Articles tagged with “apache”
- Perishable Press 3G Blacklist
-
After much research and discussion, I have developed a concise, lightweight security strategy for Apache-powered websites. Prior to the development of this strategy, I relied on several extensive blacklists to protect my sites against malicious user agents and ...
- Building the 3G Blacklist, Part 5: Improving Site Security by Selectively Blocking Individual IPs
-
In this continuing five-article series, I share insights and discoveries concerning website security and protecting against malicious attacks. Wrapping up the series with this article, I provide the final key to our comprehensive blacklist strategy: selectively blocking individual IPs. ...
- Building the 3G Blacklist, Part 4: Improving the RedirectMatch Directives of the Original 2G Blacklist
-
In this continuing five-article series, I share insights and discoveries concerning website security and protecting against malicious attacks. In this fourth article, I build upon previous ideas and techniques by improving the directives contained in the original, 2G Blacklist. Subsequent articles will focus on key blacklist strategies designed to protect your site transparently, effectively, and ...
- Building the 3G Blacklist, Part 3: Improving Site Security by Selectively Blocking Rogue User Agents
-
In this continuing five-article series, I share insights and discoveries concerning website security and protecting against malicious attacks. In this third article, I discuss targeted, user-agent blacklisting and present an alternate approach to preventing site access for the most prevalent and malicious user agents. Subsequent articles will focus on key blacklist strategies designed to protect your ...
- Building the 3G Blacklist, Part 2: Improving Site Security by Preventing Malicious Query-String Exploits
-
In this continuing five-article series, I share insights and discoveries concerning website security and protecting against malicious attacks. In this second article, I present an incredibly powerful method for eliminating malicious query string exploits. Subsequent articles will focus on key blacklist strategies designed to protect your site transparently, effectively, and efficiently. At the conclusion ...
- Building the 3G Blacklist, Part 1: Improving Site Security by Recognizing and Exploiting Server Attack Patterns
-
In this series of five articles, I share insights and discoveries concerning website security and protecting against malicious attacks. In this first article of the series, I examine the process of identifying attack trends and using them to immunize against future attacks. Subsequent articles will focus on key blacklist strategies designed to protect your site transparently, effectively, and efficiently. At the conclusion of the series, the five articles will culminate in ...
- Blacklist Candidate Number 2008-04-27
- Welcome to the Perishable Press “Blacklist Candidate” series. In this post, we continue our new tradition of exposing, humiliating and banishing spammers, crackers and other worthless scumbags..
Since the implementation of my 2G Blacklist, I have enjoyed ...
- Blacklist Candidate Number 2008-03-09
- Welcome to the Perishable Press “Blacklist Candidate” series. In this post, we continue our new tradition of exposing, humiliating and banishing spammers, crackers and other worthless scumbags..
Imagine, if you will, an overly caffeinated Bob Barker, hunched over his favorite laptop, feverishly scanning his server access files. Like some underpaid ...
- Blacklist Candidate Number 2008-02-10
- Welcome to the Perishable Press “Blacklist Candidate” series. In this post, we continue our new tradition of exposing, humiliating and banishing spammers, crackers and other worthless scumbags..
Scumbag number 2008-02-10, “COME ON DOWN!!” — you’re the next baboon to get banished from the site! Like many bloggers, I ...
- Blacklist Candidate Number 2008-01-02
- Come one, come all — today we officially begin a new series of posts here at Perishable Press: the public exposure, humiliation, and banishment of spammers, crackers, and other site attackers. Kicking things off for 2008: blacklist candidate number 2008-01-02!
Every Wednesday, I take a little time to investigate my ...
- How to Enable PHP Error Logging via htaccess
- In this brief tutorial, I will show Apache users how to suppress PHP errors from visitors and enable PHP error logging via htaccess.
Tracking your site’s PHP errors is an excellent way to manage and troubleshoot unexpected issues related to plugins and themes. Even better, monitoring PHP errors behind the scenes ...
- A Dramatic Week Here at Perishable Press..
- ..And we’re back. After an insane week spent shopping for a new host, dealing with some Bad Behavior, and transferring Perishable Press to its new home on a virtual private server (VPS), everything is slowly falling back into place. Along the way, there have been some interesting challenges and many lessons learned. Here are a few of the highlights..
The tide may be turning ...
- Three Ways to Allow Hotlinking in Specific Directories
- After implementing any of the hotlink-prevention techniques described in our previous article, you may find it necessary to disable hotlink-protection for a specific directory. By default, htaccess rules apply to the directory in which it is located, as well as all subdirectories contained therein. There are (at least) three ways to enable selective hotlinking:
Place hotlink images in an alternate directory
This method ...
- Stupid htaccess Trick: Enable File or Directory Access to Your Password-Protected Site
- In this brief tutorial, we are going to enable users to access any file or directory of a site that is password-protected via htaccess. There are many reasons for wanting to employ this technique, including:
Share public resources from an otherwise private site
Enable visitors to access content during site maintenance
Testing and formatting of layout and design during development
As a webmaster, I have used this technique on several ...
