Let's say you want to protect againts hacking,and using method with simply blocking loading url.So let's say someone hacked your index.html and changed links to lead to his domain.com.Is it possible to block what would be loaded on site ?(to prevent possible future hacking intrusions)
View 6 Replies
how can i provide temporary urls for users on my server like [url]until the actual domain resolves? ive seen this done in with cpanel but i dont know how its done exactly. my current server does not have cpanel.
View 11 Replies View RelatedAre there any scripts out there that can protect URLs? For an example I am trying to protect a megaupload.com URL with a masking URL and making sure that the masking URL is only access by a referral site. Can this be done?
View 1 Replies View RelatedI'm testing scripts on new server now, and server has 2 problems.
1. I can not enter domain name as "get" parameter. For example, if I'm requesting URL like domain.com/file.php?url=[url] - it does not work. If I'm requesting URL like domain.com/file.php?url=[url](please note it has INVALID extension for TLD) - it works!
2. fsockopen and file_get_contents does not work. I added these settings into php.ini:
allow_url_fopen = On
allow_url_include = On
...and nothing works. I get just blank pages when using these functions.
Server is running cpanel + apache 2.2 + php 5 + APF firewall
I just found hundreds of rubbish urls in awstats for a particular domain. Is this referrer spam or something more serious and can I do something about this?
I have attached a screenshot.
1.Find .htaccess file in root folder
2.Open .htaccess file
3.Delete all content
4.Type in this code(using your domain ):
<IfModule mod_rewrite.c>RewriteEngine onRewriteBase /RewriteCond %{HTTP_HOST} !^www.example.co.uk$ [NC]RewriteRule ^(.*)$ http://www.example.co.uk/$1 [L,R=301]RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]</IfModule>
We're running Apache 2.4.3 on Slackware 14:
LCMlinux ~> uname -a
Linux LCMlinux 3.2.29-smp #2 SMP Mon Sep 17 13:16:43 CDT 2012 i686
LCMlinux ~> httpd -v
Server version: Apache/2.4.3 (Unix)
Server built: Aug 23 2012 11:07:26
LCMlinux ~>
We are using this both for the Trac issue-tracking application and for a small, simple internal mirror web site. Trac is working perfectly; the web site works if exact URLs are provided (as in <a href=...>
One of the sites I have, is placed on a non-Apache server (the others are). Phpinfo() gives this:
Server API CGI
I'd like to make search engine-friendly URLs for all my sites. All of them will do fine with mod_rewrite, but that's not possible on this server, it seems. Anybody here knows how I can do this for this particular server?
I need htaccess file for one of my sites. I've searched everywhere, and I can't find a solution for my problem.
System Info:
Easy Apache v3.18.1
CentOS 6.3 (x86_64)
So I'm trying to redirect all URLs in a certain query range to a new website. i.e.,
mydomain.com/?p=35000
mydomain.com/?p=35001
mydomain.com/?p=35002
mydomain.com/?p=35003
etc.
all need to 301 redirect to myotherdomain.com
I don't need to append each query to the new domain. All the URLs simply need to redirect to the naked domain of the other site. So
mydomain.com/?p=35000 is not redirecting to myotherdomain.com/?p=35000
It is simply redirecting to myotherdomain.com
Also, I need to redirect the specific series ([35000-35999]) to the new domain. I want to redirect the www and the non-www URLs.
I've attempted to write the code myself, but when I upload the htaccess file, the URLs are not redirecting. I'm doing something wrong.
Here's what I've tried:
Code:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^mydomain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.mydomain.com$
RewriteCond %{QUERY_STRING} ^p=([35000-35999]*)$
RewriteRule ^(.*)$ "http://myotherdomain.com/" [R=301,L]
This redirect redirects all subpages of a domain to another domain while not redirecting to index.php but to same page, only at another domain:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^cz.hq-scenes.com$ [NC]
RewriteRule ^(.*)$ http://cz.hq-scenes.com/$1 [R=301,L]
I want to achieve that only pages like /viewtopic.php...............
will be redirected (............. means any other characters)
How to redirect all viewtopic.php pages only? How to modify it?
I need to accomplish the following:
1. User hits my new 2.4 reverse proxy at [URL] ....
2. I proxy the request through to my "real" app server at [URL] ....
3. I also use a re-write rule to add a querystring to the URL: ?Parameter=Foo
4. So, client's request arrives at the my app server as [URL] .....
5. When my app server responds, it is including the Parameter=Foo key/value combination. I don't want this.
6. I want my reverse proxy (somebox.com) to strip "Parameter=Foo" from the string which gets returned to the client.
I have steps 1 & 2 working nicely, but it looks like I can't handle the last bit with with mod_rewrite. I found mod_filter and mod_substitute, but it appears that this stuff is used for re-writing strings IN the document. Can these libs be used to maybe modify (I'm guessing here) the headers so that the "?Parameter=Foo" string can't be seen on the client if they're running something like fiddler?
