[Snake]

Thanks. First install!

[Terminatoronly]

yeah first install i hope you like the hack

[Forza]

is this considered a hack nowadays? anyways i would also add the codes to protect the admincp folder and definitly the code to block the common shell extensions. very handy file

[StrifeX]

First of all, I wouldn't consider this to do anything with vBulletin whatsoever, second of all, apparently this only works with cPanel or what?

[Terminatoronly]

first i would like to say thanks for your replies and i know its not a product or plugin to add to vbulletin but this one is much better than the hacks that i find for blocking ip and for StrifeX question well this one its not about cpanel its about ur .htaccess file with this file you can protect your forum like lets say you want to protect your forum (admincp) the index file you can protect it from this file and you can protect config file so you can be safe with this file and i would like to tell you all that i posted this one because most of us need this file so i thought its handy for you but if you dont i am happy for your replies

[The Finman]

.htaccess is for Apache.

While it is possible to install Apache on a Windows server...why?

Why wouldn't you just use Apache instead?

First, .htaccess files are very powerful tools, and they (along with .htpasswd) are also probably one of the most underrated server tools available to a web admin running Apache.

But I think using them falls outside of vBulletin modifications, simply because many vBulletin admins don't run Apache. And even though I personally dislike Windows ASP servers, there are plenty of admins that do like (or don't have a choice when it comes to) Windows servers. While it is possible to install Apache on top of Windows in order to make use of .htaccess...why?

I love using .htaccess files....as there are a bunch of other uses for .htaccess in addition to blocking IPs or password (.htpasswd) protecting folders.

For example, If you have a "troll" board that is directly linking to your site or board, and they are clicking through that link they and coming over and infesting your board with their nonsense...you can use an .htaccess file to send anyone clicking through that link to anywhere you want (it doesn't work if they copy and paste the link in their browser window instead of clicking through it, but most trolls are not that smart).

Many a time I have forwarded links posted to my board from trolls, to complety different web sites (and/or servers for that matter) that can contain malicious (or prank) scripts.

You really want to see the "troll fur fly"? Watch as other trolls click through that link and are sent to a real nasty web page, causing either harm or the appearance of harm to their computer.

Trust me,they are not too happy with the troll that posted that link which just screwed up their computer (remember they have been redirected to an entirely different web site and server).

Anyway, I've seen "troll' turn against "troll" as they start attacking and/or banning each other.

For example...

Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://www.troll_bulletin_board.com
RewriteRule /* http://www.malicious_website.org [R,L]
RewriteCond %{HTTP_REFERER} ^http://troll_bulletin_board.com
RewriteRule /* http://www.malicious_website.org [R,L]

If Troll "A" posts a direct link on www.Troll_Bulletin_Board.com to your board at www.My_Bulletin_Board.net and you put the above code in an .htaccess file in your root folder (just like .htpasswd you can put it in any folder you want to protect), when Troll "B" and "C" click on that link...they be sent directly to www.Malicious_Website.org instead.

Troll's "B" and "C" will not be happy with Troll ""A"" since he/she posted a link to a site that either screwed up their computer, or gave them a scare that something messed up their computer.

Here are some other great ways to use .htaccess

.htacces Tutorial Introduction

Error
Documents
Password
protection
Enabling SSI
via htaccess
Blocking
users by IP
Blocking
users/ sites by referrer
Blocking bad
bots and site rippers (aka offline browsers)
Change your
default directory page
Redirects

Prevent
viewing of htaccess
Adding MIME
types
Preventing
hot linking of your images and other file types
Preventing
directory listing
Conclusion
and more information

http://www.javascriptkit.com/howto/htaccess.shtml

The problem is .htaccess only works on Apache, so Admins that aren't running Apache are basically screwed. While there are ways of accomplishing similar things with Windows...it's still a real hassle, and it leads back to...why?

Regardless, you can do some great stuff with .htaccess...but since not every vBulletin owner can use it, I'm not sure that this lends itself to a vBulletin hack.

Also for web admins that are running Apache and can use .htaccess, be careful...because .htaccess is powerful stuff. Banning IP ranges can knock out a whole (small) country or a part of a (large) country (state, city, Etc.) if you're not carful. Be sure you know what you are doing.

[The Finman]

I hope I didn't come off as criticizing, as that wasn't what I was trying to do. Just offering a different insight.

Cheers!

[Terminatoronly]

Ok The Finman thanks for your reply i think that this thread is not good maybe i will report it

[Forza]

well it can be handy for a lot of people who dont know .htaccess and what it can do. Since it is the easiest way to incease basic security I would keep it. I would however try to add more instructions to your post that can apply directly to a vbulletin forum (securing files/folders, .htpassword file, blocking certain files, blacklist referring domains). Additionally i would upload an example file that people can edit and then upload.

[Paul M]

Moved to articles section as this isn't actually a vbulletin modification.

