New to the community? Start here

Andi
The Exporter
343 pts: Hero points 2,773 pts: Rep. points LEVEL 15

DEFENDER: Prevent PHP execution not working

Hi Support

We try to execute from Defender the

Prevent PHP execution

But it is not working it is always falling back to the same request again!

Kind regards

Andi

Tue, 7 Nov 2017 10:08:12

Paul Kevin
- Neo
- 292 pts: Hero points 1,232 pts: Rep. points LEVEL 8
Hello Andi ,

Hope you are well today. Kindly confirm which application server you are running and webhost. Please share any error logs that are related to Defender and if you recently changed or setup and SSL certificate.

Warm Regards

Paul Kevin
Andi
- The Exporter
- 343 pts: Hero points 2,773 pts: Rep. points LEVEL 15
It is still not working nothing changed
Paul Kevin
- Neo
- 292 pts: Hero points 1,232 pts: Rep. points LEVEL 8
Hello Andi ,

Hope you are well today. By any chance does the file index.php in the wp-content/plugins/wp-defender directory exist? If its not there, this is the reason the security tweak is failing as I tried to access the file directly and got a “File not found” error.

Warm Regards

Paul Kevin
Andi
- The Exporter
- 343 pts: Hero points 2,773 pts: Rep. points LEVEL 15
no it isn’t so why isn’t it when all those plugins get installed and updated regularly automatically

It is also not there on the one site which actually works! – as you could see in the different dashboard notes!
Paul Kevin
- Neo
- 292 pts: Hero points 1,232 pts: Rep. points LEVEL 8
Hello Andi ,

Hope you are well today. I’m not sure why the file is missing, perhaps there is a plugin or server setting that removes redundant index.php files from the server. But the file is needed for the Defender security check to mark as resolved.

Warm Regards

Paul Kevin
Andi
- The Exporter
- 343 pts: Hero points 2,773 pts: Rep. points LEVEL 15
Hi Kevin

It is missing in all networks (4) but one is showing correct results.

As it is missing in all should show correct results.

The only settings done are actually the ones done by WPMUDEV plugins

Reinstalling brings same files same results – how wonder as they got updated by wpmudev so I would suggest you need to check on the wpmudev site why they don’t include the index.php file :wink:

There gets nothing deleted here!

Kind regards

Andi
Paul Kevin
- Neo
- 292 pts: Hero points 1,232 pts: Rep. points LEVEL 8
Hello Andi ,

Hope you are well today. Apologies for the confusion here, the file should be in wp-content/uploads/wp-defender/ which is created by Defender . I can still access the file directly on the browser. Could you please confirm if there is a .htaccess file in your wp-content directory or if there are any other apache rules that override this?

Warm Regards

Paul Kevin
Andi
- The Exporter
- 343 pts: Hero points 2,773 pts: Rep. points LEVEL 15
```
## WP Defender - Protect PHP Executed ##

<Files *.php>

Order allow,deny

Deny from all

</Files>

## WP Defender - End ##
```
The files are there in all 4 multisites

