.htaccess is a wonderful and powerful tool on which we'll spend a lot of time later, but for now, make sure you include the following code in yours. If you are not familiar with .htaccess or if you have a default setup of Joomla! you will see in the root directory a file called htaccess.txt. This file provides you the power to modify several things on the basis of a per directory file, notably the directives. Here is the portion you should be running. This has been included since Joomla! 1.0.11 in the base htaccess.txt file. Check yours to ensure that you are running this highly valuable security measure.
########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
#IF the URI contains a "http:" or "ftp:" or "https"
RewriteCond %{QUERY_STRING} http\: [OR]
RewriteCond %{QUERY_STRING} ftp\: [OR]
RewriteCond %{QUERY_STRING} https\: [OR]
#OR if the URI contains a "["
RewriteCond %{QUERY_STRING} \[ [OR]
#OR if the URI contains a "]"
RewriteCond %{QUERY_STRING} \] [OR]
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits
You will need to append the previous code segment to the end of your .htaccess file. If you haven't done so, please change the name from htaccess.txt to .htaccess.
This .htaccess patch from the Joomla.org core team has proven its worth against a slew of attacks that are common. As you can read through, the RewriteCond is being used to filter common attacks that could prove harmful to your site. The last line in the file:
RewriteRule ^(.*)$ index.php [F,L]
directs the system to forward all requests to damage your site to a : 403 Forbidden page.
Another interesting command you could add to your .htaccess file is a set of commands to stop a specific robot, in our case "EvilRobot", from digging into the sensitive areas of your site.
RewriteCond %{HTTP_USER_AGENT} ^EvilRobot.*
RewriteCond %{REMOTE_ADDR} ^123\.45\.67\.[8-9]$
RewriteRule ^/kljiwlslci/secret/data/.+ - [F]
Note
To learn more about the RewriteCond and the RewriteRule, visit the following links available from apache.org:
http://httpd.apache.org/docs/2.2/rewrite/
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewriterule