Simple Machines Community Forum

SMF Support => SMF 2.0.x Support => Topic started by: Joazo on January 24, 2011, 03:56:02 AM

Title: Protect via .htaccess
Post by: Joazo on January 24, 2011, 03:56:02 AM
Hello,

How can I protect my website via the .htaccess file, what to add into it?

Also what is the latest PHP version that SMF 2.0 RC4 supports?
Title: Re: Protect via .htaccess
Post by: Arantor on January 24, 2011, 04:21:55 AM
2.0 RC4 works fine on all 5.2 series, though I believe there may be occasional issues with some of the changes in 5.3, as SMF still supports going back to PHP 4.2 where different syntax is expected.

What are you hoping to protect with .htaccess, exactly?

Password protection so that you only give out the password to people you know? Better would be to disable registration and create accounts yourself in the admin panel, or at the very least using admin-approval of new accounts. Oh, and disable access to all guests from Admin > Features and Options.

Protection from bots? There's only very broad things you can do in .htaccess, which basically amounts to blocking IP address ranges.


You tell me what you're hoping to achieve with .htaccess and I'll see what I can do.
Title: Re: Protect via .htaccess
Post by: Joazo on January 24, 2011, 04:43:05 AM
Thanks for your answer.

I'm hoping to protect against bots, hackers etc.
My forum got hacked yesterday and i found out someone added the harmful code to the index.php. So I wonder how can I protect so ppl wont be able to do types of things like that.
Title: Re: Protect via .htaccess
Post by: Arantor on January 24, 2011, 04:44:58 AM
You can't actually add anything harmful to index.php in a way that .htaccess would protect you from. In all likelihood it was another app on the server with a vulnerability that was exploited, which .htaccess won't protect you from in the slightest, only proper host configuration can do that.

Keeping bots out is only valid if you know the IP addresses, and without them you can't do anything in .htaccess anyway.
Title: Re: Protect via .htaccess
Post by: Illori on January 24, 2011, 05:40:08 AM
take a look at the mods here http://custom.simplemachines.org/mods/index.php?action=search;type=19
Title: Re: Protect via .htaccess
Post by: Aleksi "Lex" Kilpinen on February 23, 2011, 01:16:22 AM
HI Joazo, do you still have questions about this, or did the above posts answer your questions? :)
Title: Re: Protect via .htaccess
Post by: Digharatta on April 26, 2011, 07:59:37 AM
I would highly recommend CrawlProtect:

http://community.smfhelper.info/index.php/topic,5222.0.html

And here's my shortlist of IP ranges to block:

<Limit GET POST>
order allow,deny
deny from 208.115.111.
deny from 91.201.66.
deny from 91.201.67.
deny from 208.80.194.
deny from 109.230.
deny from 213.5.71.
deny from 66.197.217.
deny from 95.64.12.
deny from 74.55.
deny from 95.31.17.59
deny from 178.124.25.182
deny from 77.93.2.81
deny from 210.127.249.145
deny from 188.134.44.71
deny from 109.87.181.220
deny from 199.15.234.
deny from 188.143.232.
deny from 109.169.62.
deny from 94.102.49.
allow from all
</Limit>