Stopping Script Kiddies

Fix it!!

Stopping Script Kiddies

Postby sharingsunshine » Sat Jul 12, 2008 2:25 pm

I have many attempts on our server to include another url in an actual url in this manner:

http://www.example.nethttp://ecological ... ything.php

I want to send them to a discontinued page, rather than have my 404 error reporter send me an email each unauthorized attempt I have. I put this code together but I seem to be missing something.

RewriteCond %{HTTP_HOST} ^(www\.)?example\.net$ [NC]
RewriteCond %{HTTP_HOST}%{REQUEST_URI} http[:%] [NC]
RewriteRule ^(.*)$ http://www.example.net/discontinued.html [F,L]

I was trying to follow an example on the forum but because this isn't a query string I never quite found a match.

Thanks,

Randal
sharingsunshine
 
Posts: 55
Joined: Tue Dec 19, 2006 5:32 am

Postby richardk » Sun Jul 13, 2008 10:49 am

Try
Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteRule http[:%] /discontinued.html [NC,F,L]

You may need to remove the F flag for the /discontinued.html pages to show.
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby sharingsunshine » Tue Jul 15, 2008 3:55 am

Hi Richard,

Thanks for getting back to me.

However, I tried your suggestion:
RewriteRule http[:%] /discontinued.html [NC,L]

and it doesn't work. I took the F flag out to try it initially.

Please advise.

Randal
sharingsunshine
 
Posts: 55
Joined: Tue Dec 19, 2006 5:32 am

Postby richardk » Tue Jul 15, 2008 9:27 am

It does not have a colon after http. Try
Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteRule http[:%/] /discontinued.html [NC,L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby sharingsunshine » Wed Jul 16, 2008 10:05 am

I tried this too and it still doesn't work.

Is there a way to search for the .com and then put the discontinued.html after .com/?

When I put the suspected url in the browser because there is no / after the .com and then the rest of the url starting with http is next to the .comhttp in this manner the browser doesn't recognize it as a valid url. Therefore, it has no particular .htaccess to pass it against.

This is just my opinion, hoped it might help.

Thanks for all your help,

Randal
sharingsunshine
 
Posts: 55
Joined: Tue Dec 19, 2006 5:32 am

Postby richardk » Thu Jul 17, 2008 1:01 pm

When I put the suspected url in the browser because there is no / after the .com and then the rest of the url starting with http is next to the .comhttp in this manner the browser doesn't recognize it as a valid url. Therefore, it has no particular .htaccess to pass it against.

Then mod_rewrite can't do anything to it. And how is it being caught by your 404 handler?
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby sharingsunshine » Mon Jul 21, 2008 5:33 pm

My Mistake! Please Forgive Me!

I meant to say "it seems like" because I know it has to be passing against the .htaccess file after all.

I can get the example to work with this code if there is a slash after .net in my example.

RewriteRule ^/http://(.*)$ /discontinued.html [NC,L]

So for that to work, I need to have a slash after .net - http://www.example.net/http://anydomain ... /door.html

Except, my urls are without slashes and like this:
http://www.example.nethttp://anydomain. ... /door.html

in which case the redirect doesn't work.

Is there a way to get the rule to work without having to have a slash?

Thanks,

Randal
sharingsunshine
 
Posts: 55
Joined: Tue Dec 19, 2006 5:32 am

Postby richardk » Tue Jul 22, 2008 9:55 am

No. No slash means the request will never even gets a correct DNS result so it certainly never gets to Apache and mod_rewrite.
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 1 guest

cron