Home Loan - Watch One Piece - Free vBulletin Skins - Online Advertising - Car Insurance
PDA

View Full Version : Prevent Santy with htaccess?

kusadasi-guy
Dec 27th 2004, 6:42 am
Shawn recommend for preventing santy that

Make a .htaccess file with the following in the root folder:
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^LWP* [OR]
RewriteCond %{HTTP_USER_AGENT} ^lwp*
RewriteRule .* - [F]That will of course require your server allows you to use mod_rewrite.

as i as i know that htaccess file prevent infamous browser access to the website. am i correct?

And, it may close the access to googlebot, msnbot, yahoobot ..etc?
flawebworks
Dec 27th 2004, 7:45 am
This shouldn't affect robots at all, unless they're indicated. It's preventing the user agent lwp (which is a perl module that can be used with a script to get files) from accessing your site.
kusadasi-guy
Dec 27th 2004, 7:56 am
Thank You so much!
subnet_rx
Dec 28th 2004, 12:29 pm
I thought Santy only affects phpBB forums?
GuyFromChicago
Dec 28th 2004, 12:47 pm
No, it exploits php...which phpbb happens to use.
Will.Spencer
Dec 30th 2004, 11:20 am
This work-around does not work against today's new Santy variant which spoofs User-Agent.

Also, Santy appears to exploit the phpBB highlight vulnerability -- but may not exploit the php unserialize vulnerability.
GuyFromChicago
Dec 30th 2004, 11:43 am
Do you know what user agent(s) Santy is spoofing?