Home    Files

software times™  Files...
July 8, 2008

Robot Hack Attack II

Since I published my original piece on robot hack attacks, I have found a better way to prevent these robot exploits using .htaccess to deny access to the server.

The idea behind these exploits is to trick your server to execute remote php scripts to gain information about your server. To do so they attach a URL as a query string, for example
The following Mod Rewrite rule in your .htaccess file will deal with it:
RewriteEngine on

# defeat robot exploits
RewriteCond %{QUERY_STRING} http:// [OR]
RewriteCond %{REQUEST_URI} http://
RewriteRule ^(.*)$ - [F]
The two rewrite conditions check for the offending string (http://) and if they find it, the rewrite rule simply activates the forbidden flag [F]. Since I also have active custom error pages, the offending robot is redirected to the error 403 page.

Denny Schlesinger

Robot Hack Attack
Mod_Rewrite by RankingLabs.Com

Home    Files Top

Copyright © Software Times, 2000, 2001, 2003. All rights reserved
Last updated June 22, 2003