htaccess schutz website gegen hacker

Advanced .htaccess Tips

.htaccess is the default file name of an optional configuration file that provides numerous commands for controlling and configuring the Apache Web Server, and also to control and configure modules such as mod_rewrite (for htaccess rewrite), mod_alias (for htaccess redirects), and mod_ssl (for controlling SSL connections).
This file is usually present in the root directory and enables theWordPress „friendly-url“ permalink structure for example.
You can create a .htaccess file in any folder to to add restrictions specific to the folder (and all sub-folders).
Before making any changes – make sure to backup the current .htaccess file!

## Disable the Server Signature ##
ServerSignature Off

## Disable directory browsing – Can cause 500 Internal Server Error ##
Options All -Indexes

Protecting specific folders: – create a htaccess in the folder required

## Disable php in a folder all subfolders – use where „777“ permission required ##
<IfModule mod_php5.c>
  php_flag engine off
</IfModule>
or else:

## Secure /uploads/ directory from unwanted file types ##
<FilesMatch „.(php|php3|php4|php5|sh)$“>
  Deny from All
</FilesMatch>

## Allow access only from specific IP-Address(es) ##
order deny,allow
deny from all
allow from x.x.x.x
If you are using this to protect /wp-admin/ directory then add the following to allow user logins (for comments etc.)

<FilesMatch „^(admin-ajax|misc|profile|users).php$“>
    Order allow,deny
    Allow from all
    Satisfy any
</FilesMatch>
Block Referrer Spam (you’ll see these clogging your analytics traffic):

## Block referrer spam such as Semalt ##
RewriteCond %{HTTP_REFERER} ^http://.*youtubedownload.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*softomix.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*zazagames.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*youtubedownload.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*vapmedia.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*soundfrost.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*joingames.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*videofrost.net/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*softomix.net/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*feedouble.net/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*backgroundpictures.net/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*joinandplay.me/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*videofrost.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*srecorder.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*softomix.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*openmediasoft.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*openfrost.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*myprintscreen.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*musicprojectfoundation.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*feedouble.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*fbfreegifts.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*extener.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*embedle.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*savetubevideo.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*kambasoft.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*buttons-for-website.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*7makemoneyonline.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*darodar.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*semalt.com/ [NC]
RewriteRule ^(.*)$ – [F,L]
Stop Spammers automatically posting Spam comments on your Blog:

## Block WordPress Spam – no direct access to Comments – Change yourdomain.com below ##
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post.php*
RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]

Trap almost all bots trying to hack your site.

First, set a cookie for anybody requesting resources.

# If they are requesting resources, then they’re probably not bots.
RewriteCond %{REQUEST_FILENAME} (mytheme.css|.jpg)$ [NC]
RewriteRule .* – [L,co=human:abides:%{HTTP:Host}:86400]
Second, check incoming POST’s to see if they have that cookie set, if not, you can assume that they are most likely bots.

# Check if this is a post method, if so, the human cookie must be set.
# If the bots don’t abide, they get a 403 for their POST.
RewriteCond %{REQUEST_METHOD} =POST
RewriteCond %{HTTP_COOKIE} !^.*human.*$ [NC]
RewriteRule .* – [F]
# Block most proxies. Most hackers / spammers use proxies
# You might want to only use this on restricted resources (logins, comments) – as this will also block

RewriteCond %{HTTP:HTTP_VIA}      !^$ [OR]
RewriteCond %{HTTP:HTTP_X_FORWARDED_FOR}      !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED_FOR}      !^$ [OR]
RewriteCond %{HTTP:HTTP_X_FORWARDED}      !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED}      !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED_FOR_IP}      !^$ [OR]
RewriteCond %{HTTP:VIA}      !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR}      !^$ [OR]
RewriteCond %{HTTP:FORWARDED_FOR}      !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED}      !^$ [OR]
RewriteCond %{HTTP:FORWARDED}      !^$ [OR]
RewriteCond %{HTTP:CLIENT_IP}      !^$ [OR]
RewriteCond %{HTTP:FORWARDED_FOR_IP}      !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY_CONNECTION}      !^$
RewriteRule ^(.*)$ – [F]
Block the most common hacker attacks used to compromise your site

## BLOCK COMMON QUERY STRING EXPLOITS ##
# Do not allow the use of User Agent Strings containing specific robot (crawler) identifiers
RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner|jce|ukrain).* [NC,OR]
# Do not allow the use of User Agent Strings containing references to specific crawler libraries
RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|scan|wbsearchbot).* [NC,OR]
RewriteCond %{THE_REQUEST} ? HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} /* HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D|r|n) [NC,OR]
RewriteCond %{REQUEST_URI} owssvr.dll [NC,OR]
RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_REFERER} .opendirviewer. [NC,OR]
RewriteCond %{HTTP_REFERER} users.skynet.be.* [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(..//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} =PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (../|..) [OR]
RewriteCond %{QUERY_STRING} ftp: [NC,OR]
# The following 2 commands can cause problems with some thumbnail generators
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(ht|f)tp:// [OR]
RewriteCond %{QUERY_STRING} http: [NC,OR]
RewriteCond %{QUERY_STRING} https: [NC,OR]
RewriteCond %{QUERY_STRING} =|w| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*embed.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*object.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*iframe.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*([^)]*) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*((|)|<|>|%3c|%3e).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(x00|x04|x08|x0d|x1b|x20|x3c|x3e|x7f).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (./|../|…/)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127.0.0.1|mosconfig|scanner) [NC,OR]
# Block SQL Statements in Querystring
RewriteCond %{QUERY_STRING} (<|>|’|%0A|%0D|%27|%3C|%3E|%00|%2527) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^(]*( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ – [F,L]
Having secured your server you still need to be vigilant and follow basic security procedures:
Apply all UPDATES !!
Use STRONG passwords and don’t reuse them!
Regularly create Backups
If you are not sure if your server has been hacked – use a free malware scanner to check:
PS:  If you are using nginx Server and not Apache, use this Site to convert htaccess commands into nginx compatible commands – http://winginx.com/en/htaccess