Location: PHPKode > scripts > CrawlProtect > crawlprotect/content/createhtaccess.php
<?php
//----------------------------------------------------------------------
//  CrawlProtect 2.0.0
//----------------------------------------------------------------------
// Protect your website from hackers
//----------------------------------------------------------------------
// Author: Jean-Denis Brun
//----------------------------------------------------------------------
// Website: www.crawlprotect.com
//----------------------------------------------------------------------
// That script is distributed under GNU GPL license
//----------------------------------------------------------------------
// file: file/createhtaccess.php
//----------------------------------------------------------------------
//  Last update: 04/07/2010
//----------------------------------------------------------------------
if (!defined('IN_CRAWLPROTECT'))
	{
	echo"<h1>Hacking attempt !!!!</h1>";
	exit();
	}
if (!isset($_SESSION['loginok']) OR $_SESSION['loginok']!=1)
	{
	echo"<h1>Hacking attempt !!!!</h1>";
	exit();
	}
//variables init------------------------------------
$crawlprotect='';
$existingfile='';
$listbadip=array();
$listbadipcheck=array();
$listbadreferertreat=array();
$scripttest=0;
//get variable
if(isset($_POST['createhtaccess']))
	{
	$createhtaccess = $_POST['createhtaccess'];
	}
else
	{
	$createhtaccess = '0';
	}
if(isset($_POST['yourip']))
	{
	$yourip = $_POST['yourip'];
	}
else
	{
	$yourip = '0';
	}
if(isset($_POST['crawltrack']))
	{
	$crawltrack = $_POST['crawltrack'];
	$scripttest=1;
	}
else
	{
	$crawltrack = '0';
	}
if(isset($_POST['phpmyvisites']))
	{
	$phpmyvisites = $_POST['phpmyvisites'];
	$scripttest=1;
	}
else
	{
	$phpmyvisites = '0';
	}
if(isset($_POST['piwik']))
	{
	$piwik = $_POST['piwik'];
	$scripttest=1;
	}
else
	{
	$piwik = '0';
	}
if(isset($_POST['socialengine']))
	{
	$socialengine = $_POST['socialengine'];
	$scripttest=1;
	}
else
	{
	$socialengine = '0';
	}
if(isset($_POST['vbulletin']))
	{
	$vbulletin = $_POST['vbulletin'];
	$scripttest=1;
	}
else
	{
	$vbulletin = '0';
	}
if(isset($_POST['wordpress']))
	{
	$wordpress = $_POST['wordpress'];
	$scripttest=1;
	}
else
	{
	$wordpress = '0';
	}
if(isset($_POST['pageear']))
	{
	$pageear = $_POST['pageear'];
	$scripttest=1;
	}
else
	{
	$pageear = '0';
	}
if(isset($_POST['JosDewplayer']))
	{
	$JosDewplayer = $_POST['JosDewplayer'];
	$scripttest=1;
	}
else
	{
	$JosDewplayer = '0';
	}
if(isset($_POST['imperial']))
	{	
	$imperial = $_POST['imperial'];
	$scripttest=1;
	}
else
	{
	$imperial = '0';
	}
if(isset($_POST['cornerpubli']))
	{
	$cornerpubli = $_POST['cornerpubli'];
	$scripttest=1;
	}
else
	{
	$cornerpubli = '0';
	}
if(isset($_POST['vbseo']))
	{
	$vbseo = $_POST['vbseo'];
	$scripttest=1;
	}
else
	{
	$vbseo = '0';
	}
if(isset($_POST['drupal']))
	{
	$drupal = $_POST['drupal'];
	$scripttest=1;
	}
else
	{
	$drupal = '0';
	}
if(isset($_POST['punbb']))
	{
	$punbb = $_POST['punbb'];
	$scripttest=1;
	}
else
	{
	$punbb = '0';
	}
if(isset($_POST['openx']))
	{
	$openx = $_POST['openx'];
	$scripttest=1;
	}
else
	{
	$openx = '0';
	}
if(isset($_POST['addiptoblock']))
	{
	$addiptoblock = $_POST['addiptoblock'];
	}
else
	{
	$addiptoblock = '0';
	}
if($scripttest==1)
	{
	updateselectionscript($type);
	}
//treatment of list of IP to block
$iptoadd='';
if($addiptoblock==1)
	{
	//get ip infos
	getdatas($type);
	//get  values
	$listip= unserialize($listipserialize);	
	foreach($listip as $key => $value)
		{
		$key3=ip2long($key);
		if(isset($_POST[$key3]) && $_POST[$key3]==1)
			{
			$iptoadd=$iptoadd.",".$key;
			}
		}
	}
if(isset($_POST['badip']))
	{
	$badip = $_POST['badip'];
	$badip=str_replace(" ","",$badip);
	//treatment of badip
	if($badip !='')
		{
		$badip=rtrim($badip,",");
		$listbadip=explode(',',$badip);
		foreach($listbadip as $ip)
			{
			if (preg_match( '/^(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:[.](?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){1,3}$/', $ip))
				{
				$listbadipcheck[]=$ip;
				}
			}
		}
	updatebadip($type);
	}
else
	{
	$badip = '';
	}
//treatment of badreferer
