Web Hosting Forum | Lunarpages
News: July 14, 2008 - New Contest! - Submit Your WordPress Theme Designs, Win BIG!
June 30, 2008 - Submit Your Site for the July 08 Site of the Month Award!
 
Home Help Search Calendar Login Register
*
Welcome, Guest. Please login or register.
Did you miss your activation email? 		July 19, 2008, 11:09:06 PM


Login with username, password and session length


Web Hosting Forum | Lunarpages > Lunarpages Web Hosting - Advanced Assistance > Lunarpages - Web Hosting, Email & PC Security > HRLP FOR SECURITY
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: HRLP FOR SECURITY  (Read 276 times)
gavara
Trekkie
**
Offline Offline

Posts: 11
« on: January 26, 2008, 08:25:04 AM »
PLease can you help me?
in the last month i have had 4 attack of spamm and explotation of script. I USE JOOMLA ALWAYS I UPGRADE IT.

I have put this line in my php.ini of my ADDON domain  (direction home/xxx/public_html/mYADDONDOMAIN/php.ini

# register_globals = On

[Zend]
zend_optimizer.optimization_level=15
zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-2.5.10
zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-2.5.10
zend_optimizer.version=2.5.10a
zend_extension = /usr/local/lib/ioncube_loader_lin_4.4.so

zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so

php_flag eaccelerator.enable = On
php_flag eaccelerator.optimizer = On

# php_value memory_limit =24M
memory_limit = 24M ; Maximum amount of memory a script may consume (8MB)

#php_admin_value open_basedir "/tmp:/home/XXXX/public_html/"

#safe_mode = off

max_execution_time = 300
max_input_time = 600

upload_max_filesize = 8M (por defecto = 2M)

register_globals = 0
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open
allow_url_fopen = 0
magic_gpc_quotes = 0
safe_mode = 1
open_basedir = /dir/incl/

IS IT CORRECT TO PREEV ATTACK?

then i have put this line to block explotation script in my htaccess

########## Begin - Rewrite rules to block out some common exploits
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits

IS IT CORRECT?

best regards
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.3 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM