So hackers and wannabe-hackers probe sites for the presence of setup.php in various real and imagined and software-guessed directories.
How do I attack and/or block such probes via an .htaccess file?
Here are some code snippets I’ve seen across the Web:
<FILES setup.php>
Order allow,deny
Deny from all
</FILES>RewriteRule ^(.*)setup\.php$ http://www.google.com/ [NC]
RewriteRule setup\.php$ http://www.google.com [NC,L]
RewriteRule setup\.php$ – [G]
RewriteRule setup\.php$ – [F]
If any of those work, which is the best?
And if there’s a better way than any of the above, what is it?
Thanks!
Update at 8:46 pm: At this point, I’m using
RewriteEngine On
# 403-Forbidden
RewriteRule setup\.php$ – [F]
Along with an order allow,deny set-up denying access to a huge pile of IPs out of China.