in root is .htccess as follow

## BEGIN All In One WP Security ## AIOWPS_BLOCK_WP_FILE_ACCESS_START <Files license.txt> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order deny,allow Deny from all </IfModule> </Files> <Files wp-config-sample.php> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order deny,allow Deny from all </IfModule> </Files> <Files readme.html> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order deny,allow Deny from all </IfModule> </Files> #AIOWPS_BLOCK_WP_FILE_ACCESS_END #AIOWPS_BASIC_HTACCESS_RULES_START <Files .htaccess> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order deny,allow Deny from all </IfModule> </Files> ServerSignature Off LimitRequestBody 10240000 <Files wp-config.php> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order deny,allow Deny from all </IfModule> </Files> #AIOWPS_BASIC_HTACCESS_RULES_END #AIOWPS_PINGBACK_HTACCESS_RULES_START <Files xmlrpc.php> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order deny,allow Deny from all </IfModule> </Files> #AIOWPS_PINGBACK_HTACCESS_RULES_END #AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_START <Files debug.log> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order deny,allow Deny from all </IfModule> </Files> #AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_END #AIOWPS_DISABLE_INDEX_VIEWS_START Options -Indexes #AIOWPS_DISABLE_INDEX_VIEWS_END #AIOWPS_DISABLE_TRACE_TRACK_START <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] </IfModule> #AIOWPS_DISABLE_TRACE_TRACK_END #AIOWPS_FORBID_PROXY_COMMENTS_START <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_METHOD} ^POST RewriteCond %{HTTP:VIA} !^$ [OR] RewriteCond %{HTTP:FORWARDED} !^$ [OR] RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR] RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR] RewriteCond %{HTTP:X_FORWARDED_HOST} !^$ [OR] RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR] RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$ RewriteRule wp-comments-post.php - [F] </IfModule> #AIOWPS_FORBID_PROXY_COMMENTS_END #AIOWPS_DENY_BAD_QUERY_STRINGS_START <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{QUERY_STRING} ftp: [NC,OR] RewriteCond %{QUERY_STRING} http: [NC,OR] RewriteCond %{QUERY_STRING} https: [NC,OR] RewriteCond %{QUERY_STRING} mosConfig [NC,OR] RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR] RewriteCond %{QUERY_STRING} (;|'|"|%22).*(request|insert|union|declare|drop) [NC] RewriteRule ^(.*)$ - [F,L] </IfModule> #AIOWPS_DENY_BAD_QUERY_STRINGS_END #AIOWPS_ADVANCED_CHAR_STRING_FILTER_START <IfModule mod_alias.c> RedirectMatch 403 , RedirectMatch 403 : RedirectMatch 403 ; RedirectMatch 403 = RedirectMatch 403 [ RedirectMatch 403 ] RedirectMatch 403 ^ RedirectMatch 403 ` RedirectMatch 403 { RedirectMatch 403 } RedirectMatch 403 ~ RedirectMatch 403 " RedirectMatch 403 $ RedirectMatch 403 < RedirectMatch 403 > RedirectMatch 403 | RedirectMatch 403 .. RedirectMatch 403 %0 RedirectMatch 403 %A RedirectMatch 403 %B RedirectMatch 403 %C RedirectMatch 403 %D RedirectMatch 403 %E RedirectMatch 403 %F RedirectMatch 403 %22 RedirectMatch 403 %27 RedirectMatch 403 %28 RedirectMatch 403 %29 RedirectMatch 403 %3C RedirectMatch 403 %3E RedirectMatch 403 %3F RedirectMatch 403 %5B RedirectMatch 403 %5C RedirectMatch 403 %5D RedirectMatch 403 %7B RedirectMatch 403 %7C RedirectMatch 403 %7D # COMMON PATTERNS Redirectmatch 403 _vpi RedirectMatch 403 .inc Redirectmatch 403 xAou6 Redirectmatch 403 db_name Redirectmatch 403 select( Redirectmatch 403 convert( Redirectmatch 403 /query/ RedirectMatch 403 ImpEvData Redirectmatch 403 .XMLHTTP Redirectmatch 403 proxydeny RedirectMatch 403 function. Redirectmatch 403 remoteFile Redirectmatch 403 servername Redirectmatch 403 &rptmode= Redirectmatch 403 sys_cpanel RedirectMatch 403 db_connect RedirectMatch 403 doeditconfig RedirectMatch 403 check_proxy Redirectmatch 403 system_user Redirectmatch 403 /(null)/ Redirectmatch 403 clientrequest Redirectmatch 403 option_value RedirectMatch 403 ref.outcontrol # SPECIFIC EXPLOITS RedirectMatch 403 errors. RedirectMatch 403 config. RedirectMatch 403 include. RedirectMatch 403 display. RedirectMatch 403 register. Redirectmatch 403 password. RedirectMatch 403 maincore. RedirectMatch 403 authorize. Redirectmatch 403 macromates. RedirectMatch 403 head_auth. RedirectMatch 403 submit_links. RedirectMatch 403 change_action. Redirectmatch 403 com_facileforms/ RedirectMatch 403 admin_db_utilities. RedirectMatch 403 admin.webring.docs. Redirectmatch 403 Table/Latest/index. </IfModule> #AIOWPS_ADVANCED_CHAR_STRING_FILTER_END #AIOWPS_SIX_G_BLACKLIST_START # 6G FIREWALL/BLACKLIST # @ https://perishablepress.com/6g/ # 6G:[QUERY STRINGS] <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{QUERY_STRING} (eval() [NC,OR] RewriteCond %{QUERY_STRING} (127.0.0.1) [NC,OR] RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR] RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR] RewriteCond %{QUERY_STRING} (base64_encode)(.*)(() [NC,OR] RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|[|%) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR] RewriteCond %{QUERY_STRING} (|...|../|~|`|<|>||) [NC,OR] RewriteCond %{QUERY_STRING} (boot.ini|etc/passwd|self/environ) [NC,OR] RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?).php [NC,OR] RewriteCond %{QUERY_STRING} ('|")(.*)(drop|insert|md5|select|union) [NC] RewriteRule .* - [F] </IfModule> # 6G:[REQUEST METHOD] <IfModule mod_rewrite.c> RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|put|trace|track) [NC] RewriteRule .* - [F] </IfModule> # 6G:[REFERRERS] <IfModule mod_rewrite.c> RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000,}) [NC,OR] RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC] RewriteRule .* - [F] </IfModule> # 6G:[REQUEST STRINGS] <IfModule mod_alias.c> RedirectMatch 403 (?i)([a-z0-9]{2000,}) RedirectMatch 403 (?i)(https?|ftp|php):/ RedirectMatch 403 (?i)(base64_encode)(.*)(() RedirectMatch 403 (?i)(='|=%27|/'/?). RedirectMatch 403 (?i)/($(&)?|*|"|.|,|&|&?)/?$ RedirectMatch 403 (?i)({0}|(/(|...|+++|\"\") RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%||s|{|}|[|]||) RedirectMatch 403 (?i)/(=|$&|_mm|cgi-|etc/passwd|muieblack) RedirectMatch 403 (?i)(&pws=0|_vti_|(null)|{$itemURL}|echo(.*)kae|etc/passwd|eval(|self/environ) RedirectMatch 403 (?i).(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$ RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell).php </IfModule> # 6G:[USER AGENTS] <IfModule mod_setenvif.c> SetEnvIfNoCase User-Agent ([a-z0-9]{2000,}) bad_bot SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot # Apache < 2.3 <IfModule !mod_authz_core.c> Order Allow,Deny Allow from all Deny from env=bad_bot </IfModule> # Apache >= 2.3 <IfModule mod_authz_core.c> <RequireAll> Require all Granted Require not env bad_bot </RequireAll> </IfModule> </IfModule> ###=============================== ### AIOWPS_SIX_G_BLACKLIST_END ### ###=============================== ################################## ### AIOWPS_FIVE_G_BLACKLIST_START ### 5G BLACKLIST/FIREWALL (2013) ### @ http://perishablepress.com/5g-blacklist-2013/ ### 5G:[QUERY STRINGS] ################################## <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{QUERY_STRING} ("|%22).*(<|>|%3) [NC,OR] RewriteCond %{QUERY_STRING} (javascript:).*(;) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR] RewriteCond %{QUERY_STRING} (\|../|`|='$|=%27$) [NC,OR] RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR] RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR] RewriteCond %{QUERY_STRING} (boot.ini|echo.*kae|etc/passwd) [NC,OR] RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|[|%) [NC] RewriteRule .* - [F] </IfModule> ### 5G:[USER AGENTS] <IfModule mod_setenvif.c> #SetEnvIfNoCase User-Agent ^$ keep_out SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) keep_out <limit GET POST PUT> Order Allow,Deny Allow from all Deny from env=keep_out </limit> </IfModule> ### 5G:[REQUEST STRINGS] <IfModule mod_alias.c> RedirectMatch 403 (https?|ftp|php):// RedirectMatch 403 /(https?|ima|ucp)/ RedirectMatch 403 /(Permanent|Better)$ RedirectMatch 403 (=\'|=\%27|/\'/?|).css()$ RedirectMatch 403 (,|)+|/,/|{0}|(/(|...|+++|||\"\") RedirectMatch 403 .(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$ RedirectMatch 403 /(contac|fpw|install|pingserver|register).php$ RedirectMatch 403 (base64|crossdomain|localhost|wwwroot|e107_) RedirectMatch 403 (eval(|_vti_|(null)|echo.*kae|config.xml) RedirectMatch 403 .well-known/host-meta RedirectMatch 403 /function.array-rand RedirectMatch 403 );$(this).html( RedirectMatch 403 proc/self/environ RedirectMatch 403 msnbot.htm)._ RedirectMatch 403 /ref.outcontrol RedirectMatch 403 com_cropimage RedirectMatch 403 indonesia.htm RedirectMatch 403 {$itemURL} RedirectMatch 403 function() RedirectMatch 403 labels.rdf RedirectMatch 403 /playing.php RedirectMatch 403 muieblackcat </IfModule> ### 5G:[REQUEST METHOD] <ifModule mod_rewrite.c> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] </IfModule> #### AIOWPS_FIVE_G_BLACKLIST_END ### AIOWPS_BLOCK_SPAMBOTS_START <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} ^(.*)?wp-comments-post.php(.*)$ RewriteCond %{HTTP_REFERER} !^http(s)?://phuket.click [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule .* http://127.0.0.1 [L] </IfModule> ### AIOWPS_BLOCK_SPAMBOTS_END ### AIOWPS_PREVENT_IMAGE_HOTLINKS_START <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{REQUEST_FILENAME} -f RewriteCond %{REQUEST_FILENAME} .(gif|jpe?g?|png)$ [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://phuket.click [NC] RewriteRule .(gif|jpe?g?|png)$ - [F,NC,L] </IfModule> ###====================================== ### AIOWPS_PREVENT_IMAGE_HOTLINKS_END ### ###====================================== ###=============================== ### END All In One WP Security ### ###=============================== ###========================= ### PREVENT CLICKJACKING ### ###========================= #<ifModule mod_headers.c> #Header always append X-Frame-Options SAMEORIGIN #</ifModule> ###===================== ### END CLICKJACKING ### ###===================== ### Don't allow access to wp-config/allow access from specific IP <files wp-config.php> order allow,deny #order deny,allow ### allow access from my IP address - deactivate the first and last line #allow from 192.168.5.1 deny from all </files> <Files wp-login.php> order deny,allow Deny from all ### allow access from my IP address #allow from 192.168.5.1 </Files> <Files .htaccess> order allow,deny deny from all </Files> ### In the example below, you are telling search engines not to index ### anything inside folders that begin with the prefix /wp- ### Disallow: /wp-* ###=================== ### END TOP ENTIES ### ###=================== ######################################### ### LisAndi 2016/6 WORDPRESS Settings ### ### ### LisAndi Settings - START ### ### ### http://www.askapache.com/htaccess/htaccess.html ######################################### ### Don't use Mod_Pagespeed if active ### ######################################### <IfModule mod_pagespeed.c> ModPagespeed unplugged </IfModule> ####################### ### SPECIFY CHARSET ### ####################### AddCharset UTF-8 .html AddDefaultCharset utf-8 <IfModule mod_mime.c> AddCharset utf-8 .atom .css .js .json .manifest .rdf .rss .vtt .webapp .webmanifest .xml </IfModule> ################ ### DEFAULTS ### ################ ### DefaultType: the default MIME type the server will use for a document. (deprecated and therefore deactivated) #DefaultType text/html ### Optionally add a line containing the server version and virtual host ### name to server-generated pages (internal error documents, FTP directory ### listings, mod_status and mod_info output etc., but not CGI generated ### documents or custom error documents). ### Set to "EMail" to also include a mailto: link to the ServerAdmin. ### Set to one of: On | Off | EMail ServerSignature Off ################## ### MIME TYPES ### ################## ### AddType allows you to add to or override the MIME configuration ### Make sure .htc files are served with the proper MIME type, which is critical ### for XP SP2. Un-comment if your host allows htaccess MIME type overrides. ### Proper MIME types for all files <IfModule mod_mime.c> # Data interchange AddType application/atom+xml atom AddType application/json json map topojson AddType application/ld+json jsonld AddType application/rdf+xml rdf AddType application/rss+xml rss AddType application/vnd.geo+json geojson AddType application/xml rdf xml AddType application/xhtml+xml xhtml xhtml.gz # JavaScript/css AddType application/javascript js AddType text/css css AddType text/javascript js # Manifest files AddType application/manifest+json webmanifest AddType application/x-web-app-manifest+json webapp AddType text/cache-manifest appcache # Media files AddType audio/mp4 f4a f4b m4a AddType audio/ogg oga ogg opus AddType image/bmp bmp AddType image/svg+xml svg svgz AddType image/webp webp AddType image/x-icon cur ico AddType video/mp4 f4v f4p m4v mp4 AddType video/ogg ogv AddType video/webm webm AddType video/x-flv flv # Web fonts AddType application/font-woff woff AddType application/font-woff2 woff2 AddType application/vnd.ms-fontobject eot AddType application/x-font-ttf ttc ttf AddType font/opentype otf # Other AddType application/octet-stream safariextz rar chm bz2 tgz msi pdf exe AddType application/x-bb-appworld bbaw AddType application/x-chrome-extension crx AddType application/x-opera-extension oex AddType application/x-xpinstall xpi AddType application/vnd.ms-excel csv AddType application/x-httpd-php-source phps AddType application/x-pilot prc pdb AddType application/x-shockwave-flash swf AddType application/xrds+xml xrdf AddType text/vcard vcard vcf AddType text/vnd.rim.location.xloc xloc AddType text/vtt vtt AddType text/x-component htc AddType text/html html AddType text/html html.gz AddType text/plain ini sh bsh bash awk nawk gawk csh var c in h asc md5 sha sha1 </IfModule> ################### ### Apache/PHP: ### ################### ### Follow symbolic links in this directory. #Options +FollowSymLinksIfOwnerMatch ### Set the default handler. DirectoryIndex index.php index.html index.htm ################### ### COMPRESSION ### ################### ### Begin: Compression via TYPO3 ### ### Compressing resource files will save bandwidth and so improve loading speed ### especially for users with slower internet connections. TYPO3 can compress the .js ### and .css files for you. ### *) Uncomment the following lines and ### *) Set $TYPO3_CONF_VARS = '9' for the Backend ### *) Set $TYPO3_CONF_VARS = '9' together with the ### TypoScript properties - config.compressJs and config.compressCss for GZIP ### compression of Frontend JS and CSS files. ### In Drupal activate the compression in core OR module - advagg ################################# ### GENERAL COMPRESSION RULES ### ################################# <FilesMatch ".js.gzip$"> AddType "text/javascript" .gzip </FilesMatch> <FilesMatch ".css.gzip$"> AddType "text/css" .gzip </FilesMatch> <FilesMatch ".woff.gzip$"> AddType "text/woff" .gzip </FilesMatch> <FilesMatch ".ttf.gzip$"> AddType "text/ttf" .gzip </FilesMatch> ### AddEncoding allows you to have certain browsers uncompress information on the fly. Note: Not all browsers support this. AddEncoding gzip .gzip AddEncoding x-compress .Z AddEncoding x-gzip .gz .tgz ### SET Compressed Content <FilesMatch ".gz.(js|css|woff|ttf)"> <IfModule mod_headers.c> Header set Content-Encoding gzip </IfModule> </FilesMatch> ###================================== ### GENERAL COMPRESSION RULES END ### ###================================== ############### ### DEFLATE ### ############### <IfModule mod_deflate.c> <FilesMatch "\.(html|css|js|xml|php|txt|woff|ttf)$"> SetOutputFilter DEFLATE </FilesMatch> ### The following line is enough for .js and .css AddOutputFilter DEFLATE js css ### The following line also enables compression by file content type, ### for the following list of Content-Type:s AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/css text/javascript application/javascript application/x-javascript ### The following directives stop screen flicker in IE on CSS rollovers. If ### needed, un-comment the following rules. When they're in place, you may have ### to do a force-refresh in order to see changes in your designs. BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4.0[678] no-gzip BrowserMatch bMSIE !no-gzip !gzip-only-text/html
### Force compression for mangled Accept-Encoding request headers