if(isset($_POST['badreferer']))
	{
	$badreferer = $_POST['badreferer'];
	$badreferer=str_replace(" ","",$badreferer);
	if($badreferer !='')
		{
		$badreferer=rtrim($badreferer,",");
		$listbadreferer=explode(',',$badreferer);
		foreach($listbadreferer as $referer)
			{
			$listbadreferertreat[]=str_replace(".","\.",$referer);
			}
		}
	updatebadreferer($type);
	}
else
	{
	$badreferer = '';
	}
//logout---------------------------------------------------------------
if(isset($_POST['logout']))
	{
	$logout = $_POST['logout'];
	}
else
	{
	$logout = '';
	}
if($logout=='ok')
	{
	$validuser=0;
	session_destroy();
	}
//language file-----------------------------------------------------------
getlanguage($type);
include ("".$languageuse."");
//create the htaccess file==========================================================================================
//check if htaccess file already exist and if it's the case grab his content
if(file_exists('../.htaccess') )
	{
	if(function_exists('fopen'))
		{
		$nofile=0;
		$file = fopen("../.htaccess", "r");
		$existingfile = fread($file, filesize("../.htaccess"));
		fclose($file);
		}
	else
		{
		$nofile=2;
		}
	}
else
	{
	$nofile=1;
	}
//save the existing file
if($createhtaccess==1 && $nofile==0 && $type=='file')
	{
	$filename=$_SESSION['path']."/htaccess/htaccess-".date("Y-m-d-H:i:s",strtotime("now")).".txt";
	$filedir=$_SESSION['path'].'/htaccess';    
	//chmod the directory
	if(function_exists('chmod'))
		{
		@chmod($filedir,0755);
		}
	if ( $file = fopen($filename,"w") )
		{
		fwrite($file, $existingfile);
		fclose($file);
		}
	if(function_exists('chmod'))
		{
		@chmod($filedir,0505);
		}
	}
//remove existing CrawlProtect part of the htaccess if it exist
if($nofile==0 && preg_match("/CrawlProtect/i", $existingfile))
	{
	if($type=='file')
		{
		$explodehtaccess = explode('noaccess3.php  [L]', $existingfile);
		}
	else
		{
		$explodehtaccess = explode('noaccess30.php  [L]', $existingfile);
		}
	$explodehtaccess2 = explode('# CrawlProtect', $explodehtaccess[0]);
	$existingfile = $explodehtaccess2[0].ltrim($explodehtaccess[1]);
	}
//insert new CrawlProtect part taking in account the parameters choose
//determine the path to the file
if (isset($_SERVER['SCRIPT_FILENAME']) && !empty($_SERVER['SCRIPT_FILENAME']))
	{
	$path = dirname( $_SERVER['SCRIPT_FILENAME'] );
	}
else
	{
	$path = '.';
	}
//build the new htaccess file
if($createhtaccess!=0)
	{
	$crawlprotect.="# CrawlProtect-2-0-0\n";
	$crawlprotect.="#----------------------------------------------------------------------\n";
	$crawlprotect.="# Protect you website from hackers\n";
	$crawlprotect.="#----------------------------------------------------------------------\n";
	$crawlprotect.="# Author: Jean-Denis Brun\n";
	$crawlprotect.="#----------------------------------------------------------------------\n";
	$crawlprotect.="# Website: www.crawlprotect.com\n";
	$crawlprotect.="#----------------------------------------------------------------------\n";
	$crawlprotect.="# That script is distributed under GNU GPL license\n";
	$crawlprotect.="#----------------------------------------------------------------------\n";
	$crawlprotect.="# file: .htaccess\n";
	$crawlprotect.="#----------------------------------------------------------------------\n";
	$crawlprotect.="#  Last update: 20/06/2010\n";
	$crawlprotect.="#----------------------------------------------------------------------\n";
	if(count($listbadipcheck) > 0)
		{
		$crawlprotect.="#Block bad IP\n";
		$crawlprotect.="order allow,deny\n";
		$crawlprotect.="deny from ";
		foreach($listbadipcheck as $value)
			{
			$crawlprotect.=" ".$value;
			}
		$crawlprotect.="\n";
		$crawlprotect.="allow from all\n";
		$crawlprotect.="#----------------------------------------------------------------------\n";
		}
	$crawlprotect.="RewriteEngine On\n";
	if(count($listbadreferertreat) > 0)
		{
		$crawlprotect.="#Block referer spammer\n";
		$crawlprotect.="RewriteCond %{HTTP_REFERER} ";
		$i=1;
		foreach($listbadreferertreat as $value)
			{
			if($i==count($listbadreferertreat))
				{
				$crawlprotect.= $value."\n";
				}
			else
				{
