I run a forum and am having trouble with shells being uploaded to the server (I'm on a shared server). My host is no help so I've been trying to come up with a solution on my own. I am trying to add conditions to my .htaccess file to redirect the URL whenever someone tries to access a shell on my server. Since the name of the php file changes just about every time, I can't figure out how to do it successfully.

I would like to redirect any URL containing the following:
".php?act=f&f=config.php&d=%2Fhome%2Fusername%2Fpu blic_html&"
to my site's home page, so they won't be able to get my DB info (I plan to add lines for more commands after I get this one working as well).

I am completely new to .htaccess and have read several guides on all different methods, but I have been unable to get any of them to work, does anyone have any suggestions?

Thanks

Come on, somebody has to know how to do this...

i'm not sure i understand -- you're saying people are illegally accessing your shell from outside?

You could add the following to your .htaccess file in your document root.

# Set the default handler.
DirectoryIndex index.php
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Protect files from prying eyes.
<FilesMatch "(\.inc|\.sh|.*sql|config\.php)$">
Order allow,deny
</FilesMatch>

ErrorDocument 403 /index.php
ErrorDocument 404 /index.php


You could put a .htaccess file in the directory that contains config.php that says "deny all". Provided that it is not in your document root directory.

The above only works for http traffic and not shell access or ftp

If they are accessing from someplace else - shell access or ftp, the server is not secure and you might want to get another shared hosting company.

Quote:

Originally Posted by noobster

You could add the following to your .htaccess file in your document root.

# Set the default handler.
DirectoryIndex index.php
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Protect files from prying eyes.
<FilesMatch "(\.inc|\.sh|.*sql|config\.php)$">
Order allow,deny
</FilesMatch>

ErrorDocument 403 /index.php
ErrorDocument 404 /index.php


You could put a .htaccess file in the directory that contains config.php that says "deny all". Provided that it is not in your document root directory.

The above only works for http traffic and not shell access or ftp

If they are accessing from someplace else - shell access or ftp, the server is not secure and you might want to get another shared hosting company.

Thanks so much, I will test this out. And yes, they were accessing from http so this should do the job. And the config.php happens to be in the document root

EDIT: I added that and it's not working, I can still view my config file from the shell

What shell are you using? Did you type in domain.com/config.php?

Quote:

Originally Posted by noobster

What shell are you using? Did you type in domain.com/config.php?

I am testing with a C99 shell that I removed the last time they hacked us. And no, I didn't try accessing the file directly from my browser, as my forum software already prevents that and that's not what I'm worried about.

A little more clarification:
The person uploads a shell on my server without my permission (my host isn't much help in preventing this), lets say the filename is shell.php. Then they run the shell from their browser http://mysite.com/shell.php which gives them several options to modify and view things that they shouldn't be. My main concern is protecting my database, whose information is stored in my config file. When they view the config file from the shell, the URL is something like this: http://mysite.com/shell.php?mode=edit&file=config.php&.....

I want .htaccess look for that string "config.php" in all URLs and redirect any URLs containing that string to another page