PDA

View Full Version : Professional Htaccess VB 4


Moh4m4d
07 Sep 2013, 04:10
Hi ,

Professional Htaccess For VBulletin 4 ,

Advantage :

Fix Xss Bug

Fix sql Injection

Protect From Htaccess

Not Run Bug In Forum

And ...

# Comment the following line (add '#' at the beginning)
# to disable mod_rewrite functions.
# Please note: you still need to disable the hack in
# the vBSEO control panel to stop url rewrites.
RewriteEngine On

# Some servers require the Rewritebase directive to be
# enabled (remove '#' at the beginning to activate)
# Please note: when enabled, you must include the path
# to your root vB folder (i.e. RewriteBase /forums/)
#RewriteBase /

#RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com
#RewriteRule (.*) http://www.yourdomain.com/forums/$1 [L,R=301]

RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap|api\.php)
RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !/(admincp|modcp|clientscript|cpstyles|images)/
RewriteRule ^(.+)$ vbseo.php [L,QSA]
RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

<files ".htaccess"> order allow,deny deny from all </files>
<FilesMatch "\.(gif|jpg|png|swf|html|css|js|fla)$"> deny from all </FilesMatch>

<FilesMatch "^php5?\.(ini|cgi)$">
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS
</FilesMatch>

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

#proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc\/self\/environ [NC,OR]

<?php
// LFI Vulnerable Code
$redirect = $_GET[redirect];
include($redirect);
?>

RewriteEngine On


RewriteCond %{QUERY_STRING} act= [OR]
RewriteCond %{QUERY_STRING} sw= [OR]
RewriteCond %{QUERY_STRING} act [OR]
RewriteCond %{QUERY_STRING} sw [OR]
RewriteCond %{QUERY_STRING} 0x3a [OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(;|<|>|�|�|\)|%0A|%0D|%22|%27|%3C|%3E|).*(/\*|union|concat).* [NC]
RewriteRule .* - [L,F]

# Prevent use of specified methods in HTTP Request
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
# Block out use of illegal or unsafe characters in the HTTP Request
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR]
# Block out use of illegal or unsafe characters in the Referer Variable of the HTTP Request
RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Block out use of illegal or unsafe characters in any cookie associated with the HTTP Request
RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Block out use of illegal characters in URI or use of malformed URI
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR]
# Block out use of empty User Agent Strings
# NOTE - disable this rule if your site is integrated with Payment Gateways such as PayPal
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
# Block out use of illegal or unsafe characters in the User Agent variable
RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Measures to block out SQL injection attacks
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]
# Block out reference to localhost/loopback/127.0.0.1 in the Query String
RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]
# Block out use of illegal or unsafe characters in the Query String variable
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]

ForceHSS
07 Sep 2013, 04:58
Vbseo is dead no need for that in there

smirkley
07 Sep 2013, 06:05
Like what you have here, good job!
Havent really seen anything like it till now.

That said, we all know vB left alot to be desired in the oem htaccess offering. I myself had to come up with a completely custom htaccess to just make the url rewrites work properly on my server. Since then, I have added and altered considerably for many different reasons and effects.


I want to ask, excluding the vbseo stuff (I dont use it), and excluding the url rewrite (I already spent way too much time making that work for me),... what would you isolate as the most important htaccess addition, or additions, that one should take away from this.

Moh4m4d
07 Sep 2013, 12:12
Vbseo is dead no need for that in there

:) For VB 4 Is a Live !

Nirjonadda
07 Sep 2013, 12:38
This code for vbseo user ? I am not using vbseo so how to use this code?

Moh4m4d
07 Sep 2013, 12:48
This code for vbseo user ? I am not using vbseo so how to use this code?

Delete This codes and use IT !