<IfModule mod_setenvif.c>

<IfModule mod_headers.c>

SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)s*,?s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding

RequestHeader append Accept-Encoding “gzip,deflate” env=HAVE_Accept-Encoding

</IfModule>

</IfModule>

### Compress all output labeled with one of the following media types

<IfModule mod_filter.c>

AddOutputFilterByType DEFLATE application/atom+xml

application/javascript

application/json

application/ld+json

application/manifest+json

application/rdf+xml

application/rss+xml

application/schema+json

application/vnd.geo+json

application/vnd.ms-fontobject

application/x-font-ttf

application/x-javascript

application/x-web-app-manifest+json

application/xhtml+xml

application/xml

font/eot

font/opentype

image/bmp

image/svg+xml

image/vnd.microsoft.icon

image/x-icon

text/cache-manifest

text/css

text/html

text/javascript

text/plain

text/vcard

text/vnd.rim.location.xloc

text/vtt

text/x-component

text/x-cross-domain-policy

text/xml

</IfModule>

<IfModule mod_mime.c>

AddEncoding gzip svgz

</IfModule>

</IfModule>

###================

### DEFLATE END ###

###================

###====================

### COMPRESSION END ###

###====================

#############################

### VARY: ACCEPT-ENCODING ###

#############################

<IfModule mod_headers.c>

<FilesMatch “.(js|css|woff|ttf|xml|gz)$”>

Header append Vary: Accept-Encoding

Header append Vary User-Agent env=!dont-vary

SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary

Header set Connection keep-alive

</FilesMatch>

</IfModule>

### The following directives stop screen flicker in IE on CSS rollovers. If

### needed, un-comment the following rules. When they’re in place, you may have

### to do a force-refresh in order to see changes in your designs.

BrowserMatch “MSIE” brokenvary=1

BrowserMatch “Mozilla/4.[0-9]{2}” brokenvary=1

BrowserMatch “Opera” !brokenvary

SetEnvIf brokenvary 1 force-no-vary

###==============================

### VARY: ACCEPT-ENCODING END ###

###==============================

####################

### CROSS ORIGIN ###

####################

# Send the CORS header for images when browsers request it.

<IfModule mod_setenvif.c>

<IfModule mod_headers.c>

<FilesMatch “.(bmp|cur|gif|ico|jpe?g|png|svgz?|webp)$”>

SetEnvIf Origin “:” IS_CORS

Header set Access-Control-Allow-Origin “*” env=IS_CORS

</FilesMatch>

</IfModule>

</IfModule>

# Allow cross-origin access to web fonts.

<IfModule mod_headers.c>

<FilesMatch “.(eot|otf|tt[cf]|woff2?)$”>

Header set Access-Control-Allow-Origin “*”