				$crawlprotect.= $value."|";
				}
			$i++;
			}
		if($type=='file')
			{
			$crawlprotect.="RewriteRule (.*) $path/noaccess/noaccess4.php   [L]\n";
			}
		else
			{
			$crawlprotect.="RewriteRule (.*) $path/noaccess/noaccess40.php   [L]\n";
			}
		$crawlprotect.="#----------------------------------------------------------------------\n";
		}
	$crawlprotect.="#-------------------------------\n";
	$crawlprotect.="#Code injection blocage\n";
	$crawlprotect.="#----------------------------------------\n";
	$crawlprotect.="RewriteCond %{REQUEST_METHOD} (GET) [NC]\n";
	if($yourip==1)
		{
		$crawlprotect.="#Avoid any blocage for yourself (for admin access)\n";
		$crawlprotect.="RewriteCond %{REMOTE_ADDR} !^".$_SERVER['REMOTE_ADDR']."\n";
		}
	if($crawltrack==1)
		{
		$crawlprotect.="#--------------------------------------------------------------------------------\n";
		$crawlprotect.="#case CrawlTrack\n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)countdownload(.*)$ [NC]\n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)keywordposition\.php(.*)$ [NC]\n";
		}
	if($wordpress==1)
		{
		$crawlprotect.="#--------------------------------------------------------------------------------\n";
		$crawlprotect.="#case Wordpress\n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)wp-login(.*)$ [NC]\n";
		}
	if($piwik==1)
		{
		$crawlprotect.="#--------------------------------------------------------------------------------\n";
		$crawlprotect.="#case Piwik \n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)piwik(.*)$ [NC]\n";
		}
	if($phpmyvisites==1)
		{
		$crawlprotect.="#--------------------------------------------------------------------------------\n";
		$crawlprotect.="#case phpMyvisites\n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)phpmyvisites(.*)$ [NC]\n";
		}
	if($vbulletin==1)
		{
		$crawlprotect.="#--------------------------------------------------------------------------------\n";
		$crawlprotect.="#case vbulletin\n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)editsignature(.*)$ [NC]\n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)insertpm(.*)$ [NC]\n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)updatesignature(.*)$ [NC]\n";
		}
	if($socialengine==1)
		{
		$crawlprotect.="#--------------------------------------------------------------------------------\n";
		$crawlprotect.="#case Social Engine\n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)user_report(.*)$ [NC]\n";
		}
	if($pageear==1)
		{
		$crawlprotect.="#--------------------------------------------------------------------------------\n";
		$crawlprotect.="#case Page ear\n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)pageear_b\.swf(.*)$ [NC]\n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)pageear_s\.swf(.*)$ [NC]\n";
		}
	if($JosDewplayer==1)
		{
		$crawlprotect.="#--------------------------------------------------------------------------------\n";
		$crawlprotect.="#case JosDewplayer\n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)dewplayer\.swf(.*)$ [NC]\n";
		}
	if($imperial==1)
		{
		$crawlprotect.="#--------------------------------------------------------------------------------\n";
		$crawlprotect.="#case Imperial Wordpress theme\n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)thumb\.php(.*)$ [NC]\n";
		}
	if($cornerpubli==1)
		{
		$crawlprotect.="#--------------------------------------------------------------------------------\n";
		$crawlprotect.="#case module Corner Publi Prestashop\n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)small\.swf(.*)$ [NC]\n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)large\.swf(.*)$ [NC]\n";
		}
	if($vbseo==1)
		{
		$crawlprotect.="#--------------------------------------------------------------------------------\n";
		$crawlprotect.="#case module vBSEO vBulletin\n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)redirect-to(.*)$ [NC]\n";
		}
	if($openx==1)
		{
		$crawlprotect.="#--------------------------------------------------------------------------------\n";
		$crawlprotect.="#case OpenX\n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)delivery(.*)$ [NC]\n";
		}
	$crawlprotect.="#--------------------------------------------------------------------------------\n";
	$crawlprotect.="#the following rules can block some off your url, in case of problem try to suppress them one per one until you solve it\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(h|%68|%48)(t|%74|%54)(t|%74|%54)(p|%70|%50)(s|%73|%53)(%3A|:)(/|%2F){2}(.*)$ [NC,OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(h|%68|%48)(t|%74|%54)(t|%74|%54)(p|%70|%50)(s|%73|%53)%3a(%3A|:)(/|%2F){2}(.*)$ [NC,OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(h|%68|%48)(t|%74|%54)(t|%74|%54)(p|%70|%50)(%3A|:)(/|%2F){2}(.*)$ [NC]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(h|%68|%48)(t|%74|%54)(t|%74|%54)(p|%70|%50)%3a(%3A|:)(/|%2F){2}(.*)$ [NC,OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(f|%66|%46)(t|%74|%54)(p|%70|%50)(%3A|:)(/|%2F){2}(.*)$ [NC,OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(h|%68|%48)(t|%74|%54)%20(t|%74|%54)(p|%70|%50)(%3A|:)(/|%2F){2}(.*)$ [NC,OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(h|%68|%48)(t|%74|%54)(t|%74|%54)%20(p|%70|%50)(%3A|:)(/|%2F){2}(.*)$ [NC,OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(h|%68|%48)(t|%74|%54)(t|%74|%54)(p|%70|%50)%20(%3A|:)(/|%2F){2}(.*)$ [NC,OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(h|%68|%48)%20(t|%74|%54)(t|%74|%54)(p|%70|%50)(%3A|:)(/|%2F){2}(.*)$ [NC,OR]\n";
	$crawlprotect.="#end of potential issue rules\n";
	if($type=='file')
		{
		$crawlprotect.="RewriteRule (.*) $path/noaccess/noaccess1.php   [L]\n";
		}
	else
		{
		$crawlprotect.="RewriteRule (.*) $path/noaccess/noaccess10.php   [L]\n";
		}
	$crawlprotect.="#-------------------------------\n";
	$crawlprotect.="#Sql injection blocage\n";
	$crawlprotect.="#----------------------------------------\n";
	$crawlprotect.="RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(%20(S|%73|%53)(E|%65|%45)(L|%6C|%4C)(E|%65|%45)(C|%63|%43)(T|%74|%54)%20|%20(I|%69|%49)(N|%6E|%4E)(S|%73|%53)(E|%65|%45)(R|%72|%52)(T|%74|%54)%20|(C|%63|%43)(H|%68|%48)(A|%61|%41)(R|%72|%52)\(|%20(U|%75|%55)(P|%70|%50)(D|%64|%44)(A|%61|%41)(T|%74|%54)(E|%65|%45)%20|%20(R|%72|%52)(E|%65|%45)(P|%70|%50)(L|%6C|%4C)(A|%61|%41)(C|%63|%43)(E|%65|%45)%20)(.*)$ [NC]\n";
	if($type=='file')
		{
		$crawlprotect.="RewriteRule (.*) $path/noaccess/noaccess1.php   [L]\n";
		}
	else
		{
		$crawlprotect.="RewriteRule (.*) $path/noaccess/noaccess10.php   [L]\n";
		}
	$crawlprotect.="#-------------------------------\n";
	$crawlprotect.="#Code injection blocage\n";
	$crawlprotect.="#----------------------------------------\n";
	$crawlprotect.="RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]\n";
	if($yourip==1)
		{
		$crawlprotect.="#Avoid any blocage for yourself (for admin access)\n";
		$crawlprotect.="RewriteCond %{REMOTE_ADDR} !^".$_SERVER['REMOTE_ADDR']."\n";
		}
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(%3C|<)/?(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(.*)$ [NC,OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(%3D|=)?(j|%6A|%4A)(a|%61|%41)(v|%76|%56)(a|%61|%31)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(%3A|:)(.*)$ [NC,OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(d|%64|%44)(o|%6F|%4F)(c|%63|%43)(u|%75|%55)(m|%6D|%4D)(e|%65|%45)(n|%6E|%4E)(t|%74|%54)\.(l|%6C|%4C)(o|%6F|%4F)(c|%63|%43)(a|%61|%41)(t|%74|%54)(i|%69|%49)(o|%6F|%4F)(n|%6E|%4E)\.(h|%68|%48)(r|%72|%52)(e|%65|%45)(f|%66|%46)(.*)$ [OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(b|%62|%42)(a|%61|%41)(s|%73|%53)(e|%65|%45)(6|%36)(4|%34)(_|%5F)(e|%65|%45)(n|%6E|%4E)(c|%63|%43)(o|%6F|%4F)(d|%64|%44)(e|%65|%45)(.*)$ [OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(G|%67|%47)(L|%6C|%4C)(O|%6F|%4F)(B|%62|%42)(A|%61|%41)(L|%6C|%4C)(S|%73|%53)(=|[|%[0-9A-Z]{0,2})(.*)$ [OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(_|%5F)(R|%72|%52)(E|%65|%45)(Q|%71|%51)(U|%75|%55)(E|%65|%45)(S|%73|%53)(T|%74|%54)(=|[|%[0-9A-Z]{0,2})(.*)$ [OR]\n";
	$crawlprotect.="RewriteCond %{REQUEST_URI} ^(.*)(_|%5F)(v|%76|%56)(t|%74|%54)(i|%69|%49)(.*)$ [OR]\n";
