StingerWebsites.com
- Web Hosting & Design Tools
.HTACCESS & .HTPASSWD
Step
by step, most detailed .htaccess setup instructions
Requirements:
1) For the basic 'dead URL' redirect and pass
protection nothing is required but a premium server.
2) For all all the rest, the mod-rewrite
capability on your server must be enabled. Test it:
Paste this ( RewriteEngine On ) without the brackets in
your .htaccess file and upload it. If you get a server
error, it is not enabled. Contact your server admin.
3) Your 'document root' /home/user/file/http/ for
example. (use this to find it, if you don't know it).
4) A text editor, such as notepad. If a text
editor corrupts the script, use another. Some say word
for windows doesn't work, others say notepad doesn't work.
The basic is notepad.
What is .htaccess? It is a
limited, though very valuable communication
medium between you and your website server.
Any .htaccess file in a directory
will protect all directories within, or under, that
directory. The most basic .htaccess file, which
goes in your 'root' directory where your index.html main
page is, normally contains at least the redirect rule:
Redirect traffic from pages
requested, though no longer on your site to any URL. (just
cut and paste the text below in a blank notepad file and
save as .htaccess, then upload to your root.
ErrorDocument 404/ http://www.yoursite.com
You can add this text to ban any
IP addresses: new line for each, prefixed with 'deny
from'.
<Limit Get>
order allow,deny
deny from 99.779.22.33
allow from all
</Limit>
Add also this rewrite to ban any
robots or programs used to download your whole site,
including your members area. It are off-line
browsing software programs that do this.
Add any more by just cutting and pasting a line 'at
the top' and changing the name to the name of that
software 'backWeb' is the first one here.
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^.*BackWeb.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo\Pump.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Drip.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Gets.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^IBrowse.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\Ninja.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^JustView.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\tool.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\PiX.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\Explorer.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\Foto.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Pockey.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Slurp.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^SpaceBison.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\Image\Collector.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\Sucker.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Webster.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^ia_archiver.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^lftp.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut.*
RewriteCond %{HTTP_USER_AGENT} ^.*WebZIP.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Stripper.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Offline.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Copier.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Crawler.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Snagger.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Teleport.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Reaper.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Wget.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Grabber.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Sucker.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Downloader.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Siphon.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Collector.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Mag-Net.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Widow.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Snake.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*gotit.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Vacuum.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Pump.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*HMView.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*HTTrack.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*JOC.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*likse.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Memo.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*pcBrowser.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*SuperBot.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*leech.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Mirror.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Recorder.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*GrabNet.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Likse.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Navroad.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*attach.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Magnet.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Surfbot.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Bandit.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Ants.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Buddy.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Whacker.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Backstreet.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Caitoo.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Curl.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Eclipt.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*FlashSite.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*GetBot.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*GetSmart.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*GetWeb.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Grab.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Greed.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*HtGet.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*HTTrack.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*iFox98.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Sucker.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Vampire.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Eater.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Snarf.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Devil.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Retriever.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*WebVCR.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*WWWCopy.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*WWWoffle.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Aculinx.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*DownloadIt.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Express.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*FlipBrowser.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Weazel.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*IPhoto.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*MemoWeb.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*NetDrag.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Commander.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*SuperBot.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Teleport.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Webexe.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Extractor.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Navroad.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Hoover.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Keepoint.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Enterprise.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Down2Web.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Burner.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Snatcher.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*FileHound.*$
RewriteCond %{HTTP_USER_AGENT} ^.*Backweb.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*gotit.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Bandit.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Ants.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Buddy.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*WebZIP.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Crawler.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Wget.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Grabber.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*BlackWidow.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Sucker.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Downloader.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Siphon.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Collector.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Snagger.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Widow.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Snake.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Vacuum.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Pump.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Teleport.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Reaper.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Mag-Net.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Memo.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*pcBrowser.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*SuperBot.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*leech.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Stripper.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Offline.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Copier.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Mirror.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*HMView.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*HTTrack.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*JOC.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*likse.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Recorder.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*GrabNet.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Likse.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Navroad.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*attach.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Magnet.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Surfbot.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Whacker.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^DA\ 5.0.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^DA\ 5.3.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^DA\ 4.0.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger\ 1.20b.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger\ 1.20b.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Crescent [OR]
RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [OR]
RewriteCond %{HTTP_USER_AGENT} ^CherryPickerSE [OR]
RewriteCond %{HTTP_USER_AGENT} ^CherryPickerElite [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^ia_archive [OR]
RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR]
RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [OR]
RewriteCond %{HTTP_USER_AGENT} ^Telesoft [OR]
RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [OR]
RewriteCond %{HTTP_USER_AGENT} ^TV33_Mercator [OR]
RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*FileHound.*$
RewriteRule /* http://www.somewhre.com [L,R]
(you'll want to add the last line
to the above, to redirect all the traffic stopped by the
above rules
to a by you specified URL)
All the above can go in your root
directory without the AuthUserFile bit, unless you want
to protect that area. Just cut and paste then below each
other with a space.