# Comment the following line (add '#' at the beginning)
# to disable mod_rewrite functions.
# Please note: you still need to disable the hack in
# the vBSEO control panel to stop url rewrites.
RewriteEngine On

# Some servers require the Rewritebase directive to be
# enabled (remove '#' at the beginning to activate)
# Please note: when enabled, you must include the path
# to your root vB folder (i.e. RewriteBase /forums/)
#RewriteBase /

#RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com
#RewriteRule (.*) http://www.yourdomain.com/forums/$1 [L,R=301]

RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap|api\.php)
RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !/(admincp|modcp|clientscript|cpstyles|images)/
RewriteRule ^(.+)$ vbseo.php [L,QSA]
RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

DemOnstar
07 Sep 2013, 12:57
I don't use vB seo.

The question is do I leave all the vbseo related stuff out of the code? Any line with vbseo written should be deleted?

Seems you are on to a good idea here..

Rich
07 Sep 2013, 15:27
DemOnstar - trying reading the other posts. smh

Moh4m4d
08 Sep 2013, 05:36
I don't use vB seo.

The question is do I leave all the vbseo related stuff out of the code? Any line with vbseo written should be deleted?

Seems you are on to a good idea here..

if you dont use vbseo , Read Post 6

:D

YOODA230
08 Sep 2013, 18:16
Internal Server Error...

ozzy47
08 Sep 2013, 18:36
Well that helps alot, without the error no one can help you.

crazyboy1661
09 Sep 2013, 06:30
Well that helps alot, without the error no one can help you.

Hi ozzy47, i am using vbseo_sitemap-3-0 PL1 mod. Now can you tell me is it good to update with this code in .htaccess?

Also how much it can help in making my site search engines friendly. Does it effect the said mod?

thanks for your efforts

DemOnstar
09 Sep 2013, 16:55
DemOnstar - trying reading the other posts. smh

Yes, very helpful..

I read the post above and it says "Delete This codes and use IT" !

If I delete this code then it is not possible to use it...

I think that most contributors and developers assume that others know as much about the ins and outs of code input and manipulation... From a newbie stand point, we, I have no idea whatsoever about ht.access at all.

But yes contributor, thanks for your advice...

Tagged for future use. :erm:

ForceHSS
09 Sep 2013, 17:00
Yes, very helpful..

I read the post above and it says "Delete This codes and use IT" !

If I delete this code then it is not possible to use it...

I think that most contributors and developers assume that others know as much about the ins and outs of code input and manipulation... From a newbie stand point, we, I have no idea whatsoever about ht.access at all.

But yes contributor, thanks for your advice...

Tagged for future use. :erm:

Post 6 means delete all that code from the op posted htaccess file then use the one you just edited. Use notepad ++ to edit the file

DemOnstar
09 Sep 2013, 17:57
Post 6 means delete all that code from the op posted htaccess file then use the one you just edited. Use notepad ++ to edit the file

A somewhat better explanation ForceHSS. Thank you..

May I ask, are you using this script?

Spangle
10 Sep 2013, 16:41
Doesn't work with 4.2.1, installed on my forum, could only access the home page ( portal) all other links led back to the home page.

TheLastSuperman
10 Sep 2013, 17:49
I've moved this to the articles section, for one it had no files uploaded, two it's not a template edit, and three there are other articles regarding .htaccess here already ;).

TheLastSuperman
10 Sep 2013, 17:50
Doesn't work with 4.2.1, installed on my forum, could only access the home page ( portal) all other links led back to the home page.

Using vBSEO? If not see post #6.

Spangle
10 Sep 2013, 23:51
Using vBSEO? If not see post #6.

Yep I tried that.

crazyboy1661
12 Sep 2013, 14:12
Yes, very helpful..

I read the post above and it says "Delete This codes and use IT" !

If I delete this code then it is not possible to use it...

I think that most contributors and developers assume that others know as much about the ins and outs of code input and manipulation... From a newbie stand point, we, I have no idea whatsoever about ht.access at all.

But yes contributor, thanks for your advice...