	$crawlprotect.="RewriteCond %{REQUEST_URI} ^(.*)(M|%4D)(S|%53)(O|%4F)(f|%66)(f|%66)(i|%69)(c|%63)(e|%65)(.*)$ [OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(/|%2F)(e|%65)(t|%74)(c|%63)(/|%2F)(p|%70)(a|%61)(s|%73)(s|%73)(w|%77)(d|%64)(.*)$ [OR]\n";
	$crawlprotect.="RewriteCond %{REQUEST_URI} ^(.*)(S|%53)(h|%68)(e|%65)(l|%6C)(l|%6C)(A|%41)(d|%64)(r|%72)(e|%65)(s|%73)(i|%69).(T|%54)(X|%58)(T|%54)(.*)$ [OR]\n";
	$crawlprotect.="RewriteCond %{REQUEST_URI} ^(.*)\[(e|%65)(v|%76)(i|%69)(l|%6C)(_|%5F)(r|%72)(o|%6F)(o|%6F)(t|%74)\]?(.*)$ [OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)\.\./\.\./\.\./(.*)$ [OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(/|%2F)(p|%70)(r|%72)(o|%6F)(c|%63)(/|%2F)(s|%73)(e|%65)(l|%C)(f|%66)(/|%2F)(e|%65)(n|%6E)(v|%76)(i|%69)(r|%72)(o|%6F)(n|%6E)(.*)$\n";
	if($type=='file')
		{
		$crawlprotect.="RewriteRule (.*) $path/noaccess/noaccess1.php   [L]\n";
		}
	else
		{
		$crawlprotect.="RewriteRule (.*) $path/noaccess/noaccess10.php   [L]\n";
		}
	$crawlprotect.="#-------------------------------\n";
	$crawlprotect.="#Bad bot and site copier blocage\n";
	$crawlprotect.="#-------------------------------\n";
	$crawlprotect.="RewriteCond %{HTTP_USER_AGENT} @nonymouse|ADSARobot|amzn_assoc|Anarchie|ASPSeek|Atomz|^[^?]*addresses\.com|Advanced\ Email\ Extractor|ah-ha|aktuelles|almaden|Art-Online|AspiWeb|ASSORT|ATHENS|attach|attache|autoemailspider|BackWeb|Bandit|BatchFTP|bdfetch|big.brother|BlackWidow|bmclient|Boston\ Project|Bot\ mailto:hide@address.com|BravoBrian\ SpiderEngine\ MarcoPolo|Buddy|Bullseye|bumblebee|capture|CherryPicker|ChinaClaw|CICC|clipping|Crescent\ Internet\ ToolPack|cURL|Custo|cyberalert|Deweb|diagem|Digger|Digimarc|DIIbot|DirectUpdate|DISCo|Download\ Accelerator|Download\ Demon|Download\ Wonder|Downloader|Drip|DSurf15a|DTS.Agent|EasyDL|eCatch|echo\ extense|ecollector|hide@address.com\.net|EirGrabber|EmailCollector|Email\ Extractor|EmailSiphon|EmailWolf|Express\ WebPictures|ExtractorPro|EyeNetIE|fastlwspider|FavOrg|Favorites\ Sweeper|Fetch\ API\ Request|FEZhead|FileHound|FlashGet|FlickBot|fluffy|frontpage|GalaxyBot|Generic|Getleft|GetSmart|GetWeb!|GetWebPage|gigabaz|Girafabot|Go!Zilla|Go-Ahead-Got-It|GornKer|Grabber|GrabNet|Grafula|Green\ Research|Harvest|hide@address.com|hloader|HMView|HomePageSearch|HTTP\ agent|HTTPConnect|httpdown|http\ generic|HTTrack|^[^?]*iaea\.org|IBM_Planetwide|^[^?]*\.ideography\.co\.uk|Image\ Stripper|Image\ Sucker|imagefetch|IncyWincy|Indy\ Library|informant|Ingelin|InterGET|Internet\ Ninja|InternetLinkAgent|InternetSeer\.com|Iria|Irvine|iOpus|IPiumBot\ laurion(dot)com|Jakarta|JBH*Agent|JetCar|JustView|Kapere|KWebGet|Lachesis|larbin|LeechFTP|LexiBot|lftp|libwww|likse|Link*Sleuth|LINKS\ ARoMATIZED|LinkWalker|LWP|lwp-trivial|Magnet|Mac\ Finder|Mag-Net|Mass\ Downloader|MemoWeb|MCspider|Microsoft\ URL\ Control|MIDown\ tool|minibot\(NaverRobot\)|Missigua\ Locator|Mister\ PiX|MMMtoCrawl\/UrlDispatcherLLL|MSProxy|multithreaddb|nationaldirectory|Navroad|NearSite|NetAnts|NetCarta|netfactual|netcraft|NetMechanic|netprospector|NetResearchServer|NetSpider|Net\ Vampire|NetZIP|NEWT|nicerspro|NPBot|Octopus|Offline\ Explorer|Offline\ Navigator|OpaL|Openfind|OpenTextSiteCrawler|OutWit|PackRat|PageGrabber|Papa\ Foto|pavuk|pcBrowser|PersonaPilot|PingALink|Pockey|Program\ Shareware|psbot|PSurf|puf|Pump|PushSite|QRVA|QuepasaCreep|RealDownload|Reaper|Recorder|ReGet|replacer|RepoMonkey|Robozilla|Rover|RPT-HTTPClient|Rsync|SearchExpress|searchhippo|searchterms\.it|Second\ Street\ Research|Shai|sitecheck|SiteMapper|SiteSnagger|SlySearch|SmartDownload|snagger|SpaceBison|Spegla|SpiderBot|SqWorm|Star\ Downloader|Stripper|Sucker|SuperBot|SuperHTTP|Surfbot|SurfWalker|Szukacz|tAkeOut|tarspider|Teleport\ Pro|Telesoft|Templeton|traffixer|TrueRobot|TuringOS|TurnitinBot|TV33_Mercator|UIowaCrawler|URL_Spider_Pro|UtilMind|Vacuum|vagabondo|vayala|visibilitygap|vobsub|VoidEYE|vspider|w3mir|web\.by\.mail|Web\ Data\ Extractor|Web\ Downloader|Web\ Image\ Collector|Web\ Sucker|WebAuto|webbandit|Webclipping|webcollector|webcollage|WebCopier|hide@address.com|WebDAV|webdevil|webdownloader|Webdup|WebEmailExtractor|WebFetch|WebGo\ IS|WebHook|Webinator|WebLeacher|WebMiner|WebMirror|webmole|WebReaper|WebSauger|WEBsaver|Website\ eXtractor|Website\ Quester|WebSnake|Webster|WebStripper|websucker|webvac|webwalk|webweasel|WebWhacker|WebZIP|Wget|whizbang|WhosTalking|Widow|WISEbot|WUMPUS|Wweb|WWWOFFLE|Wysigot|Xaldon\ WebSpider|XGET|x-Tractor|Zeus.* [OR]\n";