.HTACCESS TO RESTRICT TO PROTECT Areas
(the below scripts goes into the
area you want to protect only. It 'points' at the .htpasswd
file. so the server checks that file. /dev/null
tells the server that there is no file to look for.
In this case, no AuthGroupFile). Beside this you'd have a
black notepad file named .htpasswd in your directory.
The passwords will be written to this file.
AuthUserFile /server/path/to/your/password/file/.htpasswd
AuthGroupFile /dev/null
AuthName "Members Area"
AuthType Basic
<Limit Get>
require valid-user
</limit>
REDIRECTING UNAUTHORIZED BOOKMARK ACCESS
This URL ( http://username:password@yourtsite.com/members/index.html ) is a cheat URL used by
hackers to give pass access to unauthorized person and
1000's can download your content daily without to pay a
dime. Try it your self by replacing the user and pass
with your own, then cut and paste it in your
browser. This entry shows as a bookmark in all stats.
To Redirect Unauthorized book-mark
access to your protected areas
(add the rewrite below to the .htaccess
file in your pass protected area so the cheaters URL
http://username:password@yourtsite.com/members/index.html
cannot be used and surfers
are forced to access the pass area through a link on your
site - login.htm or members.html or whatever.
*yourdomain.com/ instructs the server to send all traffic
directed to your members area to: /*httP;//www.yourdomain.com/login.htm.
Note that all hackers have to do now is login from your
login.htm page! So this is only of use if you use
login monitoring software which can alert you and ban
multiple IPs or the same IP login in several times in a
minute or time specified by you.)
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yourdomain.com/
[NC]
RewriteRule /* http://www.yourdomain.com/login.htm [L,R]
-------------------------------------------------------------------------------------------------------------------------
YOUR
FILE WILL LOOK LIKE:
AuthUserFile /server/path/to/your/password/file/.htpasswd
AuthGroupFile /dev/null
AuthName "Members Area"
AuthType Basic
<Limit Get>
require valid-user
</limit>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yourdomain.com/
[NC]
RewriteRule /* http://www.yourdomain.com/login.htm [L,R]
HOTLINKING
To prevent people HOTLINKING (linking
to your images from other sites, so they
show on their pages on their sites, without the viewer
ever visiting your site, though you pay for the bandwidth)add
this rule to any of your .htaccess files on your site.
Remember: placed in the root they guard the whole site.
The http://www.yoursite.com/, tells
the server which site the rewrite is for. The *somesite.com,
tells the script to allow hot-linking from anywhere on
that site, add a line for each site allowed to hotlink (change
somesite.com/ to yoursite.com, if no hotlinking
from other sites is allowed). You can choose whether to
place this 'anti-hotlink' rule in your members area to
protect only there, or in your root to protect
your whole site. If it's in your root, nobody can hotlink
- no topsites, nothing, to anywhere on your site, accept
the site/s positioned at '*somesite.com!)
