Security: Automatically block someone who is snooping around your site
In this article, we will expand on our PHP Ban script and show you how to automatically ban people attempting to snoop around your website.
For this article, you will need the PHP script mentioned in the other article here.
Now, create or edit the htaccess file located in the public_html folder and add the following to the bottom.
<FilesMatch 403.shtml> Order Allow,Deny Allow From All </FilesMatch> RewriteEngine On ## #######################! WARNING !########################## ## ## Make SURE you read the following rewrite rules to make sure ## ## that none of them affect your actual site and to make sure ## ## they are not blocking real, needed files or folders. ## ## ############################################################ ## ## Keep the following for added security against snooping ## RewriteRule ^phpmyadmin /block.php [NC] RewriteRule ^README /block.php [NC] ## Unless you use your cgi-bin, keep the following ## RewriteRule ^cgi-bin/formemail.cgi /block.php [NC] RewriteRule ^cgi-bin /block.php [NC] RewriteRule ^cgi-bin/(.*)$ /block.php [NC] ## Remove the following if you ARE using WordPress ## RewriteRule ^wp-admin /block.php [NC] RewriteRule ^wp-content /block.php [NC] RewriteRule ^wp-includes /block.php [NC] RewriteRule ^wp-config /block.php [NC] RewriteRule ^wp-cron /block.php [NC] ## Remove the following if you ARE using Joomla ## RewriteRule ^administrator /block.php [NC] RewriteRule ^components /block.php [NC] ## Remove the following if you ARE using phpBB ## RewriteRule ^adm /block.php [NC] ## Remove the following if you ARE using Magento ## RewriteRule ^var /block.php [NC] RewriteRule ^app /block.php [NC] RewriteRule ^downloader /block.php [NC] RewriteRule ^pkginfo /block.php [NC] ## Remove the following if you ARE using Moodle ## RewriteRule ^auth /block.php [NC] RewriteRule ^backup /block.php [NC] RewriteRule ^grade /block.php [NC] RewriteRule ^iplookup /block.php [NC] RewriteRule ^message /block.php [NC] RewriteRule ^mnet /block.php [NC] RewriteRule ^plagiarism /block.php [NC] RewriteRule ^webservices /block.php [NC] ############### START BANS ############### |
With this change, and with the PHP script from the other article you will now be able to automatically ban people snooping around where they shouldn’t be. Make sure you review the htaccess file to make sure that no legitimate files are being blocked.
Lavinia December 17, 2013 at 2:14 pm
I used this files on my site and also added my IP address to the white list array but when I get to administrator page (I use Joomla) It only shows me “Hello user! Because your IP address (xxx.xxx.xxx.xxx) is in our whitelist, you were not banned for attempting to visit this page. End of line.” It should redirect me isn’t it?
James Davey December 17, 2013 at 7:36 pm
Hello Lavinia,
It definitely should be redirecting you, yes. If it is not, you may want to contact our support team about it. They can take a look, and see what is causing the redirect to not work.
bill March 24, 2015 at 12:44 pm
:-(
James Davey March 24, 2015 at 1:31 pm
Hi Bill,
I’m sorry this has upset you. Can you expand on this? We’d love to help, or to answer any questions you may have about this.
bill March 27, 2015 at 11:26 am
It can block and bots;
James Davey March 27, 2015 at 1:24 pm
Hi Bill,
Yes, this can block bots. Any connection that meets the criteria will be blocked.
bill March 28, 2015 at 1:42 pm
The Wpscan is not detected.
James Davey March 30, 2015 at 5:55 am
Hi Bill,
I am sorry to hear that. If you’re having trouble with this, have you contacted our support team?