Tagged for future use. :erm:

Post 6 means delete all that code from the op posted htaccess file then use the one you just edited. Use notepad ++ to edit the file

Well that helps alot, without the error no one can help you.

Delete This codes and use IT !

# Comment the following line (add '#' at the beginning)
# to disable mod_rewrite functions.
# Please note: you still need to disable the hack in
# the vBSEO control panel to stop url rewrites.
RewriteEngine On

# Some servers require the Rewritebase directive to be
# enabled (remove '#' at the beginning to activate)
# Please note: when enabled, you must include the path
# to your root vB folder (i.e. RewriteBase /forums/)
#RewriteBase /

#RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com
#RewriteRule (.*) http://www.yourdomain.com/forums/$1 [L,R=301]

RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap|api\.php)
RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !/(admincp|modcp|clientscript|cpstyles|images)/
RewriteRule ^(.+)$ vbseo.php [L,QSA]
RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]


As I am not aware about all these codings, i have a few questions for you!

There are two codes: one in 1st post and second one in 6th post. Now my doubt is

1.) I am not using vbseo but using vbseo_sitemap-3-0 PL1 mod. So there were little changes in .htaccess.

2.) You said! Delete This codes and use IT ! Do you want me to replace the entire existing .htaccess code with the one you had provided in post 6?

3.) In post 6 you wrote if you don't use vbseo, Delete This codes and use IT ! I am using vbseo_sitemap-3-0 PL1 mod.Do you want me to continue the vbseo_sitemap-3-0 PL1 mod or remove it before or after altered the .htaccess? So what will be your suggestion for me?

4.) Does my site be Google friendly?

5.) Yet any simple explanation for the users like me?

thanks in advance

Moh4m4d
13 Sep 2013, 09:10
there aren't any problems with this code
this code is for the latest version of vb and it's 100% compatible with the latest version . :)

--------------- Added 1379059930 at 1379059930 ---------------

1.) I am not using vbseo but using vbseo_sitemap-3-0 PL1 mod. So there were little changes in .htaccess.

Delete This codes :

RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

ForceHSS
13 Sep 2013, 15:27
A somewhat better explanation ForceHSS. Thank you..

May I ask, are you using this script?

No have my own custom one

crazyboy1661
14 Sep 2013, 05:35
there aren't any problems with this code
this code is for the latest version of vb and it's 100% compatible with the latest version . :)

--------------- Added 1379059930 at 1379059930 ---------------



Delete This codes :

RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

thanks Moh4m4d, received your PM too. cleared my doubt.

blackberry
06 Oct 2013, 17:59
doesnt work for me :-s

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.


:(

ozzy47
06 Oct 2013, 21:41
That won't help anybody figure out what is wrong, you need to get the error from your server error logs. If you don't know where to get them, ask your host.

blackberry
11 Oct 2013, 21:09
That won't help anybody figure out what is wrong, you need to get the error from your server error logs. If you don't know where to get them, ask your host.
Well all my hosting says is " the htaccess is improperly coded for server configuration". :(

ozzy47
11 Oct 2013, 21:21
Well I see they are not much help either. Why not post your htaccess, maybe someone can spot the issue.

blackberry
11 Oct 2013, 21:31
My current working htaccess

# Comment the following line (add '#' at the beginning)
# to disable mod_rewrite functions.
# Please note: you still need to disable the hack in
# the vBSEO control panel to stop url rewrites.
RewriteEngine On

# Some servers require the Rewritebase directive to be
# enabled (remove '#' at the beginning to activate)
# Please note: when enabled, you must include the path
# to your root vB folder (i.e. RewriteBase /forum/)
#RewriteBase /

#RewriteCond %{HTTP_HOST} !^www\.sachiidosti\.com
#RewriteRule (.*) http://www.sachiidosti.com/forum/$1 [L,R=301]

RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap)
RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !^(admincp|modcp|clientscript|cpstyles|images)/
RewriteRule ^(.+)$ vbseo.php [L,QSA]