</FilesMatch>

</IfModule>

###=====================

### CROSS ORIGIN END ###

###=====================

#############

### E-TAG ###

#############

### ETag removal

<IfModule mod_headers.c>

Header unset ETag

</IfModule>

FileETag None

### FileETag MTime Size

<FilesMatch “(?i)^.*.(flv|gif|jpg|jpeg|png|swf|css|js|ico)$”>

Header unset Last-Modified

Header set Cache-Control “public, no-transform”

</FilesMatch>

###==============

### E-TAG END ###

###==============

#############################

### CACHE CONTROL HEADERS ###

#############################

### 480 weeks

<FilesMatch “.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$”>

Header unset Last-Modified

Header set Cache-Control “max-age=290304000, public, no-transform”

</FilesMatch>

### 2 DAYS

<FilesMatch “.(xml|txt)$”>

Header set Cache-Control “max-age=172800, public, must-revalidate”

</FilesMatch>

### 2 HOURS

<FilesMatch “.(html|htm|xml)$”>

Header set Cache-Control “max-age=7200”

</FilesMatch>

<FilesMatch “.(pl|php|cgi|spl|scgi|fcgi)$”>

Header unset Cache-Control

</FilesMatch>

###==============================

### CACHE CONTROL HEADERS END ###

###==============================

###############

### CACHING ###

###############

### Requires mod_expires to be enabled.

<IfModule mod_expires.c>

### Enable expirations

ExpiresActive On

### Cache all files for 2 weeks after access (A).

#ExpiresDefault A1209600

ExpiresByType application/atom+xml “access plus 1 hour”

ExpiresByType application/x-font-ttf “access plus 1 month”

ExpiresByType application/font-woff “access plus 1 month”

ExpiresByType application/x-font-woff “access plus 1 month”

ExpiresByType application/font-woff2 “access plus 1 month”

ExpiresByType application/javascript “access plus 1 month”

ExpiresByType application/x-javascript “access plus 1 month”

ExpiresByType application/json “access plus 0 seconds”

ExpiresByType application/ld+json “access plus 0 seconds”

ExpiresByType application/manifest+json “access plus 1 week”

ExpiresByType application/pdf “access plus 1 year”

ExpiresByType application/rdf+xml “access plus 1 hour”

ExpiresByType application/rss+xml “access plus 1 hour”

ExpiresByType application/schema+json “access plus 0 seconds”

ExpiresByType application/x-shockwave-flash “access plus 1 year”

ExpiresByType application/shockwave-flash “access plus 1 year”

ExpiresByType application/vnd.geo+json “access plus 0 seconds”

ExpiresByType application/vnd.ms-fontobject “access plus 1 month”

ExpiresByType application/xml “access plus 0 seconds”

ExpiresByType application/x-web-app-manifest+json “access plus 0 seconds”

ExpiresByType audio/ogg “access plus 1 month”

ExpiresByType font/eot “access plus 1 month”

ExpiresByType font/opentype “access plus 1 month”

ExpiresByType font/woff “access plus 1 month”

ExpiresByType image/bmp “access plus 1 year”

ExpiresByType image/jpg “access plus 1 year”

ExpiresByType image/jpeg “access plus 1 year”

ExpiresByType image/gif “access plus 1 year”

ExpiresByType image/png “access plus 1 year”

ExpiresByType image/svg+xml “access plus 1 year”

ExpiresByType image/webp “access plus 1 year”

ExpiresByType image/vnd.microsoft.icon “access plus 1 week”

ExpiresByType image/x-icon “access plus 1 year”

ExpiresByType text/cache-manifest “access plus 0 seconds”

ExpiresByType text/css “access plus 1 year”

ExpiresByType text/html “access plus 1 days”

ExpiresByType text/javascript “access plus 1 year”

ExpiresByType text/js “access plus 1 second”

ExpiresByType text/php “access plus 1 second”

ExpiresByType text/x-component “access plus 1 month”

ExpiresByType text/x-cross-domain-policy “access plus 1 week”

ExpiresByType text/x-javascript “access plus 1 month”

ExpiresByType text/xml “access plus 0 seconds”

ExpiresByType video/mp4 “access plus 1 month”

ExpiresByType video/ogg “access plus 1 month”

ExpiresByType video/webm “access plus 1 month”

ExpiresDefault “access plus 1 month”

<FilesMatch “.(pl|php$|cgi|spl|scgi|fcgi)$”>

### Do not allow PHP scripts to be cached unless they explicitly send cache

### headers themselves. Otherwise all scripts would have to overwrite the

### headers set by mod_expires if they want another caching behavior. This may

### fail if an error occurs early in the bootstrap process, and it may cause

### problems if a non-Drupal PHP file is installed in a subdirectory.

ExpiresActive Off

</FilesMatch>

### It will allow you not only to pass the Googleicon PageSpeed Leverage browser

### caching test, but most importantly to speed up your website access time.

<FilesMatch “.(gif¦jpe?g¦png¦ico¦css¦js¦swf)$”>

Header set Cache-Control “public”

</FilesMatch>

### Hummingbird

<FilesMatch “.(txt|xml|js)$”>

ExpiresDefault A691200

</FilesMatch>

<FilesMatch “.(css)$”>

ExpiresDefault A691200

</FilesMatch>

<FilesMatch “.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|svg)$”>

ExpiresDefault A691200

</FilesMatch>

<FilesMatch “.(jpg|jpeg|png|gif|swf|webp)$”>

ExpiresDefault A691200

</FilesMatch>

</IfModule>

<IfModule mod_headers.c>

### 604800 Seconds = 7 days

<FilesMatch “.(css|txt|xml|js|flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|svg|jpg|jpeg|png|gif|swf|webp)$”>

Header set Cache-Control “max-age=604800”

</FilesMatch>

### Force IE to render pages in the highest available mode

Header set X-UA-Compatible “IE=edge”

<FilesMatch “.(appcache|crx|css|eot|gif|htc|ico|jpe?g|js|m4a|m4v|manifest|mp4|oex|oga|ogg|ogv|otf|pdf|png|safariextz|svgz?|ttf|vcf|webapp|webm|webp|woff2?|xml|xpi)$”>

Header unset X-UA-Compatible

</FilesMatch>

# Reducing MIME type security risks

Header set X-Content-Type-Options “nosniff”

</IfModule>

#Header set Cache-Control ‘private, no-cache, no-store, proxy-revalidate, no-transform’

#Header set Pragma ‘no-cache’

