Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
block with htaccess
Following an attack from over 170,000 different IPs in one of my sites a few days ago I am trying to block access to urls containing specific keywords but I am totally lost as everything I try either does not work or returns a 500 error
Basically the code below does not work
<FilesMatch /?m=any&q=|/?m=any=|/index.php?s=|/?m=any&q=1>
order allow,deny
deny from all
</FilesMatch>whereas
RewriteCond %{QUERY_STRING} ^m\=any$- [F]
RewriteRule ^ - [F]and
RewriteEngine On
RewriteCond %{THE_REQUEST} ^.*(wp-login).* [NC]
RewriteRule ^(.*)$ - [F,L]return 500 errors.
Could anyone suggest alternatives which might work?
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: block with htaccess
anyone?
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: block with htaccess
I’m still working on this
RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/|fckeditor).* [NC]
RewriteRule .* - [F,NS,L]also returns a 500 error. I’m really lost as to how I can protect my sites from another attack. For the sake of the rest of us, I wish WP had fewer exploits.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: block with htaccess
Yiannis, do you have access to the error log? Sometimes, those 500 error messages leave some trace behind. It would be useful to find out what’s exactly triggering the 500 error.
I’d suggest you to begin with a really small rule that works, and add up from there (until it breaks again).
BTW, this one on your OP:
RewriteCond %{QUERY_STRING} ^m\=any$- [F]
RewriteRule ^ - [F]Not sure why that one could be breaking exactly, but I notice 2 possible issues there:
1) $-. That part of the regex won’t match anything, as $ matches the end of the string, so the - after it will never match. I don’t think that would trigger a 500 error, but you never know.
2) [F] (at the end of the RewriteCond line). I don’t think you can use that flag (which returns a 403 Forbidden) there on that line. It’s OK to use it in the last line, but not the first one. So, that could be triggering your 400 error too.
Offline
Re: block with htaccess
Hi Julián, Thanks for responding
Although there are error logs, the 500 errors are not reported.
I tried
RewriteCond %{QUERY_STRING} ^m\=any [NC]
RewriteRule ^ - [F]but it just returns the home page.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: block with htaccess
I don’t think you have to escape the = (it’s not a special char on PCRE regex, afaik), and that could be a good reason for your condition not being matched.
Also, for reference: wiki.apache.org/httpd/RewriteQueryString
Offline
Re: block with htaccess
Thanks again! It’s a holiday here tomorrow so i will be able to experiment with it.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: block with htaccess
After 10 hours of experiments I found out that none of the rules worked. I now am totally confused.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: block with htaccess
Could you provide more info on what isn’t working?
Do any other “simple” (not related to what you are trying to do) rewrite rule work as expected?
Offline
Re: block with htaccess
Basically they either return a 500 error or there was no error but also no blocking.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Pages: 1