I've taken over a site that caters for client access. They all access there own folder, and in the folder the files have an include with a relative path as below.
/core - contains all the actual files
/client/file.php -
<? include "../core/file.php";?>
but with the growing number of clients I want to go a level deeper and separate them better...
/uk/client/file.php -
<? include "../../core/file.php";?>
This is fine but when the files are included, they too have there own relative includes and this is where it breaks.
There are so many files I can't easily go through them to change all the include paths so I would like to maybe do a rewrite to fake the path? I've tried this...
RewriteRule^uk/$ /
But that doesn't work.
I used a little vServer with ubuntu (turnkey) and use logwatch to be informed by email about any errors. I'm confused about the following errors from Apache:
--------------------- httpd Begin ------------------------
Requests with error response codes
404 Not Found
http://translate.google.com/gen204: 1 Time(s)
http://www.teddybrinkofski.com/ip_json.php: 1 Time(s)
503 Service Unavailable
http://www.google.com/: 1 Time(s)
---------------------- httpd End -------------------------
These errors are definetly not from my own code. I have checked that mod_proxy is disabled and i disabled also CONNECT like here described: [URL] ....
What does these errors mean and how can i disabled this?
My website is on 1and1 shared hosting and to enable PHP I needed to put in my .htaccess the following
AddType x-mapp-php5 .php .html .htm .shtml
I am attempting to add a header to a number of requested urls i.e. domain/feeds/chicago, domain/feeds/*.I understand that this can be achieved by
•using mod_rewrite to set an environment variable
•using mod_headers to add a header based on the existence of an environment variable.
So far I can add the a new header thus Header add RSS_FEED_URL "Akamai-Edge-Control"
I have a WP online shop using WP E-commerce plugin 3.8.9 together with the SEO Yoast plugin.My problem in that when exploring the product URLs ending with / in google webmaster tools, it displays 404. But the same URL without / is found and ok. I must day that both URLs show up correctly in browsers and the non / version is redirected to the one ending in /.Here is my .htaccess:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
I could solve this problem by setting a redirect to non / URLs instead.
I'm trying to use nginx php-fpm on my forum, and to set friendly url's, I am told to add this to nginx config:
Code:
location / {
try_files $uri $uri/ /index.php?$uri&$args;
index index.php index.html;
[Code] ....
I try adding this using the Additional Nginx Directives, and get this error:
Code:
Invalid nginx configuration: nginx: [emerg] duplicate location "/" in /var/www/vhosts/system/domain.com/conf/vhost_nginx.conf:1 nginx: configuration file /etc/nginx/nginx.conf test failed
I think if my domain was in a folder, this wouldn't be a problem. I really don't want to change that, though.
I'm migrating some websites from old server with virtualmin, some websites have files with special characters as à ,ö,ç etc...
On the other server the files (images for example) are served well but on the new server with plesk 11.5 error 404 appears. (Nginx reverse proxy is activated)...
My Linux (CentOS) server with Plesk 12 is giving HTTP 414 errors ("URL too long") in response to URLs which are over 256 characters in length. They happen to include a GET variable in the query string which accounts for most of this length, and if I shorten it manually, it works. But I can't change the script to submit a shorter URL or send it by POST, because it comes from an external payment processing server which I don't control.
Adding the following lines to my /etc/httpd/conf/httpd.conf file and restarting Apache does not work:
LimitRequestLine 8190
LimitRequestFieldSize 8190
The URLs I'm trying to use are well short of 8190 bytes; they are around 800 characters long.
Is this something that Plesk affects / can control? Is there a way to see what the current maximum setting for URL length is, and to change it?
I'm migrating some websites from old server with virtualmin, some websites have files with special characters as à ,ö,ç etc.. On the other server the files (images for example) are served well but on the new server with plesk 11.5 error 404 appears. (Nginx reverse proxy is activated)
View 1 Replies View RelatedI have question: How to redirect specific useragent on specific URLs to specific URLs in .htaccess [Question]
E.g.:
I want to redirect 301 with conditional:
Code:
useragent: Firefox
from my url1: domain[dot]com/old-url1/
from my url2: domain[dot]com/old-url2/
to
Code:
to new url1: in my url1: domain[dot]com/new-url1/
to new url2: in my url1: domain[dot]com/new-url2/
I create this in my .htaccess but not work
Code:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} googlebot [NC]
RewriteRule ^/?this-is-url/?$ domain[dot]com [L,R,NC]
I've had it with EV1. On any given day we get 30-50 BFD attacks from their servers. That doesn't include the dozens of other types of attempts per day our IPS/IDS catch. We've also traced back client servers that were hacked directly via EV1 servers.