#Deny attempts to view the Htaccess file.
<Files .htaccess>
Order allow,deny
Deny from all
</Files>
# BEGIN Browser Caching/Headers
<IfModule mod_mime.c>
AddType text/css .css
AddType application/x-javascript .js
AddType text/richtext .rtf .rtx
AddType image/svg+xml .svg .svgz
AddType text/plain .txt
AddType text/xsd .xsd
AddType text/xsl .xsl
AddType video/asf .asf .asx .wax .wmv .wmx
AddType video/avi .avi
AddType image/bmp .bmp
AddType application/java .class
AddType video/divx .divx
AddType application/msword .doc .docx
AddType application/x-msdownload .exe
AddType image/gif .gif
AddType application/x-gzip .gz .gzip
AddType image/x-icon .ico
AddType image/jpeg .jpg .jpeg .jpe
AddType application/vnd.ms-access .mdb
AddType audio/midi .mid .midi
AddType video/quicktime .mov .qt
AddType audio/mpeg .mp3 .m4a
AddType video/mp4 .mp4 .m4v
AddType video/mpeg .mpeg .mpg .mpe
AddType application/vnd.ms-project .mpp
AddType application/vnd.oasis.opendocument.database .odb
AddType application/vnd.oasis.opendocument.chart .odc
AddType application/vnd.oasis.opendocument.formula .odf
AddType application/vnd.oasis.opendocument.graphics .odg
AddType application/vnd.oasis.opendocument.presentation .odp
AddType application/vnd.oasis.opendocument.spreadsheet .ods
AddType application/vnd.oasis.opendocument.text .odt
AddType audio/ogg .ogg
AddType application/pdf .pdf
AddType image/png .png
AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx
AddType audio/x-realaudio .ra .ram
AddType application/x-shockwave-flash .swf
AddType application/x-tar .tar
AddType image/tiff .tif .tiff
AddType audio/wav .wav
AddType audio/wma .wma
AddType application/vnd.ms-write .wri
AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw
AddType application/zip .zip
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css A31536000
ExpiresByType application/x-javascript A31536000
ExpiresByType text/richtext A3600
ExpiresByType image/svg+xml A3600
ExpiresByType text/plain A3600
ExpiresByType text/xsd A3600
ExpiresByType text/xsl A3600
ExpiresByType video/asf A31536000
ExpiresByType video/avi A31536000
ExpiresByType image/bmp A31536000
ExpiresByType application/java A31536000
ExpiresByType video/divx A31536000
ExpiresByType application/msword A31536000
ExpiresByType application/x-msdownload A31536000
ExpiresByType image/gif A31536000
ExpiresByType application/x-gzip A31536000
ExpiresByType image/x-icon A31536000
ExpiresByType image/jpeg A31536000
ExpiresByType application/vnd.ms-access A31536000
ExpiresByType audio/midi A31536000
ExpiresByType video/quicktime A31536000
ExpiresByType audio/mpeg A31536000
ExpiresByType video/mp4 A31536000
ExpiresByType video/mpeg A31536000
ExpiresByType application/vnd.ms-project A31536000
ExpiresByType application/vnd.oasis.opendocument.database A31536000
