could anyone suggest alternatives which might work?


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#2 2015-03-30 04:56:44

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: block with htaccess

anyone?


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#3 2015-03-31 13:54:47

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: block with htaccess

I’m still working on this

RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/|fckeditor).* [NC]
RewriteRule .* - [F,NS,L]

also returns a 500 error. I’m really lost as to how I can protect my sites from another attack. For the sake of the rest of us, I wish WP had fewer exploits.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#4 2015-03-31 14:46:28

maniqui
Member
From: Buenos Aires, Argentina
Registered: 2004-10-10
Posts: 3,070
Website

Re: block with htaccess

Yiannis, do you have access to the error log? Sometimes, those 500 error messages leave some trace behind. It would be useful to find out what’s exactly triggering the 500 error.

I’d suggest you to begin with a really small rule that works, and add up from there (until it breaks again).

BTW, this one on your OP:

RewriteCond %{QUERY_STRING} ^m\=any$- [F]
RewriteRule ^ - [F]

Not sure why that one could be breaking exactly, but I notice 2 possible issues there:

1) $-. That part of the regex won’t match anything, as $ matches the end of the string, so the - after it will never match. I don’t think that would trigger a 500 error, but you never know.

2) [F] (at the end of the RewriteCond line). I don’t think you can use that flag (which returns a 403 Forbidden) there on that line. It’s OK to use it in the last line, but not the first one. So, that could be triggering your 400 error too.


La música ideas portará y siempre continuará

TXP Builders – finely-crafted code, design and txp

Offline

#5 2015-03-31 15:07:36

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: block with htaccess

Hi Julián, Thanks for responding

Although there are error logs, the 500 errors are not reported.

I tried

RewriteCond %{QUERY_STRING} ^m\=any [NC]
RewriteRule ^ - [F]

but it just returns the home page.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#6 2015-03-31 16:07:46

maniqui
Member
From: Buenos Aires, Argentina
Registered: 2004-10-10
Posts: 3,070
Website

Re: block with htaccess

I don’t think you have to escape the = (it’s not a special char on PCRE regex, afaik), and that could be a good reason for your condition not being matched.
Also, for reference: wiki.apache.org/httpd/RewriteQueryString


La música ideas portará y siempre continuará

TXP Builders – finely-crafted code, design and txp

Offline

#7 2015-03-31 19:00:34

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: block with htaccess

Thanks again! It’s a holiday here tomorrow so i will be able to experiment with it.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#8 2015-04-01 15:04:32

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: block with htaccess

After 10 hours of experiments I found out that none of the rules worked. I now am totally confused.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#9 2015-04-01 15:47:32

maniqui
Member
From: Buenos Aires, Argentina
Registered: 2004-10-10
Posts: 3,070
Website

Re: block with htaccess

Could you provide more info on what isn’t working?
Do any other “simple” (not related to what you are trying to do) rewrite rule work as expected?


La música ideas portará y siempre continuará

TXP Builders – finely-crafted code, design and txp

Offline

#10 2015-04-01 16:51:53

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: block with htaccess

Basically they either return a 500 error or there was no error but also no blocking.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

Board footer

Powered by FluxBB