###================

### CACHING END ###

###================

##############

### ACCESS ###

##############

# Access block for files

<FilesMatch “(?i:^.|^#.*#|^(?:ChangeLog|ToDo|Readme|License)(?:.md|.txt)?|^composer.(?:json|lock)|^ext_conf_template.txt|^ext_typoscript_constants.txt|^ext_typoscript_setup.txt|flexform[^.]*.xml|locallang[^.]*.(?:xml|xlf)|.(?:bak|co?nf|cfg|ya?ml|ts|dist|fla|in[ci]|log|sh|sql(?:..*)?|sw[op]|git.*)|.*(?:~|rc))$”>

### Apache < 2.3

<IfModule !mod_authz_core.c>

Order allow,deny

Deny from all

Satisfy All

</IfModule>

### Apache ? 2.3

<IfModule mod_authz_core.c>

Require all denied

</IfModule>

</FilesMatch>

### Block access to vcs directories

<IfModule mod_alias.c>

RedirectMatch 404 /.(?:git|svn|hg)/

</IfModule>

###===============

### ACCESS END ###

###===============

################

### SECURITY ###

################

### BASIC PASSWORD PROTECTION

#AuthType basic

#AuthName “prompt”

#AuthUserFile /.htpasswd

#AuthGroupFile /dev/null

#Require valid-user

### Protect files and directories from prying eyes.

<FilesMatch “.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(.php)?|xtmpl)(|~|.sw[op]|.bak|.orig|.save)?$|^(..*|Entries.*|Repository|Root|Tag|Template)$|^#.*#$|.php(~|.sw[op]|.bak|.orig.save)$”>

#Order allow,deny

Require all granted

</FilesMatch>

### PROTECT FILES

<FilesMatch “.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$”>

#Order Allow,Deny

#Deny from all

Require all denied

</FilesMatch>

### PREVENT HOTLINKING

SetEnvIfNoCase Referer “^http://phuket.click/” good

SetEnvIfNoCase Referer “^$” good

<FilesMatch “.(png|jpg|jpeg|gif|bmp|swf|flv)$”>

#Order Deny,Allow

#Deny from all

Require all granted

#Allow from env=good

ErrorDocument 403 http://www.google.com/intl/en_ALL/images/logo.gif

ErrorDocument 403 /images/you_bad_hotlinker.gif

</FilesMatch>

### LIMIT UPLOAD FILE SIZE TO PROTECT AGAINST DOS ATTACK

### bytes, 0-2147483647(2GB)

LimitRequestBody 10240000

### Don’t show directory listings for URLs which map to a directory.

Options -Indexes

###=================

### SECURITY END ###

###=================

###################

### ERROR PAGES ###

###################

ErrorDocument 404 /index.php

###====================

### ERROR PAGES END ###

###====================

#############

### OTHER ###

#############

# 404 error prevention for non-existing redirected folders

Options -MultiViews

# Make sure that directory listings are disabled.

<IfModule mod_autoindex.c>

Options -Indexes

</IfModule>

###==============

### OTHER END ###

###==============

###############

### REWRITE ###

###############

# Various rewrite rules.

<IfModule mod_rewrite.c>

RewriteEngine on

### Set proper content type and encoding for gzipped html.

<Files *.html.gz>

ForceType text/html

<IfModule mod_headers.c>

Header set Content-Encoding gzip

</IfModule>

</Files>

#################

### WORDPRESS ###

#################

RewriteBase /

RewriteRule ^index.php$ – [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

####################

### WP MULTISITE ###

####################

RewriteBase /

RewriteRule ^index.php$ – [L]

### FOLDER ###

### add a trailing slash to /wp-admin (FOLDER)

RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]

RewriteCond %{REQUEST_FILENAME} -d

RewriteRule ^ – [L]

RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]

RewriteRule ^([_0-9a-zA-Z-]+/)?(.*.php)$ $2 [L]

RewriteRule . index.php [L]

### SUBDOMAIN ###

### add a trailing slash to /wp-admin (SUBDOMAIN)

#RewriteRule ^wp-admin$ wp-admin/ [R=301,L]

#RewriteCond %{REQUEST_FILENAME} -f [OR]

#RewriteCond %{REQUEST_FILENAME} -d

#RewriteRule ^ – [L]

#RewriteRule ^(wp-(content|admin|includes).*) $1 [L]

#RewriteRule ^(.*.php)$ $1 [L]

#RewriteRule . index.php [L]

###==================

### WORDPRESS END ###

###==================

###############

### GENERAL ###

###############

### Block access to “hidden” directories whose names begin with a period. This

### includes directories used by version control systems such as Subversion or

### Git to store control files. Files whose names begin with a period, as well

### as the control files used by CVS, are protected by the FilesMatch directive

### above.

### NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, it is

### not possible to block access to entire directories from .htaccess, because

### <DirectoryMatch> is not allowed here.

### If you do not have mod_rewrite installed, you should remove these

### directories from your webroot or otherwise protect them from being

### downloaded.

RewriteCond %{REQUEST_URI} !(.well-known) [NC]

RewriteRule “(^|/).” – [F]

### If your site can be accessed both with and without the ‘www.’ prefix, you

### can use one of the following settings to redirect users to your preferred

### URL, either WITH or WITHOUT the ‘www.’ prefix. Choose ONLY one option:

### To redirect all users to access the site WITH the ‘www.’ prefix,

### (http://example.com/… will be redirected to http://www.example.com/&#8230:wink:

### uncomment the following:

RewriteCond %{HTTP_HOST} .

#RewriteCond %{HTTP_HOST} !^www. [NC]

#RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

### To redirect all users to access the site WITHOUT the ‘www.’ prefix,

### (http://www.example.com/… will be redirected to http://example.com/&#8230:wink:

### uncomment the following:

RewriteCond %{HTTP_HOST} ^www.(.+)$ [NC]

RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]

### If the file/symlink/directory does not exist => Redirect to index.php.

### Pass all requests not referring directly to files in the filesystem to

### index.php. Clean URLs are handled in drupal_environment_initialize().

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteCond %{REQUEST_FILENAME} !-l

RewriteCond %{REQUEST_URI} !=/favicon.ico

RewriteRule ^ index.php [L]

### Rules to correctly serve gzip compressed CSS and JS files.

### Requires both mod_rewrite and mod_headers to be enabled.

<IfModule mod_headers.c>

### Serve gzip compressed CSS files if they exist and the client accepts gzip.

RewriteCond %{HTTP:Accept-encoding} gzip

RewriteCond %{REQUEST_FILENAME}.gz -s

RewriteRule ^(.*).css $1.css.gz [QSA]

### Serve gzip compressed JS files if they exist and the client accepts gzip.

RewriteCond %{HTTP:Accept-encoding} gzip

RewriteCond %{REQUEST_FILENAME}.gz -s

RewriteRule ^(.*).js $1.js.gz [QSA]

### Serve correct content types, and prevent mod_deflate double gzip.

RewriteRule .css.gz$ – [T=text/css,E=no-gzip:1]

RewriteRule .js.gz$ – [T=text/javascript,E=no-gzip:1]

<FilesMatch “(.js.gz|.css.gz)$”>

### Serve correct encoding type.

Header set Content-Encoding gzip

### Force proxies to cache gzipped & non-gzipped css/js files separately.

Header append Vary Accept-Encoding

</FilesMatch>

</IfModule>

###========================

### GENERAL REWRITE END ###

###========================

</IfModule>

###================

### REWRITE END ###

###================

################

### SPAM BOT ###

################

<Files *>

order deny,allow

deny from 62.219.0.0/16

### If you find that you need to poke a hole in the blocklist, for legitimate

### visitors, follow this

### example: allow from 123.456.789.0

### Add “allow from” IP addresses, or CIDR Ranges, after all of the “deny from”

### items, just before the

### closing Files tag.

### Everything not included within these deny from ranges is PERMITTED by the

### allow portion of the

### directive.

</Files>

### Begin – Rewrite rules to block out some common exploits

### If you experience problems on your site block out the operations listed below

### This attempts to block the most common type of exploit attempts to Joomla!

### QUERY_STRING

### Block out any script trying to set a mosConfig value through the URL

RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]