It's obvious that EV1 does little or nothing to stop these issues. We spoke to the FBI about these issues and their comments lead me to believe that EV1 is one of the major sources of these issues and that EV1 has shown little or no effort to curb the problem or cooperate in stopping the issue.
We have elected to now block all all EV1 IPS.
Drastic measures, not really. If they won't take care of their own problems I no longer want them dumped at my door step. I think other hosts might want to think about this.
At the moment it will block people who login with the wrong username/password 5 times. it also blocks people if they do the wrong email settings.
Is there a way to turn the pop3/email blocking off?
I am hitting a limit on number of POP signons per hour imposed by my host. I host maybe 10 domains on this account and have 4 or 5 email addresses to monitor for each domain. If I check once every 15 minutes I run up against a limit on the number of POP3 signons permitted by my ip. Add this to having multiple mail clients behind a NAT router and I am beginning to have real problems.
Does anyone else have this issue? Is my only workaround to forward all email to a single account or install a local mail server? Does 100 POP signons an hour from a single IP sound like a lot to anyone? Any advice?
I have 2 server one is Linux server+Cpanel+CSF firewall where my site is running and one is windows server where my exchange mail server is running .Now thing is that when anyone send mail through my web site (after filling contact form) to me it doesn't come to my email id but when i stop my firewall and then i check contact form and fill it the mail goes to my mail id.
I have php script with SMTP authentication.
which port is blocked in my firewall and after disabling firewall it work.how can i check when firewall is on that time why mails are not coming in my email id that time which port is blocked by firewall.
Allow Port in firewall:-- 25,80,20,21,465,443,110,143
seems one of my sites has been added to some mega "toplist" site thats bringing in fake traffic to my site which is basically like a DOS attack - over 1000 connections.
coming from
[url]
[url]
[url]
linking to a php file in one of my accounts which has since been removed. however still getting a heck of a lot of hits, they probably all see 404 messages which still causes load on my server.
any suggestions how to fix this? the traffic is referred from above urls but hundreds of ip addresses. is there anyway to blacklist the referrer so people are just blocked, period?
Running freebsd with pf, and was wondering if there's anything like www.fixingtheweb.info for pf instead of IP tables? Otherwise it'll be a long day
View 1 Replies View RelatedI had a few sites hacked today. I'm using phpbb (all updates) and, apparently, the only thing they did was to drop the database and replace it with one featuring a single post "advertising" their hacker group. I tried bringing everything back on-line, but they would just attack again and take it down quickly... I'm thinking it's probably just some script kiddies.
They announce themselves as "turkish hackers". Browsing around for their message, I found they attacked quite a few sites. What I was thinking, to help preventing this from happening again, is to ban all visitors from Turkey (none of these sites has a need for them, as they're aimed at a local audience).
Can I do this simply by using "deny from .tr" in htaccess? Or are there any more steps to be taken?
I have my server set up with the smtp daemon running on port 125, and assp listening on ports 25 and 26, and forwarding to port 125 if the mail passes. This setup has been working for months and months. Already today I've received several emails.
I just attempted to send an email, however, and thunderbird could not connect to port 26. (I use an alternate port because my ISP blocks port 25 except to their mail servers)
So I thought that assp had stopped running. Attempted to go to myip:55555, but the page would not load. Now I really thought assp was broken. SSH'd into server and was able to telnet to localhost, port 26 without an issue. Was also able to lynx [url] without an issue.
Since I'm able to log in to all of these weird ports via SSH but not from my local computer, I'm apt to think that they are blocking the ports (for some reason).
Is there any way I can test this theory? Nothing has changed on my side firewall-wise, and the poor girl at the ISP company didn't even know what a port was. I would like to be 100% sure before I give them another call demanding to speak to someone higher up...
how to ban our blocking IP Location in my server like country range?
and how can i know the IP's country range?
as per apf firewall issue
Jul 17 02:03:02 duck kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:01:02:c9:94:20:00:90:69:8a:f3:f0:08:00 SRC=192.168.1.43 DST=192.168.1.220 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=40428 DF PROTO=TCP SPT=37079 DPT=3306 WINDOW=5840 RES=0x00 SYN URGP=0
i already added 192.168.1.43 ip in allow list.
tcp:in : d=3306 : s=192.168.1.43
d=3306 : s =192.168.1.43
tcp: out : d=3306 : s =192.168.1.43
# added 192.168.1.43 on 07/19/07 01:15:21
192.168.1.43
But ip is still blocking traffic while monitor mysql....
