.htaccess中的此文件是什么? [英] What is this file in .htaccess?
问题描述
我真的很奇怪,为什么在 .htaccess 中有下面的代码,可以告诉我这是什么代码?
I am realy wonder why in .htaccess has those code bellow, can tell me what is this code?
<Files 403.shtml>
order allow, deny
allow from all
</Files>
deny from 212.92.53.18
推荐答案
UPDATE :此答案是基于使用最初发布时提供的事实的推测得出的。总体共识似乎是对 .htaccess 文件的这种修改很可能是使用服务器管理软件(例如CPanel)的结果,因此,它本身并不是一个迹象。
UPDATE: This answer was based on speculation using the facts provided when it was originally posted. The overall consensus seems to be this modification of the .htaccess file is most likely the result of using server management software such as CPanel so it’s not—on its own—an indication of malware infection.
.htaccess 的内容有点奇怪。
<Files 403.shtml>
order allow, deny
allow from all
</Files>
deny from 212.92.53.18
;文件403.shtml> 部分引用 403.shtml 文件,并且似乎允许自定义 403:禁止响应(基于文件命名的假设) .shtml 文件要发送。 订单允许,拒绝和所有相关的允许向我解释。似乎该网站以某种方式阻止了所有流量,但是希望 403.shtml 通过?
The <Files 403.shtml> part refers to the 403.shtml file and it seems to be allowing a custom 403: Forbidden response (assumption based on file naming) .shtml file to be sent. The order allow, deny and related allow from all explain it to me. It seems like the site is blocking all traffic in some way but wants that 403.shtml to come through?
但是否决于212.92.53.18 是非常具体的&结果很奇怪。基本上,这会阻止来自 212.92.53.18 的任何/所有访问。
But the deny from 212.92.53.18 is quite specific & odd as a result. That is basically blocking any/all access from 212.92.53.18.
现在输入的内容似乎是 .htaccess 设置为明确拒绝来自地址 212.92.53.18 的访问,这将发送 403 响应代码和< Files 403.shtml> 允许实际的 403:禁止 htaccess要发送的页面是什么?
Now typing that out it seems like the .htaccess is set to explicitly deny access from address 212.92.53.18 which would send a 403 response code, and the <Files 403.shtml> allows the actual 403: Forbidden htaccess page to be sent?
但是,对于一个阻止来自单个IP地址的流量的指令来说,它位于中似乎很奇怪。 文件。
But still, it seems odd for a directive to block traffic from one single IP address would be in an .htaccess file like that.
编辑: Google是否搜索了<文件403 .shtml> -因为如果您知道Apache配置,那是一个非常奇怪的指令-并且似乎这可能是某些恶意软件的一部分?请查看此页面以及此页面和其他页面。
Did a Google search for <Files 403.shtml>—because if you know Apache configs, that is a highly odd directive—and it seems like this might be part of some malware? Look at this page as well as this page and this other page.
似乎这是确定的XSS后门的一部分?也许 .htaccess 在恶意软件目录中,而拒绝来自212.92.53.18 则拒绝了受感染的服务器访问
Seems like this is part of a definite XSS backdoor? Perhaps the .htaccess is in a malware directory, and the deny from 212.92.53.18 is denying the infected server from accessing itself?
另一项编辑:好吧,请考虑一下我的想法以及个人对Web恶意软件的经验,并看看否认来自212.92.53.18 我想我知道这笔交易是什么。这是恶意软件感染的一部分。但我敢打赌 212.92.53.18 是引擎盖上的一个节点,因为您可以 curl -I 它&在浏览器中访问它它似乎是一个活动的服务器。大多数客户端IP地址不会这样做;谁在基本ISP连接上公开了Web服务器,对吗?除非机器被感染。因此, 403.shtml 实际上不是真正的 403:禁止访问页面,而实际上是恶意软件的一部分。这意味着,从 212.92.53.18 建立的连接将触发 403.shtml ,这是服务器端的HTML文件-可用于未经授权的访问。我的意思是说,什么人在2014年最后一次在合法服务器上看到有效的 .shtml 文件,对吗?如今,所有这些都是PHP,Python,Java或Ruby。
ANOTHER Okay, putting on my thinking cap—as well as personal experience with web malware—and looking at the specificity of the deny from 212.92.53.18 I think I know what the deal is. This is part of a malware infection. But I bet that 212.92.53.18 is a node on a bonnet because you can curl -I it & visit it in a browser & it seems to be an active server. Most client IP addresses just won’t do that; who has a web server exposed on a basic ISP connection, right? Unless the machine is infected. So the 403.shtml is not actually a real 403: Forbidden page but actually part of the malware. Meaning, a connection being made FROM 212.92.53.18 would trigger 403.shtml—which is a server side include HTML file—that could be used for unauthorized access. I mean, when has anyone in 2014 last seen active .shtml files on legit servers, right? It’s all PHP, Python, Java or Ruby nowadays.
这篇关于.htaccess中的此文件是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