	$crawlprotect.="RewriteCond %{HTTP_REFERER} ^XXX\n";
	if($yourip==1)
		{
		$crawlprotect.="#Avoid any blocage for yourself (for admin access)\n";
		$crawlprotect.="RewriteCond %{REMOTE_ADDR} !^".$_SERVER['REMOTE_ADDR']."\n";
		}
	if($type=='file')
		{
		$crawlprotect.="RewriteRule (.*) $path/noaccess/noaccess2.php   [L]\n";
		}
	else
		{
		$crawlprotect.="RewriteRule (.*) $path/noaccess/noaccess20.php   [L]\n";
		}
	$crawlprotect.="#-------------------------------\n";
	$crawlprotect.="# Filter against PHPSHELL.PHP, REMOTEVIEW, c99Shell and others\n";
	$crawlprotect.="#-------------------------------\n";
	if($drupal==1)
		{
		$crawlprotect.="#--------------------------------------------------------------------------------\n";
		$crawlprotect.="#case Drupal \n";
		$crawlprotect.="RewriteCond %{QUERY_STRING} !^(.*)file-system(.*)$ [NC]\n";
		}
	if($punbb==1)
		{
		$crawlprotect.="#--------------------------------------------------------------------------------\n";
		$crawlprotect.="#case punBB \n";
		$crawlprotect.="RewriteCond %{REQUEST_URI} !^(.*)search(.*)$ [NC]\n";
		}
	$crawlprotect.="RewriteCond %{REQUEST_URI} .*((php|my)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|r57|webadmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR]\n";
	$crawlprotect.="RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)=(/|%2F)(h|%68|%48)(o|%6F|%4F)(m|%6D|%4D)(e|%65|%45)(.+)?(/|%2F)(.*)(/|%2F)(.*)$ [OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^work_dir=.*$ [OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^command=.*&output.*$ [OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^nts_[a-z0-9_]{0,10}=.*$ [OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^c=(t|setup|codes)$ [OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^act=((about|cmd|selfremove|chbd|trojan|backc|massbrowsersploit|exploits|grablogins|upload.*)|((chmod|f)&f=.*))$ [OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^act=(ls|search|fsbuff|encoder|tools|processes|ftpquickbrute|security|sql|eval|update|feedback|cmd|gofile|mkfile)&d=.*$ [OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^&?c=(l?v?i?&d=|v&fnot=|setup&ref=|l&r=|d&d=|tree&d|t&d=|e&d=|i&d=|codes|md5crack).*$ [OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)([-_a-z]{1,15})=(chmod|chdir|mkdir|rmdir|clear|whoami|uname|unzip|gzip|gunzip|grep|more|umask|telnet|ssh|ftp|head|tail|which|mkmode|touch|logname|edit_file|search_text|find_text|php_eval|download_file|ftp_file_down|ftp_file_up|ftp_brute|mail_file|mysql|mysql_dump|db_query)([^a-zA-Z0-9].+)*$ [OR]\n";
	$crawlprotect.="RewriteCond %{QUERY_STRING} ^(.*)(wget|shell_exec|passthru|system|exec|popen|proc_open)(.*)$\n";
	if($yourip==1)
		{
		$crawlprotect.="#Avoid any blocage for yourself (for admin access)\n";
		$crawlprotect.="RewriteCond %{REMOTE_ADDR} !^".$_SERVER['REMOTE_ADDR']."\n";
		}
	if($type=='file')
		{
		$crawlprotect.="RewriteRule (.*) $path/noaccess/noaccess3.php  [L]\n\n";
		}
	else
		{
		$crawlprotect.="RewriteRule (.*) $path/noaccess/noaccess30.php  [L]\n\n";
		}
	$existingfile=$crawlprotect.$existingfile;
	}
//replace the actual htaccess file by the new one
if($createhtaccess==2 && $type=='file')
	{
	$filename=$_SERVER['DOCUMENT_ROOT']."/.htaccess";
	$filedir=$_SERVER['DOCUMENT_ROOT'];
	//chmod the file if already exist
	if(function_exists('chmod') && $nofile==0)
		{
		chmod($filename,0644);
		}
	if ( $file = fopen($filename,"w") )
		{
		fwrite($file, $existingfile);
		fclose($file);
		$filereplace=1;
		}
	else
		{
		$filereplace=0;
		}
	if(function_exists('chmod'))
		{
		chmod($filename, 0404);
		}
	unset($_SESSION['verif']);
	//clear the cache folder
	$dir = dir('./cache/');
	if(function_exists('chmod'))
		{
		chmod('./cache/',0755);
		}
	while (false !== $entry = $dir->read())
		{
		// Skip pointers
		if ($entry == '.' || $entry == '..')
