News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Protect via .htaccess

Started by Joazo, January 24, 2011, 03:56:02 AM

Previous topic - Next topic

Joazo

Hello,

How can I protect my website via the .htaccess file, what to add into it?

Also what is the latest PHP version that SMF 2.0 RC4 supports?

Arantor

2.0 RC4 works fine on all 5.2 series, though I believe there may be occasional issues with some of the changes in 5.3, as SMF still supports going back to PHP 4.2 where different syntax is expected.

What are you hoping to protect with .htaccess, exactly?

Password protection so that you only give out the password to people you know? Better would be to disable registration and create accounts yourself in the admin panel, or at the very least using admin-approval of new accounts. Oh, and disable access to all guests from Admin > Features and Options.

Protection from bots? There's only very broad things you can do in .htaccess, which basically amounts to blocking IP address ranges.


You tell me what you're hoping to achieve with .htaccess and I'll see what I can do.

Joazo

Thanks for your answer.

I'm hoping to protect against bots, hackers etc.
My forum got hacked yesterday and i found out someone added the harmful code to the index.php. So I wonder how can I protect so ppl wont be able to do types of things like that.

Arantor

You can't actually add anything harmful to index.php in a way that .htaccess would protect you from. In all likelihood it was another app on the server with a vulnerability that was exploited, which .htaccess won't protect you from in the slightest, only proper host configuration can do that.

Keeping bots out is only valid if you know the IP addresses, and without them you can't do anything in .htaccess anyway.


Aleksi "Lex" Kilpinen

HI Joazo, do you still have questions about this, or did the above posts answer your questions? :)
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Digharatta

I would highly recommend CrawlProtect:

http://community.smfhelper.info/index.php/topic,5222.0.html [nofollow]

And here's my shortlist of IP ranges to block:

<Limit GET POST>
order allow,deny
deny from 208.115.111.
deny from 91.201.66.
deny from 91.201.67.
deny from 208.80.194.
deny from 109.230.
deny from 213.5.71.
deny from 66.197.217.
deny from 95.64.12.
deny from 74.55.
deny from 95.31.17.59
deny from 178.124.25.182
deny from 77.93.2.81
deny from 210.127.249.145
deny from 188.134.44.71
deny from 109.87.181.220
deny from 199.15.234.
deny from 188.143.232.
deny from 109.169.62.
deny from 94.102.49.
allow from all
</Limit>

Advertisement: