Friday, 28 November 2014 00:00

Chinese Hackers and you (now not just for the NSA)

Written by
Rate this item
(0 votes)

Chinese hackers you say?  What would they want with my itty-bitty web site?

Sadly, they want it for a lot of things... most of which won't actually help them but they will kill your web site in the process.  Generally what's going on here is comment spam.  Attackers seek to hack your commenting system and put links to their own web sites there.  These links are then scanned by google and google says, "Wow, that's a wildly popular web site since everyone is linking to it!  We'd better increase it's page rank in Google."  This service is sold as "search engine optimization" and is just one of the many reasons I advocate being VERY careful about contracting with an SEO company.

So what's to be done about it?  Well, I use siteground for my web hosting needs and siteground gives me access to the .htaccess file for appache.  Using the .htaccess file I can (and did) disallow all traffic from countries like China and Nigeria.  Now, if you're some major transnational corporation this is probably a bad thing.  But if you're me... PixelSplash... a local web design company then it makes total sense.  I'm fairly certain that nobody from China is going to call me up today and ask about creating a web site for them.  And if someone did call me up and ask that I'd suggest they find a more local company that can better address their marketing needs.

So the first step is to make sure that you've installed the .htaccess that came with Joomla.  Typically this file is called htaccess.txt so you need to copy it's contents and append them to the default siteground .htaccess file.  This should get you something like this:

AddHandler application/x-httpd-php53 .php .php5 .php4 .php3##
# @package Joomla
# @copyright Copyright (C) 2005 - 2014 Open Source Matters. All rights reserved.
# @license GNU General Public License version 2 or later; see LICENSE.txt
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
## Mod_rewrite in use.RewriteEngine On## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
## End - Rewrite rules to block out some common exploits.
## Begin - Custom redirects
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
## End - Custom redirects
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
# RewriteBase /## Begin - Joomla! core SEF Section.
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
## End - Joomla! core SEF Section.

From there, you'll want to head on over to THIS SITE and obtain the current block list.  Append that to the end of your .htaccess file and presto, no more traffic from China (and related countries).  



Read 5998 times Last modified on Friday, 28 November 2014 20:54