			{
			continue;
			}
		unlink("./cache/$entry");
		}
	}
else
	{
	$filereplace=0;
	}
//===================================================================================================================
echo"<div align=\"center\"><br>\n";
echo"<p><b>". $_SERVER["HTTP_HOST"] ."</b> ".$language['is_protected_by_CrawlProtect']."</p>\n";
echo"<div align=\"right\" style=\"display:block; position:absolute; top:10px; right:10px;\">\n";
echo"<table><tr><td>\n";
$text=$language['home'];
echo"<form action=\"index.php\" method=\"POST\">\n";
echo "<input type=\"hidden\" name ='navig' value='0'>\n";
echo"<input name='ok' type='submit'  value='$text' size='20' >\n";
echo"</form>&nbsp;\n";
echo"</td><td>\n";
$text=$language['fileandfolders'];
echo"<form action=\"index.php\" method=\"POST\">\n";
echo "<input type=\"hidden\" name ='navig' value='2'>\n";
echo"<input name='ok' type='submit'  value='$text' size='20' >\n";
echo"</form>&nbsp;\n";
echo"</td><td>\n";
$text=$language['admin'];
echo"<form action=\"index.php\" method=\"POST\">\n";
echo "<input type=\"hidden\" name ='navig' value='1'>\n";
echo"<input name='ok' type='submit'  value='$text' size='20' >\n";
echo"</form>&nbsp;\n";
echo"</td><td>\n";
$text=$language['logout'];
echo"<form action=\"index.php\" method=\"POST\">\n";
echo "<input type=\"hidden\" name ='navig' value='0'>\n";
echo "<input type=\"hidden\" name ='logout' value='ok'>\n";
echo"<input name='ok' type='submit'  value='$text' size='20' >\n";
echo"</form>&nbsp;\n";
echo"</td></tr></table>\n";
echo"</div>\n";
echo"<br>\n";
echo"<div align=\"center\">\n";
if($createhtaccess==0)
	{
	badip($type);
	badreferer($type);
	getselectionscript($type);
	echo "<h2>".$language['htaccess']."</h2>";
	echo "<div style=\"padding-left:250px; padding-right:250px; text-align:left;\"><p>".$language['existinghtaccess']."</p></div>";
	echo "<h2>".$language['parameter']."</h2>";
	echo"<table><tr><td align='left' style=\"padding-left:20px;\">";
	echo"<form action=\"index.php\" method=\"POST\">";
	echo "<input type=\"hidden\" name ='navig' value='3'>\n";
	echo "<input type=\"hidden\" name ='createhtaccess' value='1'>\n";
	echo "<p><b>".$language['yourip']."</b> ".$_SERVER['REMOTE_ADDR']."<br>";
	echo"<input type=\"radio\" name=\"yourip\" value=\"1\">".$language['yesip']."<br>\n";
	echo"<input type=\"radio\" name=\"yourip\" value=\"0\" checked>".$language['noip']."<br>\n";
	echo "<p><b>".$language['scripts_used']."</b></p>";
	echo"<table width='100%' style=\"font-size:12px;\"><tr><td valign=\"top\">";
	//--------------------------------------------------------------------------
	echo"<input type=\"checkbox\" name=\"cornerpubli\" value=\"1\"";
	if($cornerpubli==1)
		{
		echo "checked";
		}
	echo">Corner Publi (Prestashop module)<br>\n";
	echo"<input type=\"checkbox\" name=\"crawltrack\" value=\"1\"";
	if($crawltrack==1)
		{
		echo "checked";
		}
	echo">CrawlTrack<br>\n";
	echo"<input type=\"checkbox\" name=\"drupal\" value=\"1\"";
	if($drupal==1)
		{
		echo "checked";
		}
	echo">Drupal<br>\n";
	echo"<input type=\"checkbox\" name=\"JosDewplayer\" value=\"1\"";
	if($JosDewplayer==1)
		{
		echo "checked";
		}
	echo">JosDewplayer<br>\n";
	//--------------------------------------------------------------------------
	echo"</td><td valign=\"top\">";
	echo"<input type=\"checkbox\" name=\"openx\" value=\"1\"";