ExpiresByType application/vnd.oasis.opendocument.chart A31536000
ExpiresByType application/vnd.oasis.opendocument.formula A31536000
ExpiresByType application/vnd.oasis.opendocument.graphics A31536000
ExpiresByType application/vnd.oasis.opendocument.presentation A31536000
ExpiresByType application/vnd.oasis.opendocument.spreadsheet A31536000
ExpiresByType application/vnd.oasis.opendocument.text A31536000
ExpiresByType audio/ogg A31536000
ExpiresByType application/pdf A31536000
ExpiresByType image/png A31536000
ExpiresByType application/vnd.ms-powerpoint A31536000
ExpiresByType audio/x-realaudio A31536000
ExpiresByType application/x-shockwave-flash A31536000
ExpiresByType application/x-tar A31536000
ExpiresByType image/tiff A31536000
ExpiresByType audio/wav A31536000
ExpiresByType audio/wma A31536000
ExpiresByType application/vnd.ms-write A31536000
ExpiresByType application/vnd.ms-excel A31536000
ExpiresByType application/zip A31536000
</IfModule>
<IfModule mod_deflate.c>
<IfModule mod_setenvif.c>
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
</IfModule>
<IfModule mod_headers.c>
Header append Vary User-Agent env=!dont-vary
</IfModule>
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE text/css application/x-javascript text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon
</IfModule>
</IfModule>
<FilesMatch "\.(css|js|CSS|JS)$">
<IfModule mod_headers.c>
Header set Pragma "public"
Header append Cache-Control "public, must-revalidate, proxy-revalidate"
</IfModule>
FileETag MTime Size
<IfModule mod_headers.c>
Header set X-Powered-By "Step by Step guide to speed up your VB4 (forum only)"
</IfModule>
</FilesMatch>
<FilesMatch "\.(rtf|rtx|svg|svgz|txt|xsd|xsl|RTF|RTX|SVG|SVGZ|TXT|XSD|XSL|)$">
<IfModule mod_headers.c>
Header set Pragma "public"
Header append Cache-Control "public, must-revalidate, proxy-revalidate"
</IfModule>
FileETag MTime Size
<IfModule mod_headers.c>
Header set X-Powered-By "Step by Step guide to speed up your VB4 (forum only)"
</IfModule>
</FilesMatch>
<FilesMatch "\.(asf|asx|wax|wmv|wmx|avi|bmp|class|css|divx|doc|docx|exe|gif|gz|gzip|ico|jpg|j peg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp |ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|swf|tar|tif|tiff|wav|wma|wri|xl a|xls|xlsx|xlt|xlw|zip|ASF|ASX|WAX|WMV|WMX|AVI|BMP|CLASS|DIVX|DOC|DOCX|EXE|GIF|G Z|GZIP|ICO|JPG|JPEG|JPE|MDB|MID|MIDI|MOV|QT|MP3|M4A|MP4|M4V|MPEG|MPG|MPE|MPP|ODB |ODC|ODF|ODG|ODP|ODS|ODT|OGG|PDF|PNG|POT|PPS|PPT|PPTX|RA|RAM|SWF|TAR|TIF|TIFF|WA V|WMA|WRI|XLA|XLS|XLSX|XLT|XLW|ZIP)$">
<IfModule mod_headers.c>
Header set Pragma "public"
Header append Cache-Control "public, must-revalidate, proxy-revalidate"
</IfModule>
FileETag MTime Size
<IfModule mod_headers.c>
Header set X-Powered-By "Step by Step guide to speed up your VB4 (forum only)"
</IfModule>
</FilesMatch>
# End Browser Caching/Headers

