Comments on: Hack Attempt?

By: Sarah

Sarah — Tue, 20 Mar 2007 21:42:01 +0000

Unfortunately the rewrite didn't work despite there being no reason for it not working. Probably the numerous other lines of spam blocking I have in my htaccess!

Anyhow, PHP to the rescue and in good time as I've had 40 hits today alone with this script from various domains. Apparently it's a backdoor trojan according to a friend's firewall so clearly not a nice script. Still, it's blocked for now. I'll post up the code in the morning.

I've also had to block visitors with empty user agents (sorry to anyone who has this but I've not spotted any in my server logs). The site was getting hammered today by some bot, so there's another block in place.

It makes me wonder whether it's worth keeping the site running with receiving more bots than humans as visitors!

By: Sarah

Sarah — Tue, 20 Mar 2007 09:14:18 +0000

Cheers Dave, I'll give that a go

By: David Salisbury

David Salisbury — Mon, 19 Mar 2007 22:10:21 +0000

Further to that I'm not sure that you can use query strings with the various Redirect directives. You may need use something like this:

RewriteEngine On
RewriteCond %{QUERY_STRING} ^(.*)stoerlein.de.*$
RewriteRule .* – [G]

By: David Salisbury

David Salisbury — Mon, 19 Mar 2007 22:06:12 +0000

That dot separating the TLD and domain name may need escaping

By: Sarah

Sarah — Sat, 17 Mar 2007 01:14:25 +0000

Hmm okay I got my first problem solved (after a day of searching and trying everything I could find or think of!). Yet the same method doesn't want to work for blocking this hack attempt.

I have

RedirectMatch 410 ^(.*)stoerlein.de.*$ RedirectMatch 410 ^(.*)/trackback/$

The second line works for any trackback URL on a post on this site (which have all been heavily spammed and are now just skewing my stats). However the first line doesn't do anything. I'm only guessing what the above means so it could be badly wrong!

Anyone a htaccess expert out there?