damianm2007
23-11-2015, 22:31
witajcie :)
Musiałem zablokować odpalanie plików php przez stronę bo mi jakiś syf ciągle coś wgrywa na joomle i wysyła spam... brak mi sił...
Joomla 2.5x
Z racji tego, że tak zrobiłem nie mogę wejść do administracji joomli hehe :)
Mogę sobie tego htaccessa wyłączać i włączać, ale nie tylko ja pracuje na tej stronie i tu jest problem..
## Can be commented out if causes errors, see notes above.Options+FollowSymLinks
#
# mod_rewrite in use
RewriteEngineOn
RewriteRule(.+)/$ /$1.html [L,R=301]
RewriteCond%{REQUEST_URI}/component/|(/[^.]*|\.(php|html|feed|pdf|vcf|raw))$ [NC]
RewriteRule.* index.php [L]
########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
## Deny access to extension xml files (uncomment out to activate)
#<Files ~ "\.xml$">
#Order allow,deny
#Deny from all
#Satisfy all
#</Files>
## End of deny access to extension xml files
# Block out any script trying to set a mosConfig value through the URL
RewriteCond%{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D)[OR]
# Block out any script trying to base64_encode data within the URL
RewriteCond%{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a ********** tag in URL
RewriteCond%{QUERY_STRING}(<|%3C)([^s]*s)+cript.*(>|%3E)[NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond%{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2})[OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond%{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule.* index.php [F]
#
########## End - Rewrite rules to block out some common exploits
########## Begin - Joomla! core SEF Section
#
RewriteRule.*-[E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond%{REQUEST_URI}!^/index\.php
# and the request is for root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond%{REQUEST_URI}(/[^.]*|\.(php|html?|feed|pdf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond%{REQUEST_FILENAME}!-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond%{REQUEST_FILENAME}!-d
# internally rewrite the request to the index.php script
RewriteRule.* index.php [L]
########### End - Joomla! core SEF Section
Co moge dodac / zmienić aby wchodzić do adminki?
Musiałem zablokować odpalanie plików php przez stronę bo mi jakiś syf ciągle coś wgrywa na joomle i wysyła spam... brak mi sił...
Joomla 2.5x
Z racji tego, że tak zrobiłem nie mogę wejść do administracji joomli hehe :)
Mogę sobie tego htaccessa wyłączać i włączać, ale nie tylko ja pracuje na tej stronie i tu jest problem..
## Can be commented out if causes errors, see notes above.Options+FollowSymLinks
#
# mod_rewrite in use
RewriteEngineOn
RewriteRule(.+)/$ /$1.html [L,R=301]
RewriteCond%{REQUEST_URI}/component/|(/[^.]*|\.(php|html|feed|pdf|vcf|raw))$ [NC]
RewriteRule.* index.php [L]
########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
## Deny access to extension xml files (uncomment out to activate)
#<Files ~ "\.xml$">
#Order allow,deny
#Deny from all
#Satisfy all
#</Files>
## End of deny access to extension xml files
# Block out any script trying to set a mosConfig value through the URL
RewriteCond%{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D)[OR]
# Block out any script trying to base64_encode data within the URL
RewriteCond%{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a ********** tag in URL
RewriteCond%{QUERY_STRING}(<|%3C)([^s]*s)+cript.*(>|%3E)[NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond%{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2})[OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond%{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule.* index.php [F]
#
########## End - Rewrite rules to block out some common exploits
########## Begin - Joomla! core SEF Section
#
RewriteRule.*-[E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond%{REQUEST_URI}!^/index\.php
# and the request is for root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond%{REQUEST_URI}(/[^.]*|\.(php|html?|feed|pdf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond%{REQUEST_FILENAME}!-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond%{REQUEST_FILENAME}!-d
# internally rewrite the request to the index.php script
RewriteRule.* index.php [L]
########### End - Joomla! core SEF Section
Co moge dodac / zmienić aby wchodzić do adminki?