htaccess to block exploit attempts

[Ensonix]

I'm just checking out Zencart after using Joomla/Virtuemart for a while. I've seen a lot of "I've been hacked by ******" posts in the security forum which look very similar to the some of the automated/scripted hacks that plagued Mambo/Joomla sites. The following code now appears in the core htaccess file for Joomla. It uses regex to block common php exploit attempts and redirect those queries to the homepage with a 403 Forbidden.

Would something like this be useful for zencart? (Apart from the first line with mosconfig which is Joomla/Mambo specific). It's GPL code, so i'm not sure what the usage rights are when crossing to another application.

The original posts by the author are here:
Post:
http://forum.joomla.org/index.php/topic,75376.0.html
and Discussion:
http://forum.joomla.org/index.php/to...html#msg388696

I don't think this would protect you in the case of your server being hacked through another website on the same server, but it might reduce the chances of your site being the point of entry.

Looking forward to getting started with ZenCart

Ryan

Code:

########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla! 
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
# 
########## End - Rewrite rules to block out some common exploits

[wilt]

I'll answer this in 2 parts.

First, for any one using ZC or any other mainline PHP script (joomla/nuke etc etc) I see no reason why those worried about security should not use this. Given that they are using Apache and that they have the relevant permissions that allow the use of .htaccess files.

Second. Will we use this in core ZC? Possibly. As we have said before, we do take Security very seriously, You only need to take a look at our response times for previous vulnerabilities, and the internal work we have undertaken (ongoing) such as the use of variable binding etc to see that.

My only reservation about the use of .htaccess files (yes I know we do already use them) is that they are only available to some of our users. (apache/permitted) and the fact that they have a tendancy to divert attention from actually writing/updating code to be secure in the first place.(much like PHP and register_globals)

[Pixxi]

I see no reason why those worried bout security should use this.

Did you mean to say ' I see no reason why those worried bout security should NOT use this.' ?

[wilt]

yes :)


(have edited accordingly)