Achelos
14 Oct 2013, 21:52
Just a question, how can I properly add the "7z" archive filetype and how could I implement this into the .htaccess that BlackBerry posted? These are a collection of bots/spiders I'd like to deny access.


RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^msnbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Slurp [OR]
RewriteCond %{HTTP_USER_AGENT} ^Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Googlebot [OR]
RewriteCond %{HTTP_USER_AGENT} ^AltaVista
RewriteRule ^.*$ "http\:\/\/thegoldsieve\.com" [R=301,L]


Nevermind, figured it out.

None the less, interesting add to your suggestions, maybe?

tanzeelniazi
10 Nov 2013, 21:09
I really dont know how to use but i really need to protected my admin panel and Cpanel.
Also i am not using VBSEO
Also i dont need rewrite my previus urls
simple protection i need and run faster my vbulletin tell me please how i upload

My .htaccess file

<IfModule mod_suphp.c>
suPHP_ConfigPath /home/My Site/public_html
<Files php.ini>
order allow,deny
deny from all
</Files>
</IfModule>


<IfModule mod_rewrite.c>
RewriteEngine on

# If vbulletin is in a subdirectory, add it here
RewriteBase /

# Retrieve gamedata requests and send to new dbtech locations
RewriteRule ^arcade/gamedata/(.*) dbtech/vbarcade/media/$1 [L]

# Retrieve crossdomain requests and send to new dbtech location
RewriteRule ^crossdomain\.xml dbtech/vbarcade/crossdomain.xml [L]

# Send hardcoded pnf+ipa scores to arcade instead
RewriteCond %{QUERY_STRING} func=storeScore [OR]
RewriteCond %{QUERY_STRING} autocom=arcade [OR]
RewriteCond %{QUERY_STRING} act=Arcade
RewriteRule .* arcade.php [L,QSA]

# Reroute v3arcade liveinstaller
RewriteCond %{QUERY_STRING} do=liveinstall
RewriteCond %{REQUEST_URI} v3arcade_admin\.php

# If you renamed your admincp directory, change it here
RewriteRule .* %{DOCUMENT_ROOT}/********/arcade_admin.php?%{QUERY_STRING}&do=review&import=browse&system=v3a [L,R=301]
</IfModule>
RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********

final kaoss
12 Nov 2013, 13:18
Here, I have revised your current htaccess for better security & to give your forum more speed and no rewrites as you said. But for protecting the admincp & cpanel this should help with most of that unless someone RAT's you or tries to Brute Force Crack your password.

<IfModule mod_suphp.c>
suPHP_ConfigPath /home/My Site/public_html
<Files php.ini>
order allow,deny
deny from all
</Files>
</IfModule>


<IfModule mod_rewrite.c>
RewriteEngine on

# If vbulletin is in a subdirectory, add it here
RewriteBase /

# Retrieve gamedata requests and send to new dbtech locations
RewriteRule ^arcade/gamedata/(.*) dbtech/vbarcade/media/$1 [L]

# Retrieve crossdomain requests and send to new dbtech location
RewriteRule ^crossdomain\.xml dbtech/vbarcade/crossdomain.xml [L]

# Send hardcoded pnf+ipa scores to arcade instead
RewriteCond %{QUERY_STRING} func=storeScore [OR]
RewriteCond %{QUERY_STRING} autocom=arcade [OR]
RewriteCond %{QUERY_STRING} act=Arcade
RewriteRule .* arcade.php [L,QSA]

# Reroute v3arcade liveinstaller
RewriteCond %{QUERY_STRING} do=liveinstall
RewriteCond %{REQUEST_URI} v3arcade_admin\.php

# If you renamed your admincp directory, change it here
RewriteRule .* %{DOCUMENT_ROOT}/********/arcade_admin.php?%{QUERY_STRING}&do=review&import=browse&system=v3a [L,R=301]
</IfModule>
RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********

#Deny attempts to view the Htaccess file and other files.
<Files .htaccess>
Order allow,deny
Deny from all
</Files>