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*somesite.com/
[NC]
RewriteRule /* http://www.yoursite.com [L,R]
You may want to protect mpegs, too:
in that case, use this one:
Use this one to prevent the hot-linking
of your pics, and movies (but read further here)
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com [NC]
RewriteRule .*\.(gif|GIF|jpg|JPG|mpg|MPG|Mpeg|mpeg|MPEG|rm|RM)$
http://www.yourdomain.com [R,L]
Or this one
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://w*\.*yourdomain.com
RewriteCond %{HTTP_REFERER} !^http://w*\.*yourIPaddress
RewriteRule .*[Jj][Pp][Gg]$|.*[Gg][Ii][Ff]$ http://www.yourbannerpage.com
[R,L]
Test it by linking direct to the
pics and movies from an other site and also cut then
paste the direct link.
PREVENT PASS SHARING
And
How To Use .htaccess To Password-Manage All Your Sites
With One Master .htaccess File
Now you have all the above
information you got to understand that NONE of this will
prevent 'pass sharing'. The only solution for that one is
the use of password software.
The bookmark redirect is only directing the hackers to a
trap (the login.htm with the software monitoring it) they
can be caught and blocked there. If you don't have the
software 1000's can still manually login with these
hacked passes. How are passes hacked? They use software
that is hammering 100's of password combinations into
your site until they get one! They then post it on boards
and give 1000's access. All you can do make it hard on
them by
1) Pass protecting your directories
2) Using the .htaccess rule to direct them to your
login page.
3) Install software to guard your password area.
This software will ban multiple IP
logins under the same user, ban hacker software hammering
100's of pass combinations into your site's login area,
send you an E-mail on the user and pass used to do that
etc. Just browse through them and decide which one you
like. The password sentry gets very good reviews and
recommendations!
I know what some of you may think
now: 'but Hey! The cash man! That stuff costs
millions! I've got to get one for each site and I
got 9 sites!'
Calm down, Calm down - you'd
figure this one out after a short or longer while after
you'd have
started to use .htaccess and start to play around with
it, but here you go!
All you do is install one pass
guard on just one site and use .htaccess to manipulate
everyone to login on that site, so allowing your pass
guard to track them all. 3 or 4 hackers log-in (as they
'must') the IP gets banned, you get an E-mail and you're
save and cool! Of course this can also
be used without a pass guard, and just to make pass
management of your sites easier, but the pass guard is
recommended.
Here you go:
1) Make one site the 'log-in'
site.
2) In your free area, set-up a login page on that
site: http://www.yoursite1.com/login.html
3) Add the code below to the .htaccess file in
your members directory on yoursite1.com
(This rule tells the server to only
allow traffic coming from yoursite
1.com/login.htm or yoursite2.com to 5.com/members/
through to the pass
protected area, and direct all other traffic directed to
the members area of yoursite1.com
to yoursite.com/login.htm)
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yoursite1.com/
[NC]
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yoursite2.com/members/
[NC]
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yoursite3.com/members/
[NC]
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yoursite4.com/members/
[NC]
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yoursite5.com/members/
[NC]
RewriteRule /* http://www.yoursite1.com/login.htm [L,R]
4) Place this rule in your .htacces
file on yoursite2,3,4 and 5.com -
all your other sites.
(The rule tells the server to allow
only traffic coming from site 1-5/members area through
and direct all other traffic (like cut and paste hackers
traffic) to your login page on yoursite1.com/login.htm.
Note that here the pass file is no longer used but the
script will track which URL the visitors
are coming from: only those coming from yoursite1 to 5 .com/members/
will be granted access. All unauthorized traffic will be
directed to yoursite1.com/login.htm)
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yoursite1.com/members/
[NC]
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yoursite2.com/members/
[NC]
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yoursite3.com/members/
[NC]
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yoursite4.com/members/
[NC]
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yoursite5.com/members/
[NC]
RewriteRule /* http://www.yoursite1.com/login.htm [L,R]
To remove a user from a .htpasswd
file, just download it to your server and cut the name
and pass: It looks like this:
jarrold:YL.sJsGbYsdFt:
The AuthGroupFile will look like
this:
userlist: sammy fred Joanne hen
Only users listed in here will be
allowed to log in. You don't really need it as the pass
file will allow you to ban people anyway.
