[Plugin: Better WP Security] .htaccess file being corrupted | Ban Hosts
-
[ Moderator Note: Please post code or markup snippets between backticks or use the code button. Or better still – use the pastebin ]
Better WP Build Version: 3047
I’m encountering an apparent issue with the ban hosts functionality and the plugins interaction with the .htaccess file.
My site is hosted via godaddy.com and a part of this package is a security vulnerability site testing service. They hit the site daily with various scripts to try and discover issues. This testing will often cause a lot of 404 errors (e.g. 2900+ in the last couple of days) to occur. During their testing the ban hosts functionality of the plugin kicks also in. The Deny rule for the offending IP address is written into the .htaccess file, but multiple times (like hundreds of times). Eventually the site breaks and you are unable to also login to Administer wordpress.
Closer inspection of the .htaccess file…
? the HackRepair.com Blacklist section appears to be fine. (content only appears once)
? in the Order allow, deny section their are hundreds of entries for “Deny from 72.167.191.1”. (This is one of the site scanner service hosts.)
? As you scroll down this list of deny entries you happen upon duplicate RewriteRules and RewriteConditions – then followed by more deny entries for “Deny from 72.167.191.1”. In fact, this occurs several times in the entirety of the .htaccess file. Example attached below. I can provide the .htaccess file if requested by a plugin representative.
? My guesses only.. It appears as if the .htaccess file is being written over the top. Memory running out somewhere? Maybe the plugin can’t cope with the speed at which the security server is making requests for 404 files and needing to write to the htaccess file?
? This issue is reproducable. It has now happened three times. Prior to the third time I had added a Ban hosts wildcard of 72.167.191.*
? My fix to date has been to rename the .htaccess file to .htaccessold and have a new one generated.This appears to be written over the top of data several times within the .htaccess file.
———-< snip >————
<files .htaccess> Order allow,deny Deny from all </files> <files readme.html> Order allow,deny Deny from all </files> <files readme.txt> Order allow,deny Deny from all </files> <files install.php> Order allow,deny Deny from all </files> <files wp-config.php> Order allow,deny Deny from all </files> <IfModule mod_rewrite.c> RewriteEngine On RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC] RewriteRule ^(.*)$ - [F,L] RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} ^(.*)wp-comments-post\.php* RewriteCond %{HTTP_REFERER} !^(.*)com.au.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule ^(.*)$ - [F,L] RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR] RewriteCond %{QUERY_STRING} boot\.ini [NC,OR] RewriteCond %{QUERY_STRING} tag\= [NC,OR] RewriteCond %{QUERY_STRING} ftp\: [NC,OR] RewriteCond %{QUERY_STRING} http\: [NC,OR] RewriteCond %{QUERY_STRING} https\: [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(request|select|concat|insert|union|declare).* [NC] RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$ RewriteRule ^(.*)$ - [F,L] </IfModule> # END Better WP Security
https://www.ads-software.com/extend/plugins/better-wp-security/
- The topic ‘[Plugin: Better WP Security] .htaccess file being corrupted | Ban Hosts’ is closed to new replies.