### Block out any script trying to base64_encode crap to send via URL

RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]

### Block out any script that includes a tag in URL

RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]

### Block out any script trying to set a PHP GLOBALS variable via URL

RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]

### Block out any script trying to modify a _REQUEST variable via URL

RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) [OR]

### HTTP_REFERER – HTTP_USER_AGENT

#RewriteCond %{HTTP_USER_AGENT} Firefox/1(.+) [NC,OR]

RewriteCond %{HTTP_REFERER} (-anal) [NC,OR]

RewriteCond %{HTTP_REFERER} (-cock) [NC,OR]

RewriteCond %{HTTP_REFERER} (-orgy) [NC,OR]

RewriteCond %{HTTP_REFERER} (-porn-) [NC,OR]

RewriteCond %{HTTP_REFERER} (-sex-) [NC,OR]

RewriteCond %{HTTP_REFERER} (-sex.) [NC,OR]

RewriteCond %{HTTP_REFERER} (.cc) [NC,OR]

RewriteCond %{HTTP_REFERER} (.cn) [NC,OR]

RewriteCond %{HTTP_REFERER} (.info) [NC,OR]

RewriteCond %{HTTP_REFERER} (.ru) [NC,OR]

RewriteCond %{HTTP_REFERER} (.tv) [NC,OR]

RewriteCond %{HTTP_REFERER} (001maya.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (012.tw) [NC,OR]

RewriteCond %{HTTP_REFERER} (04stream.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (06image.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (1.2h3aa.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (100dollars-seo.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (1024diss.info) [NC,OR]

RewriteCond %{HTTP_REFERER} (1024dy.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (1088i.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (110.232.86.15) [NC,OR]

RewriteCond %{HTTP_REFERER} (11bbss.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (11eejj.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (120sdwy.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (123kubo.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (135s.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (13rivers.org) [NC,OR]

RewriteCond %{HTTP_REFERER} (16ssd.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (173.192.188.200) [NC,OR]

RewriteCond %{HTTP_REFERER} (174.127.195.166) [NC,OR]

RewriteCond %{HTTP_REFERER} (1886c.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (18avday.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (18boybeauty.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (18p2p.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (19.19photo.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (192.168.171.1) [NC,OR]

RewriteCond %{HTTP_REFERER} (192.168.202.10) [NC,OR]

RewriteCond %{HTTP_REFERER} (192.187.102.74) [NC,OR]

RewriteCond %{HTTP_REFERER} (19yiren.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (1bbhh.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (1stmovieclub.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (2.qubali.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (2015mmm.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (223.4.97.102) [NC,OR]

RewriteCond %{HTTP_REFERER} (22aaee.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (22yyjj.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (235job.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (24h.com.vn) [NC,OR]

RewriteCond %{HTTP_REFERER} (28365365.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (2bbhh.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (2chcn.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (2femdom) [NC,OR]

RewriteCond %{HTTP_REFERER} (2qtt.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (3366.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (33oz.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (3dhentaimovie.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (3jizz) [NC,OR]

RewriteCond %{HTTP_REFERER} (3pxpx.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (3wfinance.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (3wmm.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (3xhen.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (4399.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (5.yao.cl) [NC,OR]

RewriteCond %{HTTP_REFERER} (5116c.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (511gan.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (5278.xyz) [NC,OR]

RewriteCond %{HTTP_REFERER} (52p2p.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (52xoy.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (550ve.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (58.60.63) [NC,OR]

RewriteCond %{HTTP_REFERER} (58.syn.adsbro.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (59.173.12.188) [NC,OR]

RewriteCond %{HTTP_REFERER} (6625.twseb.tw) [NC,OR]

RewriteCond %{HTTP_REFERER} (67.220.90.21) [NC,OR]

RewriteCond %{HTTP_REFERER} (67.220.92) [NC,OR]

RewriteCond %{HTTP_REFERER} (676qq.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (68.168.16.146) [NC,OR]

RewriteCond %{HTTP_REFERER} (6park.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (6vhao.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (7200.twseb5.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (73lg.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (73vt.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (78dm) [NC,OR]

RewriteCond %{HTTP_REFERER} (798x.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (7f75b.hn.5168sf.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (7k7k.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (84be.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (84kn.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (89mm.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (8b8bf.545u.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (8bbxx.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (91.v) [NC,OR]

RewriteCond %{HTTP_REFERER} (911pop.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (9188i.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (91ad.v3p.co) [NC,OR]

RewriteCond %{HTTP_REFERER} (91p.vido.ws) [NC,OR]

RewriteCond %{HTTP_REFERER} (91sp) [NC,OR]

RewriteCond %{HTTP_REFERER} (91up.vido.ws) [NC,OR]

RewriteCond %{HTTP_REFERER} (9288i.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (932qq.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (933dy.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (949vv.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (952vv.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (a.xvika.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (a3zy.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (abchina.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (abercrombie.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (abwebnagpur.in) [NC,OR]

RewriteCond %{HTTP_REFERER} (accuradio.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (acgbb.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (acgcn.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (acglover.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (ache2014.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (actorsandsportsmen.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (ad2.bfg24.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (adblade.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (addictinggames.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (ads.exoclick.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (ads.lfstmedia.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (ads.livepromotools.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (ads.mdotm.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (ads.pubmatic.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (ads.triongames.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (ads.vs.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (ads2.socoms.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (adult-?finder) [NC,OR]

RewriteCond %{HTTP_REFERER} (adult-?friend) [NC,OR]

RewriteCond %{HTTP_REFERER} (adultwefong.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (adxpansion) [NC,OR]

RewriteCond %{HTTP_REFERER} (aeshxanime.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (afr.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (agar.io) [NC,OR]

RewriteCond %{HTTP_REFERER} (aghg0088comdaili) [NC,OR]

RewriteCond %{HTTP_REFERER} (agoda.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (ah-me.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (airasia.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (aldoshoes.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (alessiobigini.it) [NC,OR]

RewriteCond %{HTTP_REFERER} (allabout.co.jp) [NC,OR]

RewriteCond %{HTTP_REFERER} (allanalpass.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (alljizz.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (alt.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (amarylliss.tw) [NC,OR]

RewriteCond %{HTTP_REFERER} (amateursteen.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (americatlas.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (amsat-uk.org) [NC,OR]

RewriteCond %{HTTP_REFERER} (anal-) [NC,OR]

RewriteCond %{HTTP_REFERER} (ananlu.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (anqulu.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (anquye200.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (any.gs) [NC,OR]

RewriteCond %{HTTP_REFERER} (aoaolu.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (api.bounceexchange.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (appbank.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (appclick.co) [NC,OR]

RewriteCond %{HTTP_REFERER} (appfuse.org) [NC,OR]

RewriteCond %{HTTP_REFERER} (Applications) [NC,OR]

RewriteCond %{HTTP_REFERER} (archcollege.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (archdaily.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (architektenkammer-bremen.de) [NC,OR]

RewriteCond %{HTTP_REFERER} (archives.guao.hk) [NC,OR]