<Files 403.shtml>
order allow,deny
Deny from all
</Files>


# BEGIN W3TC Browser Cache
<IfModule mod_mime.c>
AddType text/css .css
AddType application/javascript .js
AddType application/x-javascript .js
AddType text/html .html .htm
AddType text/richtext .rtf .rtx
AddType image/svg+xml .svg .svgz
AddType text/plain .txt
AddType text/xsd .xsd
AddType text/xsl .xsl
AddType text/xml .xml
AddType video/asf .asf .asx .wax .wmv .wmx
AddType video/avi .avi
AddType image/bmp .bmp
AddType application/java .class
AddType video/divx .divx
AddType application/msword .doc .docx
AddType application/x-msdownload .exe
AddType image/gif .gif
AddType application/x-gzip .gz .gzip
AddType image/x-icon .ico
AddType image/jpeg .jpg .jpeg .jpe
AddType application/vnd.ms-access .mdb
AddType audio/midi .mid .midi
AddType video/quicktime .mov .qt
AddType audio/mpeg .mp3 .m4a
AddType video/mp4 .mp4 .m4v
AddType video/mpeg .mpeg .mpg .mpe
AddType application/vnd.ms-project .mpp
AddType application/vnd.oasis.opendocument.database .odb
AddType application/vnd.oasis.opendocument.chart .odc
AddType application/vnd.oasis.opendocument.formula .odf
AddType application/vnd.oasis.opendocument.graphics .odg
AddType application/vnd.oasis.opendocument.presentation .odp
AddType application/vnd.oasis.opendocument.spreadsheet .ods
AddType application/vnd.oasis.opendocument.text .odt
AddType audio/ogg .ogg
AddType application/pdf .pdf
AddType image/png .png
AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx
AddType audio/x-realaudio .ra .ram
AddType application/x-shockwave-flash .swf
AddType application/x-tar .tar
AddType image/tiff .tif .tiff
AddType audio/wav .wav
AddType audio/wma .wma
AddType application/vnd.ms-write .wri
AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw
AddType application/zip .zip
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css A31536000
ExpiresByType application/x-javascript A31536000
ExpiresByType text/html A3600
ExpiresByType text/richtext A3600
ExpiresByType image/svg+xml A3600
ExpiresByType text/plain A3600
ExpiresByType text/xsd A3600
ExpiresByType text/xsl A3600
ExpiresByType text/xml A3600
ExpiresByType video/asf A31536000
ExpiresByType video/avi A31536000
ExpiresByType image/bmp A31536000
ExpiresByType application/java A31536000
ExpiresByType video/divx A31536000
ExpiresByType application/msword A31536000
ExpiresByType application/x-msdownload A31536000
ExpiresByType image/gif A31536000
ExpiresByType application/x-gzip A31536000
ExpiresByType image/x-icon A31536000
ExpiresByType image/jpeg A31536000
ExpiresByType application/vnd.ms-access A31536000
ExpiresByType audio/midi A31536000
ExpiresByType video/quicktime A31536000
ExpiresByType audio/mpeg A31536000
ExpiresByType video/mp4 A31536000
ExpiresByType video/mpeg A31536000
ExpiresByType application/vnd.ms-project A31536000
ExpiresByType application/vnd.oasis.opendocument.database A31536000
ExpiresByType application/vnd.oasis.opendocument.chart A31536000
ExpiresByType application/vnd.oasis.opendocument.formula A31536000
ExpiresByType application/vnd.oasis.opendocument.graphics A31536000
ExpiresByType application/vnd.oasis.opendocument.presentation A31536000
ExpiresByType application/vnd.oasis.opendocument.spreadsheet A31536000
ExpiresByType application/vnd.oasis.opendocument.text A31536000
ExpiresByType audio/ogg A31536000
ExpiresByType application/pdf A31536000
ExpiresByType image/png A31536000
ExpiresByType application/vnd.ms-powerpoint A31536000
ExpiresByType audio/x-realaudio A31536000
ExpiresByType application/x-shockwave-flash A31536000
ExpiresByType application/x-tar A31536000
ExpiresByType image/tiff A31536000
ExpiresByType audio/wav A31536000
ExpiresByType audio/wma A31536000
ExpiresByType application/vnd.ms-write A31536000
ExpiresByType application/vnd.ms-excel A31536000
ExpiresByType application/zip A31536000
</IfModule>


# BEGIN Compress text files
<ifModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/xml text/css text/plain
AddOutputFilterByType DEFLATE image/svg+xml application/xhtml+xml application/xml
AddOutputFilterByType DEFLATE application/rdf+xml application/rss+xml application/atom+xml
AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript application/json
AddOutputFilterByType DEFLATE application/x-font-ttf application/x-font-otf
AddOutputFilterByType DEFLATE font/truetype font/opentype


BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</ifModule>
# END Compress text files


# BEGIN Cache-Control Headers
<ifModule mod_headers.c>
<filesMatch "\.(ico|jpe?g|png|gif|swf)$">
Header set Cache-Control "public"
</filesMatch>
<filesMatch "\.(css)$">
Header set Cache-Control "public"
</filesMatch>
<filesMatch "\.(js)$">
Header set Cache-Control "private"
</filesMatch>
<filesMatch "\.(x?html?|php)$">
Header set Cache-Control "private, must-revalidate"
</filesMatch>
</ifModule>
# END Cache-Control Headers

# BEGIN Turn ETags Off
FileETag None
# END Turn ETags Off




# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})


Here's how to for beginners. Thank siteground (http://www.siteground.com/tutorials/filezilla/filezilla_management.htm).

Establish FTP connection
We will start with the FTP connection establishment.

Open your FileZilla installation and enter the following details:

Hostname - enter your domain name or the name of the hosting server where your account resides;

Username - enter the FTP username (you can use your cPanel username or the one of a new FTP account);

Password - enter the corresponding FTP password;

Port - enter the FTP port (by default it is 21);


Click on the Quickconnect button the establish the FTP connection.

Once the FTP connection is opened you will see the listing of the remote server's files and folders.

Manage Files Using FileZilla
If you have a web site created on your local computer, you will want to make it live by uploading its files on your web server. The cPanel software is installed on all the SiteGround servers. The root folder for the web site content is public_html. Select the web site files in the Local site area. Drag and drop them in the public_html folder under the Remote site area. In this way they will be accessible through your domain name.


Sometimes you need to edit a file's code and update the web site functionality. Right-click on the chosen file and pick the View/Edit option.


The file will be opened in the default text editor. Edit it and then save the changes. The FTP client will recognize the file modifications. It will prompt you whether to upload the modified file back on the server and delete the local copy from your computer.


The other actions which you can perform on the files and folders are:

Download - this option allows you to download files and folders from the remote server to your local computer;

Add files to queue - allows to schedule a later transfer of the files;

Create Directory - allows you to create a new folder under your current location;

Delete - using it you can delete files and folders;

Rename - you can rename files and folders;

File Permissions - allows you to change the file permissions of files and folders; You can alter the owner, the group and the public permissions. You can define whether the files are readable, writable and executable. You can find more details about the file permissions in our cPanel tutorial.

tanzeelniazi
12 Nov 2013, 14:52
@Final kaoss
You are great man :)
Just 1 question
I am using only VBSEO hack http://www.vbulletin.org/forum/showthread.php?t=253516
not a complete software if i use this code i am secure 100% ? i mean upper you give.
i am not using filezilla i use only direct upload :)

MylesM
08 Feb 2014, 11:05
Will any of this work with vBulletin 3.8.x ?

Moh4m4d
08 Feb 2014, 14:13
@Final kaoss
You are great man :)
Just 1 question
I am using only VBSEO hack http://www.vbulletin.org/forum/showthread.php?t=253516
not a complete software if i use this code i am secure 100% ? i mean upper you give.
i am not using filezilla i use only direct upload :)

Secure will never ever 100% :)
But with this code , you can be secure more and your forum won't hack soon and easy ;)

ceroalreves
08 Feb 2014, 19:26
Hi, how is this works? i just have to upload it?

Moh4m4d
12 Feb 2014, 09:43
Hi, how is this works? i just have to upload it?

Yes it works , Just upload it in to your root forum

RichieBoy67
12 Feb 2014, 19:13
Yes it works , Just upload it in to your root forum

Well it depends what he has there currently. If he uploads this and overwrites his existing he could have issues.

Great work though. I really hate working with htaccess but have learned alot from guys like you. Thanks for posting this.

friendlymela
21 Jul 2015, 18:47
nice one but i am not useing vbseo what should i do then?