- Creating the Ultimate htaccess Anti-Hotlinking Strategy
- When I wrote my article, Stupid htaccess Tricks, a couple of years ago, hotlink-protection via htaccess was becoming very popular. Many webmasters and bloggers were getting tired of wasting bandwidth on hotlinked resources, and therefore turned to the power of htaccess to protect their content. At that time, there were only ...
- Ultimate htaccess Blacklist 2 (Compressed Version)
- [ Keywords: htaccess, rewrite, blacklist, block, deny, spam, spammers, scrapers, rippers ]
In our original htaccess blacklist article, we provide an extensive list of bad user agents. This so-called “Ultimate htaccess Blacklist” works great at blocking many different online villains: spammers, scammers, scrapers, scrappers, rippers, leechers — you name it. Yet, despite its usefulness, there is always room for improvement. For example, as reader ...
- htaccess Combo Pack: WordPress Permalinks and non-www Redirect
- WordPress users employing permalinks via htaccess to optimize their dynamic URLs transform complicated-looking links such as:
http://example.com/blog/index.php?page=33
..into search-engine friendly links such as:
http://example.com/blog/post-title/
Every rewritten URL relies on a common set of htaccess rules to transform the links. The htaccess rules for all WordPress permalinks look like this for root WP installations:
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond ...
- Eliminate 404 Errors for PHP Functions
- Recently, I discussed the suspicious behavior recently observed by the Yahoo! Slurp crawler. As revealed by the site’s closely watched 404-error logs, Yahoo! had been requesting a series of nonexistent resources. Although a majority of the 404 errors were exclusive to the Slurp crawler, there were several instances of requests that were also coming from Google, Live, and even Ask. Initially, these distinct errors were misdiagnosed as existing ...
- Web Host Recommendation: A Small Orange Delivers Superior Service
- [ Keywords: shared, hosting, small, orange, asmallorange, aso, cpanel, whm, server, host, excellent ]
Perishable Press switched to A Small Orange [ASO] in March of 2007. At the time, I was looking for highly recommended shared hosting with several key features:
Solid customer service and extremely reliable server uptime
Unlimited domains with plenty of disk space and bandwidth
Unlimited Email ...
- Temporary Site Redirect for Visitors during Site Updates
- [ Keywords: temporary, redirect, htaccess, php, site, maintenance, 403, 503, http, status, code ]
In our article Stupid htaccess Tricks, we present the htaccess code required for redirecting visitors temporarily during periods of site maintenance. Although the article provides everything needed to implement the temporary redirect, I think readers would benefit from a more thorough examination of the process — nothing too serious, just ...
- Permanently Redirect a Specific IP Request for a Single Page via htaccess
- Not the most interesting title, but “oh well”..
Recently, a reader named Alison left a comment requesting help with a particular htaccess trick. She wanted to know how to permanently redirect (301) all requests for a specific page when requested from a specific IP address. In other words, when a visitor coming from 123.456.789 requests the page requested-page.html, the visitor will be redirected to just-for-you.html. All visitors not ...
- How to Block IP Addresses with PHP
- [ Keywords: block, deny, ip, address, php, spam, htaccess, redirect ]
Figuratively speaking, hunting down and killing spammers, scrapers, and other online scum remains one of our favorite pursuits. Once we have determined that a particular IP address is worthy of banishment, we generally invoke the magical powers of ...
- Ultimate htaccess Blacklist
- [ Keywords: htaccess, rewrite, blacklist, block, deny, spam, spammers, scrapers, rippers ]
For those of us running Apache, htaccess rewrite rules provide an excellent way to block spammers, scrapers, and other scumbags easily and effectively. While there are many htaccess tricks involving blocking domains, preventing access, and redirecting traffic, ...
- Harvesting cPanel Raw Access Logs
- [ Keywords: cpanel, access, logs, log, ip, http, data ]
Harvesting Raw Logs For those of us using cPanel as the control panel for our websites, a wealth of information is readily available via cPanel ‘Raw Access Logs’. These logs are perpetually updated with data involving user agents, IP addresses, HTTP activity, resource access, and a whole lot more. Here is a ...
- Compressed JavaScript Compression
- [ Keywords: javascript, compression, compress, php, htaccess, gzip, ob_gzhandler ]
In this article, we extrapolate our favorite CSS-compression technique for JavaScript. Below, we outline the steps required to auto-compress your JavaScript documents via gzip and PHP. Two different compression methods are presented. The first method does not require htaccess, but rather involves the manual editing of JavaScript files. The second method employs htaccess to do ...
- Fast, Effective PHP Compression
- PHP compression is an excellent method of conserving bandwidth and reducing client download times. We have already discussed an excellent method for CSS compression, and in this article we share a super-easy technique for compressing all PHP content without editing a single file.
Using two PHP files and two corresponding lines of .htaccess, it is possible to compress your PHP files via gzip-encoding. Browsers and other user-agents capable of ...