RewriteCond %{HTTP_REFERER} (armorgames.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (arrowfactorybrewing.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (artbracket.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (article.wn.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (ashlynnbrooke.org) [NC,OR]

RewriteCond %{HTTP_REFERER} (asiafind1.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (asian-bestiality-tube.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (asianbeautytube.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (asiangirltube.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (asianhottietube.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (asianpussyhq.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (asiansdivas.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (asianudetube.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (audiomack.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (auntmia.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (auway.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (ava.garena.tw) [NC,OR]

RewriteCond %{HTTP_REFERER} (avclub.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (avday18.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (avhaha.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (avhour.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (avistaz.me) [NC,OR]

RewriteCond %{HTTP_REFERER} (avsp2p.info) [NC,OR]

RewriteCond %{HTTP_REFERER} (avyahoo.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (azgals.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (azlyrics) [NC,OR]

RewriteCond %{HTTP_REFERER} (babaqiushi.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (backpackers.com.tw) [NC,OR]

RewriteCond %{HTTP_REFERER} (badmintoncn) [NC,OR]

RewriteCond %{HTTP_REFERER} (bananaidolshow.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (banners.alt.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (banners.asiafind.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (banners.cams.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (banners.mennation.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (banners.trannydates.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (battlelog.battlefield.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (bbs.3dmgame.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (bbs.actoys.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (bbs.ednchina.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (bbs.hupu.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (bbs.mgkj.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (bbs.uuu9.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (bdsmmovietube.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (bdsmotube.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (beanpanda) [NC,OR]

RewriteCond %{HTTP_REFERER} (beautymediainc.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (beeg.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (best-seo-offer.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (best-seo-solution.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (bestasianpics.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (bestgore.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (bgt566.pixnet.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (biaozou.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (bigbear6085.tumblr.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (bild.de) [NC,OR]

RewriteCond %{HTTP_REFERER} (binary8.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (birobbie.tumblr.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (birzha-truda.eu) [NC,OR]

RewriteCond %{HTTP_REFERER} (bjnk.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (blackjack) [NC,OR]

RewriteCond %{HTTP_REFERER} (blacklesbianfuck.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (blockOptions) [NC,OR]

RewriteCond %{HTTP_REFERER} (blog.flvcd.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (blog.fuliqu.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (blogaboutmen.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (blogs.scientificamerican.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (blue-square.biz) [NC,OR]

RewriteCond %{HTTP_REFERER} (bluerobot.info) [NC,OR]

RewriteCond %{HTTP_REFERER} (bo.moioi.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (bo1tay.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (bon-events.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (booking.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (booklog.jp) [NC,OR]

RewriteCond %{HTTP_REFERER} (boulet-freres.fr) [NC,OR]

RewriteCond %{HTTP_REFERER} (bouyguestelecom.fr) [NC,OR]

RewriteCond %{HTTP_REFERER} (boyaagame) [NC,OR]

RewriteCond %{HTTP_REFERER} (brasscraft.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (bremont.com.hk) [NC,OR]

RewriteCond %{HTTP_REFERER} (brigitte.de) [NC,OR]

RewriteCond %{HTTP_REFERER} (briian.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (brisbanetimes.com.au) [NC,OR]

RewriteCond %{HTTP_REFERER} (browse.app.spotify.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (bsigroup.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (burger-imperia.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (buttons-for-website.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (buttons-for-your-website.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (c1.lebenna.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cam4.tw) [NC,OR]

RewriteCond %{HTTP_REFERER} (canadianmedicaments.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (caoliu9999.tumblr.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (caoliucm.tumblr.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (caoliuzx.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (caonio.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (caoxx.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (careercast.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (careyourpet.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (casino) [NC,OR]

RewriteCond %{HTTP_REFERER} (catchpoint.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cathaypacific.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cathkidston.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cb.1024gongchang.info) [NC,OR]

RewriteCond %{HTTP_REFERER} (cbcb174.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cbssports.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cdclifestyle.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cdjxbz.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cdn.w55c.net) [NC]

RewriteCond %{HTTP_REFERER} (cdn1.static.keezmovies.phncdn.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cdn3.cpmstar.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (celebritylist.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (chaircoverny.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (chanel.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (changyan.sohu.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (chaoku4.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (charmingtranny.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cheating-?wives) [NC,OR]

RewriteCond %{HTTP_REFERER} (cheatsheet.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (chemistdirect.co.uk) [NC,OR]

RewriteCond %{HTTP_REFERER} (chicken8.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (chimiver.info) [NC,OR]

RewriteCond %{HTTP_REFERER} (china-cdn.flipboard.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (china-in-arabic.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (chinahrt.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (chinanews.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (chinatimes.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (chinavme.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (chiphell.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (chuanke.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (chunjie.me) [NC,OR]

RewriteCond %{HTTP_REFERER} (cigaraficionado.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cincopa.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (city-data.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cjkmov.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cl.clxxoo.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (clarks.co.uk) [NC,OR]

RewriteCond %{HTTP_REFERER} (clashofclansbuilder.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (clients.bluecava.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (clkoffers.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (club.cdfreaks.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (club.tgfcer.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cn.epochtimes.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cn.ntdtv.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cn.reuters.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cn.rfi.fr) [NC,OR]

RewriteCond %{HTTP_REFERER} (cn.strawberrynet.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cn.uptodown.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cn.wordpress.org) [NC,OR]

RewriteCond %{HTTP_REFERER} (cn.www.meetme.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cntv) [NC,OR]

RewriteCond %{HTTP_REFERER} (coastal.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cock-) [NC,OR]

RewriteCond %{HTTP_REFERER} (cocrun.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (codecademy.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (codeforge.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (codex.wordpress.org) [NC,OR]

RewriteCond %{HTTP_REFERER} (colorhunter.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (comicbook) [NC,OR]

RewriteCond %{HTTP_REFERER} (consolespot.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (contactmusic.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cool18.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cpmstar) [NC,OR]

RewriteCond %{HTTP_REFERER} (craftsy.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (crunkatlanta.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (csnne.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (cyberspacers.us) [NC,OR]

RewriteCond %{HTTP_REFERER} (d.trinitylock.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (d3w3.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (dacota.pixnet.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (dadsoncirfun.tumblr.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (dailymail.co.uk) [NC,OR]

RewriteCond %{HTTP_REFERER} (dailymotion.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (dantri.com.vn) [NC,OR]

RewriteCond %{HTTP_REFERER} (darkoman.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (dasetang10.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (dazhe.de) [NC,OR]

RewriteCond %{HTTP_REFERER} (dc276.4shared.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (dc301.4shared.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (dedelu) [NC,OR]

RewriteCond %{HTTP_REFERER} (deliciousbabes.org) [NC,OR]

RewriteCond %{HTTP_REFERER} (dell.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (designerhk.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (deutschelobbyinfo.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (dev.55css.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (deviantart.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (devpak.me) [NC,OR]

RewriteCond %{HTTP_REFERER} (dew9ckzjyt2gn.cloudfront.net) [NC,OR]

RewriteCond %{HTTP_REFERER} (df.nexon.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (dickies.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (diretube.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (discogs.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (discrete-?encounters) [NC,OR]

RewriteCond %{HTTP_REFERER} (divisproject.eu) [NC,OR]

RewriteCond %{HTTP_REFERER} (diybeautydiva.com) [NC,OR]

RewriteCond %{HTTP_REFERER} (djcc.c
Andi
- The Exporter
- 343 pts: Hero points 2,773 pts: Rep. points LEVEL 15
sorry but the code <…> at wpmudev is crab as it does not recognize all code and stops even you try to explude it. They should better use as ‘ and ` are as well as ” often parts of code parts..
Paul Kevin
- Neo
- 292 pts: Hero points 1,232 pts: Rep. points LEVEL 8
Hey Andi ,

Hope you are well today. It seems there is some configuration you might have that is still allowing direct access of .php files in you wp-content directory. There should be a .htaccess file in that directory with the defender rules. Kindly confirm

Warm Regards

Paul Kevin
Andi
- The Exporter
- 343 pts: Hero points 2,773 pts: Rep. points LEVEL 15
Hi Paul

In wp-content folder is
```
## WP Defender - Protect PHP Executed ##

<Files *.php>

Order allow,deny

Deny from all

</Files>

## WP Defender - End ##
```
like mentioned before!

