Useful and perfect to help us to protect our CGI / LC Server apps. I use it since v 4G ;-)
> Perishable Press > > 5G Blacklist 2012 > Posted: 11 Jan 2012 12:47 PM PST > The 5G Blacklist helps reduce the number of malicious URL requests that hit > your website. It’s one of many ways to improve the security of your site and > protect against evil exploits, bad requests, and other nefarious garbage. > > After extensive beta testing, the 5G Blacklist/Firewall is solid and ready to > help secure sites hosted on Apache servers. In addition to beta testing for > the 5G, this is the 5th major update of my “G”-series blacklists. Here is a > quick overview of its evolution: > > > • Ultimate htaccess Blacklist (Compressed Version) > • 2G Blacklist: Closing the Door on Malicious Attacks > • Perishable Press 3G Blacklist > • The Perishable Press 4G Blacklist > • 5G Firewall (Beta) > Along the way, I’ve explored a wide variety of different blacklist > techniques. The 5G is the culmination of all these efforts, and will > eventually be replaced by the imminent 6G Blacklist/Firewall. > > What it does > > The 5G Blacklist is a simple, flexible blacklist that checks all URI requests > against a series of carefully constructed HTAccess directives. This happens > quietly behind the scenes at the server level, saving resources for stuff > like PHP and MySQL for all blocked requests. > > How it works > > Blacklists can block just about any part of a request: IP, user agent, > request string, query string, referrer, and everything in between. But IP > addresses change constantly, and user agents and referrers are easily > spoofed. As discussed, request strings yield the best results: greater > protection with fewer false positives. > > The 5G works beautifully with WordPress, and should help any site conserve > bandwidth and server resources while protecting against malicious activity. > > How to use > > To install the 5G Firewall, append the following code to your site’s root > .htaccess: > > # 5G BLACKLIST/FIREWALL > # @ http://perishablepress.com/5g-blacklist/ > > # 5G:[QUERY STRINGS] > <IfModule mod_rewrite.c> > RewriteEngine On > RewriteBase / > RewriteCond %{QUERY_STRING} (environ|localhost|mosconfig|scanner) [NC,OR] > RewriteCond %{QUERY_STRING} (menu|mod|path|tag)\=\.?/? [NC,OR] > RewriteCond %{QUERY_STRING} boot\.ini [NC,OR] > RewriteCond %{QUERY_STRING} echo.*kae [NC,OR] > RewriteCond %{QUERY_STRING} etc/passwd [NC,OR] > RewriteCond %{QUERY_STRING} \=\\%27$ [NC,OR] > RewriteCond %{QUERY_STRING} \=\\\'$ [NC,OR] > RewriteCond %{QUERY_STRING} \.\./ [NC,OR] > RewriteCond %{QUERY_STRING} \? [NC,OR] > RewriteCond %{QUERY_STRING} \: [NC,OR] > RewriteCond %{QUERY_STRING} \[ [NC,OR] > RewriteCond %{QUERY_STRING} \] [NC] > RewriteRule .* - [F] > </IfModule> > > # 5G:[USER AGENTS] > <IfModule mod_setenvif.c> > SetEnvIfNoCase User-Agent ^$ keep_out > SetEnvIfNoCase User-Agent (casper|cmsworldmap|diavol|dotbot) keep_out > SetEnvIfNoCase User-Agent (flicky|ia_archiver|jakarta|kmccrew) keep_out > SetEnvIfNoCase User-Agent (libwww|planetwork|pycurl|skygrid) keep_out > SetEnvIfNoCase User-Agent (purebot|comodo|feedfinder|turnit) keep_out > SetEnvIfNoCase User-Agent (zmeu|nutch|vikspider|binlar|sucker) keep_out > <Limit GET POST PUT> > Order Allow,Deny > Allow from all > Deny from env=keep_out > </Limit> > </IfModule> > > # 5G:[REQUEST STRINGS] > <IfModule mod_alias.c> > RedirectMatch 403 (https?|ftp|php)\:// > RedirectMatch 403 /(cgi|https?|ima|ucp)/ > RedirectMatch 403 /(Permanent|Better)$ > RedirectMatch 403 (\=\\\'|\=\\%27|/\\\'/?|\)\.css\()$ > RedirectMatch 403 (\,|//|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\") > RedirectMatch 403 \.(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$ > RedirectMatch 403 /(contac|fpw|install|pingserver|register)\.php$ > RedirectMatch 403 (base64|crossdomain|localhost|wwwroot|e107\_) > RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|config\.xml) > RedirectMatch 403 \.well\-known/host\-meta > RedirectMatch 403 /function\.array\-rand > RedirectMatch 403 \)\;\$\(this\)\.html\( > RedirectMatch 403 proc/self/environ > RedirectMatch 403 msnbot\.htm\)\.\_ > RedirectMatch 403 /ref\.outcontrol > RedirectMatch 403 com\_cropimage > RedirectMatch 403 indonesia\.htm > RedirectMatch 403 \{\$itemURL\} > RedirectMatch 403 function\(\) > RedirectMatch 403 labels\.rdf > RedirectMatch 403 /playing.php > RedirectMatch 403 muieblackcat > </IfModule> > > # 5G:[BAD IPS] > <Limit GET POST PUT> > Order Allow,Deny > Allow from all > # uncomment/edit/repeat next line to block IPs > # Deny from 123.456.789 > </Limit> > > That’s the golden ticket right there. The 5G Firewall is serious protection > for your website: extensively tested, plug-n-play, and completely free. > “Grab, gulp, n go” as they say. For more information, see the beta article > (and comments). > > Troubleshooting > > Remember, test thoroughly. If something stops working when the 5G is > installed, try removing the 5G. If things start working normally again, you > can either pass on the 5G or investigate further. Investigating further is > straightforward using something like the halving method, where you remove > chunks of the 5G until isolating and identifying the issue. Here is a quick > example: > > • I’ve installed the 5G, thanks Jeff. > • Uh-oh, the page at http://example.com/indonesia.html stopped loading > • Hmm, the URL contains the phrase “indonesia”, so let’s check the 5G > for it > • Yep, there’s a rule that blocks indonesia\.htm > • Removing that line resolves the issue, thanks me. > Is it okay to remove rules that are blocking your own pages? Yes, the only > downside is that malicious requests that would have otherwise been blocked > will now get through. The 5G will continue to block a massive volume of > malicious requests — it’ll just be a bit less effective. The protective > effect is cumulative, not dependent on any one rule. So customization is > encouraged. Once you dial it in, you’re all set. > > Disclaimer > > The 5G Firewall is provided “as-is”, with the intention of helping site > administrators protect their sites against bad requests and other malicious > activity. The code is open and free to use and modify as long as the first > two credit lines remain intact. By using this code you assume all risk & > responsibility for anything that happens, whether good or bad. In short, use > wisely, test thoroughly, don’t sue me. > > Learn more.. > > To learn more about the theory and development of the 5G Firewall, check out > my articles on building the 3G, 4G and 5G Blacklist. A search for “blacklist” > in the sidebar should also yield many results. > > Happy securing! > > © 2012 Perishable Press > > > You are subscribed to email updates from Perishable Press > To stop receiving these emails, you may unsubscribe now. Email delivery > powered by Google > Google Inc., 20 West Kinzie, Chicago IL USA 60610 -- Pierre Sahores mobile : 06 03 95 77 70 www.sahores-conseil.com _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