- Invite Only: Visitor Exclusivity via the Opt-In Method
- Web developers trying to control comment-spam, bandwidth-theft, and content-scraping must choose between two fundamentally different approaches: selectively deny target offenders (the "blacklist" method) or selectively allow desirable agents (the "opt-in", or "whitelist" method).
Currently popular according to various online forums and discussion boards is the blacklist method. The blacklist method requires the webmaster to create and maintain a working list of undesirable agents, usually blocking their access via htaccess or php. The downside of "blacklisting" is that ...
- Roll your own Apache Rewrite Log
- Note to self: Here is the .htaccess code for creating an Apache Rewrite log. This is definitely helpful for testing .htaccess rewrite rules, permalinks, etc. Update: as jc points out in the comments section, Apache versions 2.2 or better no longer allow RewriteLog directives in htaccess files. For these versions, it is necessary to coordinate logging through the server configuration file or via virtual host. For more information, check the source. For ...
- Time Test
- This post exists entirely for the sake of tweaking time functionality in Apache, PHP, SQL, and WordPress..
Immediate findings:
Date/time limit into the past for WordPress: December 13, 1901 @ 15:45
WordPress will display December 13, 1901 @ 15:45 properly for all functions except wp_get_archives
All dates prior to 12/13/1901 in MySQL will display as December 31, 1969 @ 19:00 in the WP Admin > Post Timestamp panel
SQL timestamps of 0000-00-00 00:00:00 display as 0 via $wpdb->get_col("SELECT DISTINCT YEAR
SQL timestamps of ...
- Block Spam by Denying Access to No-Referrer Requests
- Credit for this trick goes to shoemoney.com. What we have here is an excellent method for preventing a great deal of blog spam. With a few strategic lines placed in your htaccess file, you can prevent spambots from dropping spam bombs by denying access to all requests that do not originate from your domain.
How does it work? Well, when a legitimate user (i.e., not a robot, etc.) decides to leave a comment on your blog, ...
- Stop Bitacle from Stealing Content
- If you have yet to encounter the content-scraping site, bitacle.org, consider yourself lucky. The scum-sucking worm-holes at bitacle.org are well-known for literally, blatantly, and piggishly stealing blog content and using it for financial gains through advertising. While I am not here to discuss the legal, philosophical, or technical ramifications of illegal bitacle behavior, I am here to provide a few critical tools that will help ...
- Compressed CSS Compression
- In this article, we have consolidated the priceless information provided in fiftyfoureleven.com’s fine post, The Definitive Post on Gzipping your CSS, which discusses two practical methods for compressing CSS documents. Complete and utter credit for the contents of this article is hereby attributed to fiftyfoureleven.com.
Method One
Overview: This method involves adding a small PHP script to your CSS document and replacing its .css extension ...
- Stupid htaccess Tricks Redux
- One of our most popular posts, Stupid htaccess Tricks, has been completely rewritten and now includes almost twice as many stupid htaccess tricks. Plus, we have added a library of regex character definitions, more information for many of the directives, and several handy references. But wait, there’s more — we even threw in a “quick-jump” Table of Contents and a complete set of “up” [ ^ ] links for easy navigation. Utterly amazing!
- Website Attack Recovery
- Recently, every website on our primary server was simultaneously attacked. The offending party indiscriminately replaced the contents of every index file, regardless of its extension or location, with a few vulgar lines of code, which indicated intention, identity, and influence.
Apparently, the attack occurred via Germany, through a server at the University of Hamburg. This relatively minor attack resulted in several hours of valuable online education. In this article, it is our intention ...
- The htaccess Rules for all WordPress Permalinks
- Note: this article specifically applies to WordPress version 2+ running on Apache servers.
We recently performed a series of tests on a fresh installation of WordPress 2.0.2 to determine the exact htaccess rewrite rules that WordPress writes to its htaccess file for various permalink configurations. Under the WP admin option menu, WordPress lists four choices for permalink structure:
Default: http://perishablepress.com/press/?=123
Date and name based: http://perishablepress.com/press/index.php/2006/06/14/sample-post/
Numeric: http://perishablepress.com/press/index.php/archives/123
Custom: /%year%/%monthnum%/%day%/%postname%/
The "default" option is to not use permalinks. The "date and name based" setting ...
- Permalink Enlightenment
- I recently enabled the permalinks feature for a fresh WordPress 2.0.2 upgrade. The process required several hours of research and approximately 90 minutes to fully implement. This brief article summarizes the process and applies to at least the following setup:
WordPress 2.0.2
Apache Server with mod_rewrite enabled
The ability to access/modify your .htaccess file(s)
You have decided to use the /%year%/%monthnum%/%day%/%postname%/ permalink format (actually, any format will work; simply swap your preferred format for the one mentioned here)
You may also be ...
- Stupid htaccess Tricks
- Welcome to Perishable Press! This article, Stupid htaccess Tricks, covers just about every htaccess “trick” in the book, and is easily the site’s most popular offering. In addition to this htaccess article, you may also want to explore the rapidly expanding htaccess tag archive. Along with all things htaccess, Perishable Press also focuses on ...