Kind regards

Andi
Paul Kevin
- Neo
- 292 pts: Hero points 1,232 pts: Rep. points LEVEL 8
Hey Andi ,

Hope you are well today. Could you please provide FTP details to the site. You can use our safe contact form https://wpmudev.com/contact/#i-have-a-different-question using this template:

Subject: “Attn: Paul Kevin”

– FTP credentials (host/username/password)

– link back to this thread for reference

– any other relevant urls

Warm Regards

Paul Kevin
Paul Kevin
- Neo
- 292 pts: Hero points 1,232 pts: Rep. points LEVEL 8
Hey there Andi ,

Hope you are well today. Thank you for the credentials but I seem to get a timeout when retrieving the directory list. Could you try add the following code to your theme’s functions.php or a mu-plugin add_filter( 'https_ssl_verify', '__return_false' );

After please refresh the Defender hardening page.

Warm Regards

Paul Kevin
Andi
- The Exporter
- 343 pts: Hero points 2,773 pts: Rep. points LEVEL 15
done – but the same problem as before
```
<?php

add_filter( 'https_ssl_verify', '__return_false' );

?>
```
got inserted as mu-plugin
Paul Kevin
- Neo
- 292 pts: Hero points 1,232 pts: Rep. points LEVEL 8
Hey Andi ,

Hope you are well today. Could you please kindly re-check the FTP credentials you provided or is it possible to get the credentials as SFTP? My colleagues and I still cannot connect and I would like to debug further on the root cause.

Warm Regards

Paul Kevin
Andi
- The Exporter
- 343 pts: Hero points 2,773 pts: Rep. points LEVEL 15
Thanks check your mail!
Paul Kevin
- Neo
- 292 pts: Hero points 1,232 pts: Rep. points LEVEL 8
Hey Andi ,

Thanks for the credentials. I managed to check and did some debugging and it seems the .htaccess rules set by Defender are ignored by the server. I’m not sure how the Apache config settings are from the Webmin are but it seems htaccess in sub-directories are being ignored by the web server configuration. There needs to be
```
<Directory "/var/www">

AllowOverride All

</Directory>
```
Which tells apache to allow sub-directory .htaccess overrides.

Warm Regards

Paul Kevin
Andi
- The Exporter
- 343 pts: Hero points 2,773 pts: Rep. points LEVEL 15
The directories are not in var/www

they are in home with virtualmin

When you scroll up you can see actually the .htaccess and with sftp you should even be able to download it.

We use this .htaccess since we use apache 2.4 actually without problems. It is strange.

The .htaccess file which is in wp-content has actually been created by defender before as it contains the defender settings

Thanks for checking

Andi
Paul Kevin
- Neo
- 292 pts: Hero points 1,232 pts: Rep. points LEVEL 8
Hey there Andi ,

Yes, the directory should be
```
<Directory "/home">

AllowOverride All

</Directory>
```
in the main apache config for the domain ( “AllowOverride ALL (in the related <Directory> tag)” for the web application). Most configurations do not allow inner .htaccess rules in sub-directories by default, which I think is the case here.

Warm Regards

Paul Kevin
Andi
- The Exporter
- 343 pts: Hero points 2,773 pts: Rep. points LEVEL 15
Hi Paul

I inserted that part into the main .htaccess and it is not changing anything on the situation.

In our WPMUDEV demo Multi-install, the same .htaccess without that inclusion is active without any problems so the problem must be somewhere else.

Kind regards

Andi

Andi

The Exporter

343 pts: Hero points 2,773 pts: Rep. points LEVEL 15

Hi Paul

I inserted a default .htaccess in route but the same result

[attachments are only viewable by logged-in members]

actually, one more case for .htaccess popped up after inserting the below default .htaccess

# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^index.php$ - [L]



# msn - add a trailing slash to /wp-admin

RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]



RewriteCond %{REQUEST_FILENAME} -f [OR]

RewriteCond %{REQUEST_FILENAME} -d



# msn - additional rules

RewriteRule ^ - [L]

RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]

RewriteRule ^([_0-9a-zA-Z-]+/)?(.*.php)$ $2 [L]



RewriteRule . index.php [L]

</IfModule>

# END WordPress

Kind regards

Andi

Paul Kevin
- Neo
- 292 pts: Hero points 1,232 pts: Rep. points LEVEL 8
Hello Andi ,

Its seems your server configuration is preventing Defender from working well. You need to check your apache config that it allows modification from htaccess in the main and sub-directories.

Warm Regards

Paul Kevin
Andi
- The Exporter
- 343 pts: Hero points 2,773 pts: Rep. points LEVEL 15
Hi Paul

This cannot be the reason as then all sites would show the same error but the default WPMUDEV site we have with all plugins does not show that error even using the previous .htaccess file.

3 Multi network have a problem but 1 not!

You have actually access to the mu…. site via dashboard

WPMUDEV seems to have serious problems also when installing i.e. the videos which overwrite the optionstree plugin – we had to deactivate the videos.

And in the mu site defender found malicious file by wpmudev.

Issue

WordPress Ad Widget <= 2.11.0 – Authenticated Local File Inclusion (LFI)

Vulnerability type: LFI

This bug has been fixed in version: 2.12.0

But you can’t install the update as that bug comes again and again in the mu site.

That plugin is not installed in all other sites.

The mu… site contains all 124 WPMUDEV plugins which are pretty deprecated as mentioned already last year and nothing has been done by the plugin developers of those deprecated plugins – often deprecated since 2.8 and nobody can tell me that people are still using wp2.8 today – especially not on a server with PHP 7 :wink:.

The problem for the defender message has to be caused by something else!

Kind regards

Andi
Paul Kevin
- Neo
- 292 pts: Hero points 1,232 pts: Rep. points LEVEL 8
Hello Andi ,

hope you are well today. Kindly please check your apache main configuration that .htaccess in subfolders is allowed with “AllowOverride All” in the “<Directory/>” configuration . We need to cover all bases and from all the tests I have done, even wrong .htaccess files in the wp-content directory are not being detected. This shows me that the server ignores inner htaccess files hence the request to check apache the configuration.

The issue with Ad Widget plugin is there is a similar one .org https://wordpress.org/plugins/ad-widget/ that has the same name and we are currently working on differentiating the .ord and DEV plugins with the same names.

Warm Regards

Paul Kevin
Andi
- The Exporter
- 343 pts: Hero points 2,773 pts: Rep. points LEVEL 15
Hi All

The .htaccess settings were actually fine and waiting solved the problem.

I guess it was an update which finally solved it and hopefully, it stays like that

Kind regards

Andi

How do you rate me?

Thank you for rating your experience!