Configuraciones .htaccess

Posted on 13:45 by Xianur0

Metodos anti-bots:
Filtrado por cookie:

.htaccess:
RewriteEngine On
RewriteCond %{HTTP_COOKIE}!^.*Test-bot.*$ [NC]
RewriteRule .* /setcookie.php [NC,L
]

setcookie.php:

<?php
setcookie("Test-bot", 'ok', httponly);

?>


Filtrado por user-agent:

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^UbiCrawler [OR]
RewriteCond %{HTTP_USER_AGENT} ^MSIECrawler [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Scanner [OR]
RewriteCond %{HTTP_USER_AGENT} ^Acunetix\ Web\ Scanner [OR]
RewriteCond %{HTTP_USER_AGENT} ^Acunetix\ Vulnerability\ Scanner [OR]
RewriteCond %{HTTP_USER_AGENT} ^Acunetix\ Vulnerability\ Scanner [OR]
RewriteCond %{HTTP_USER_AGENT} ^HTTrack [OR]
RewriteCond %{HTTP_USER_AGENT} ^libwww-perl [OR]
RewriteCond %{HTTP_USER_AGENT} ^libwww [OR]
RewriteCond %{HTTP_USER_AGENT} ^perl [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus [OR]
RewriteRule ^.* - [F,L]
SetEnvIf Acunetix-User-agreement http://www.acunetix.com/wvs/disc.htm no_access=yes
RewriteCond %{ENV:no_access} yes
RewriteRule .* - [F,L]


Como Notaran Filtre tambien al acunetix (totalmente en las ultimas lineas:
SetEnvIf Acunetix-User-agreement http://www.acunetix.com/wvs/disc.htm no_access=yes
RewriteCond %{ENV:no_access} yes
RewriteRule .* - [F,L]


en las cuales lo que decimos es: si el existe el header
Acunetix-User-agreement con contenido: http://www.acunetix.com/wvs/disc.htm Mandar Forbiden)

Filtrado de robo de Cookies:

RewriteCond %{HTTP_COOKIE} PHPSESSID=([^;]+) [NC]
RewriteRule ^(.*)$ - [env=sessid:%1]
Header set Set-Cookie "PHPSESSID=%{sessid}e; path=/; HttpOnly" env=sessid


En este caso filtre unicamente la cookie PHPSESSID (ya que solo es un codigo de ejemplo) pero puede cambiar el nombre de la cookie.

Restringir Metodos:

RewriteCond %{REQUEST_METHOD} !^(GET|POST)
RewriteRule .* - [F,L]
IndexIgnore *

Para entender mas esto, leer mi texto de hacking HTTP.


Desactivar el Upload:

LimitRequestBody 0

Eso es util unicamente si no usamos un gestor en el directorio de nuestra web para subir archivos (cada quien le ve su utilidad en la seguridad).

Honeypot a los scanneres HTTP de tipo Brutes Forces:
IndexIgnore *
Options All -Indexes
ErrorDocument 101 /error.php
ErrorDocument 204 /error.php
ErrorDocument 205 /error.php
ErrorDocument 400 /error.php
ErrorDocument 500 /error.php
ErrorDocument 400 /error.php
ErrorDocument 403 /error.php
ErrorDocument 404 /error.php
ErrorDocument 405 /error.php
ErrorDocument 406 /error.php
ErrorDocument 407 /error.php
ErrorDocument 408 /error.php
ErrorDocument 409 /error.php
ErrorDocument 411 /error.php
ErrorDocument 413 /error.php
ErrorDocument 414 /error.php
ErrorDocument 416 /error.php
ErrorDocument 417 /error.php
ErrorDocument 501 /error.php
ErrorDocument 502 /error.php
ErrorDocument 503 /error.php
ErrorDocument 504 /error.php
ErrorDocument 505 /error.php

Codigo del error.php:
<?php
echo '<b>Warning:</b> mysql_query(): Access denied for user: root@localhost (Using

  password: YES) in <b>/home/root/public_html/mysql.php</b> on line <b>12</b>';
?>

La idea de esto fue de inyexion jeje..

4 comentarios:

Lessiem Taralom dijo...

Che que pasó con el "Exploit Blogger"?? lo tengo indexado en mi blogroll pero la entrada no la encuentra. Te la borraron los de blogger??

>> s E t H << dijo...

buenisimo esto.. lastima que no tengo host :P

Xianur0 dijo...

mmmm lo quite por que tenia algunas "deficiencias"

FJR dijo...

muy bueno thera, ya vere como implementarlo