I am having a problem with Vietnamese hackers exploiting PHPnuke 6.0 -
the file auth.php specifically. They are able to pass variables to the
admin.php file, and my main programmer, who would normally deal with
this, appears to be on vacation? I'd like to make a quick fix by using
.htaccess to block "hotlinking" of admin.php. That is, all requests to
"admin.php?op=" must come from within my domain. I understand there
would be many ways to defeat this, but it appears our hackers are just
naive script kiddies literally copying and pasting code from another
site that documents the exploit (without even supplying a patch to fix
it too!)
My code attempt at writing the .htaccess code is as follows, but it isn't working:
#anti-hacking by Alkon April 26 04
RewriteCond %{HTTP_REFERER} !^http://www.paradoxpoetry.com/.*$ [NC]
RewriteRule admin.php?op=$ - [F]
#ReWriteRule admin.php?op=.*\.php$ http://www.example.com [R,L]
so, the solution to this question would be to fix the above code, or
figure out how to patch the actual exploit. This link:
http://vnmagic.info/forum/index.php?showtopic=665&st=0�entry3519
is the page where the hackers brag about their apparent success at
defacing the website of a harmless non-profit poetry organization.
Also, any advice about anti-hacking laws in Vietnam would be
appreciated. |
Request for Question Clarification by
webadept-ga
on
26 Apr 2004 18:18 PDT
We could probably help you with this, there are two things I would
like to mention first however. First, before you bang your head on the
desk for too long, you should confirm that your Apache server is not
ignoring .htaccess altogether. Many servers are set to do so, and in
fact this is the default install setting. What this means is, you
could write a prefect .htaccess, and nothing will ever change. The
second thing I would like to mention is you ae asking a question which
requires some skill in Apache, PHP and security. Your bid maybe too
low for consideration.
thanks,
webadept-ga
|