If you insist in doing it all
manually, you must wonder how you get the encrypted
passwords
That's all there's to it. To make
live yet easier, I have made some ready files in which
you just have to edit the sample URLs and then just
upload!
HOW TO PROTECT JUST ONE FILE IN A
DIRECTORY
<files "admin.php">
AuthUserFile /opt/htdocs/www.whateveritis.com/.htpasswd
AuthType Basic
AuthName "Protected file"
require valid-user
</files>
THE PROBLEM WITH MOVIE & FLASH FILES
There seems to be problem protecting movie images and
particularly .swf (flash).
Some webmasters say they have to embed their mpegs and
flash files and not use the
<img scr> tag.
It is said that there is not yet a
perfect solution to this, but the problems are caused
because movie players use java and do not send headers
and so the server does not track them. But, as a
solution, most of the time the following will help:
Add this rule to your .htaccess
file in your movie directory:
RewriteEngine on
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yourdomain.com/
[NC]
RewriteCond %{HTTP_COOKIE} !(^|(.+;)*)id=valid(;.*|$)
RewriteRule /*$ http://www.yourdomain.com/ [L,R]
Or add this one
RewriteEngine on
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} !^http://yourIPaddress/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/.*$
[NC]
RewriteCond %{HTTP_COOKIE} !(^|(.+;)*)id=valid(;.*|$)
RewriteRule /*$ http://www.yoursite.com [L,R]
Place the cookie script below
between the <head> </head> HTML section of
the index.html page of the area where your movie/flash
files are. It must be in the first page the users go
through to reach the files; The entry page. The cookie
duration time is set to 4 hours; change it, if you like.
As the users must login every
time they come to your site with your .htaccess
protection, and they'd get a cookie anyway, the cookie
here only acts as a guard against hotlinkers. The server
will look for a cookie every time anyone tries to access
anything within this directory, and so they must login
first to see the mpeg (no stopping pass-sharing or
hackers, remember) but it does stop your files being
hotlinked to be viewed from other sites. You must use a
cookie to prevent hotlinking of your movies.
<SCRIPT LANGUAGE="javascript">
// Calculate the expiration date
var expires = new Date ();
expires.setTime(expires.getTime() + 1 * 60 * 60 * 1000);
document.cookie = "id=valid; path=/" + ";
expires=" + expires.toGMTString();
</SCRIPT>
Only the above combination of .htaccess
and cookie will prevent the hotlinkers from cutting and
pasting URL's to bypass the sole '.htaccess' hotlinking
protection. You may have to place the movies is a
seperate directory as the htaccess code may not work
along side the other codes in your htaccess file.
REDIRECTION
TIPS
Add these to your directory .htaccess
file, if you want to direct users to any other page than
your index.html. File name goes in the blue area.
DirectoryIndex somefile.htm
Or this one, for the cgi-bin:
DirectoryIndex /cgi-bin/somefile.cgi
A final tip is to change your
movie and picture directories periodically, every few
days, weekly.
To check your document root, load this zip file
to your cgi-bin, chmod it 755, then call it in your
browser. You will get all details in HTML. If not, rename
the file .pl and try again; if still not, contact your
host and ask for your document root.
Need winzip to zip and unzip zip
files? Get it here.
Chmodding On A Unix Server
To chmod a file to 755:
1) Select the file in the
cgi-bin
2) Right click on your mouse
3) Choose 'Chmod Unix' from the drop-down menu
4) The box below pops up
5) Select the here blue-highlighted Areas.
6) Click 'okay', then 'rename', then 'okay'. Only
now you have completed the chmodding.
You can select multiple files for
chmodding, but then you will have to tick the okays as
many times as you got files!
To chmod to 777, tick all the boxes
and you will read 777.
To chmod to 444, tick the top three boxes and you will
read 444.
To chmod to 666, tick the 1st and 2nd row's three boxes
and you will read 666.
| Owner |
Group |
Other |
| Read |
Read |
Read |
| Write |
Write |
Write |
| Execute |
Execute |
Execute |
Chmod 755
|
| Owner |
Group |
Other |
| Read |
Read |
Read |
| Write |
Write |
Write |
| Execute |
Execute |
Execute |
Chmod 777
|
|