[The Finman]

Originally Posted by Terminatoronly

Ok The Finman thanks for your reply i think that this thread is not good maybe i will report it

No problem as I am actually quite happy you brought this topic up.

As Forza stated, this really is a subject that needs discussion, since I believe the majority of web admins & owners (at least the ones I know) are running Apache.

The links I provided show the various ways that .htaccess can be applied.

Maybe a good place to start is the discussion of what does what and where, as my .htaccess code is slightly different, yet both work.

To block IPs and IP ranges, Terminatoronly uses...

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

It appears that he is blocking not just an IP, but an IP range of 188.156.187.0 through 188.156.187.255.

If an IP is static (meaning the user's IP does not change - such as most cable & DSL) then one should simply use the specific IP address such as 188.156.187.244. Most "dial up" ISPs use dynamic IPs. Basically meaning that the user is assigned an IP from a block range available from that ISP while logged in. Upon log out, that user relinquishes that IP to the ISP and then it can be assigned to another user within that ISP's range.

I know I am probably covering well known knowledge, but sometimes I find that people don't realize just how much banning a block range can effect them and their guests.

Banning IP ranges can not only restrict users that may not have done anything to you, but you may also inadvertently knock out search engine spiders, crawlers, good bots, good users, Etc.

I really advise against banning IP ranges unless the problem is really that serious, and you have a reasonable idea of just how many other users you may knock out in the process...especially AOL users since AOL routes them through their own proxy servers, and banning even one range of AOL users you can take out a HUGE chunk of other visitors you may wish to have.

I use a variation of Terminatoronly's .htaccess file for banning IPs at the server base.

For example...

Options +FollowSymlinks
RewriteEngine On
RewriteCond %{REMOTE_HOST} ^4\.245\.40\.88
RewriteRule ^.*$ http://www.send_them_somewhere_else.net/ [L,R]
RewriteCond %{REMOTE_HOST} ^86\.131\.16\.92
RewriteRule ^.*$ http://www.send_them_somewhere_else.com/ [L,R]
RewriteCond %{REMOTE_HOST} ^68\.48\.
RewriteRule ^.*$ http://www.yahoo.com/ [L,R]
RewriteCond %{REMOTE_HOST} ^71\.253\.249\.
RewriteRule ^.*$ http://www.send_them_somewhere_else.net/ [L,R]
RewriteCond %{REMOTE_HOST} ^68\.114\.48\.210
RewriteRule ^.*$ http://www.send_them_somewhere_else.net/ [L,R]

I have divert my immediate time to another project at the moment, but I will try and hop back in and explain the differences when I get a chance.

If someone else wants to hop in and list additional variations (other than mine or Terminatoronly), then please jump on in...as there is ALOT more variations than why are listed so far.

Also, here is another variation you might want to try, as it shows how two different uses for .htaccess files can be combined.

From my other post I showed you how to block (actually completely redirect ) people linking to your board or site that are not friendly.

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

Let's combine them real quick!

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

The above code actually combines the IPs and Referral Links .htaccess code variations, and then sends the trolls (via their IPs), and users/trolls/whatever (clicking through links to your board) to wherever you want to bounce them to.

First, before someone jumps in ans says I should have included "this" or excluded "that" in my .htaccess code above...I am not using the above (or attached) .htaccess file as the "be all and end all" of how to accomplish blocking IPs, IP Ranges, Referral Links, Etc.

I am simply showing you one possibility, just as Terminatoronly showed you his variation.

I've included a real good beginner's tutorial...


http://www.javascriptkit.com/howto/htaccess.shtml

as some of the Apache tutorials are about as much fun as watching paint dry.

http://httpd.apache.org/docs/1.3/howto/htaccess.html

Anyway, I'm sure a lot of Apache users already have a good grounding of what can be done with .htaccess, but maybe some may not be.

Also, there are a good deal of variations that can be used for different effects, and I would really encourage Apache users who already use .htaccess to list the way they use them and why.

I'll try and pop back in later...but yeah, I think it would be great if people would post their own uses and variations of htaccess files.

[Terminatoronly]

Originally Posted by Paul M

Moved to articles section as this isn't actually a vbulletin modification.

oh sorry for posting in the wrong section

[karlm]

Originally Posted by The Finman

I'll try and pop back in later...but yeah, I think it would be great if people would post their own uses and variations of htaccess files.

The *.zip file in the above post appears to be corrupt.. I'm unable to view it, sadly... Iwas hoping to learn abit more than my current knowledge of .htaccess.

Thanks for the article, btw, I've been scouring the net for articles - and there was a gr8 one here the whole time LoL

[sinpin]

Originally Posted by Terminatoronly

Hi All,
well all of our forums have some bad members who want to do bad things in our forum so if you want to block him from cpanel he can access again so i thought of this thing blocking Member Ip From (htaccess) file.

Hey guys,
How to redirect banned users (with this method) to an customized error page?
Is this possible ?

thanks