	if($openx==1)
		{
		echo "checked";
		}
	echo">OpenX<br>\n";
	echo"<input type=\"checkbox\" name=\"pageear\" value=\"1\"";
	if($pageear==1)
		{
		echo "checked";
		}
	echo">Pageear / Pagepeel<br>\n";
	echo"<input type=\"checkbox\" name=\"phpmyvisites\" value=\"1\"";
	if($phpmyvisites==1)
		{
		echo "checked";
		}
	echo">phpMyVisites<br>\n";
	echo"<input type=\"checkbox\" name=\"piwik\" value=\"1\"";
	if($piwik==1)
		{
		echo "checked";
		}
	echo">Piwik<br>\n";
	//--------------------------------------------------------------------------
	echo"</td><td valign=\"top\">";
	echo"<input type=\"checkbox\" name=\"punbb\" value=\"1\"";
	if($punbb==1)
		{
		echo "checked";
		}
	echo">punBB<br>\n";
	echo"<input type=\"checkbox\" name=\"socialengine\" value=\"1\"";
	if($socialengine==1)
		{
		echo "checked";
		}
	echo">Social Engine<br>\n";
	echo"<input type=\"checkbox\" name=\"vbulletin\" value=\"1\"";
	if($vbulletin==1)
		{
		echo "checked";
		}
	echo">vBulletin<br>\n";
	echo"<input type=\"checkbox\" name=\"vbseo\" value=\"1\"";
	if($vbseo==1)
		{
		echo "checked";
		}
	echo">vBSEO (vBulletin module)<br>\n";
	//--------------------------------------------------------------------------
	echo"</td><td valign=\"top\">";
	echo"<input type=\"checkbox\" name=\"wordpress\" value=\"1\"";
	if($wordpress==1)
		{
		echo "checked";
		}
	echo">Wordpress<br>\n";
	echo"<input type=\"checkbox\" name=\"imperial\" value=\"1\"";
	if($imperial==1)
		{
		echo "checked";
		}
	echo">Wordpress Imperial Theme<br>\n";
	//--------------------------------------------------------------------------
	echo"</td></tr></table>";
	echo "<br><b>".$language['badip']."</b>";
	if(strlen($badip)>115)
		{
		$rawip=(ceil(strlen($badip)/115))+1;
		}
	else
		{
		$rawip=1;
		}
	echo "<br>".$language['badiplist']."</p>";
	echo"<TEXTAREA name='badip' rows=".$rawip." cols=115>".wordwrap(ltrim($badip.$iptoadd,","),115,' ',true)."</TEXTAREA>\n";
	if($addiptoblock==1)
		{
		echo "<table width='850px'><tr><td class='black'>".$language['badipadd']."<br><span class='red'>".str_replace(",","&nbsp;    &nbsp;&nbsp;",ltrim($iptoadd,","))."</span></td></tr></table>";
		}
	else
		{
		echo "<br>";
		}
	echo "<br><b>".$language['badreferer']."</b>";
	echo "<br>".$language['badrefererlist']."</p>";
	if(strlen($badreferer)>115)
		{
		$rawreferer=(ceil(strlen($badreferer)/115))+1;
		}
	else
		{
		$rawreferer=1;
		}
	echo"<TEXTAREA name='badreferer' rows=".$rawreferer." cols=115>".wordwrap($badreferer,115,' ',true)."</TEXTAREA>\n";
	echo"<br><br><input name='ok' type='submit'  value='".$language['htaccess']."' size='20' >";
	echo"</form>&nbsp;</td></tr></table>";
	}
elseif($createhtaccess==1)
	{
	echo "<table width=\"70%\"><tr><td><p><b>".$language['checkhtaccess']."</b></p></td></tr></table>";
	echo"<form action=\"index.php\" method=\"POST\">";
	echo "<input type=\"hidden\" name ='navig' value='3'>\n";
	echo "<input type=\"hidden\" name ='createhtaccess' value='2'>\n";
	echo "<input type=\"hidden\" name ='yourip' value='".$yourip."'>\n";
	echo "<input type=\"hidden\" name ='crawltrack' value='".$crawltrack."'>\n";
	echo "<input type=\"hidden\" name ='phpmyvisites' value='".$phpmyvisites."'>\n";
	echo "<input type=\"hidden\" name ='piwik' value='".$piwik."'>\n";
	echo "<input type=\"hidden\" name ='socialengine' value='".$socialengine."'>\n";
	echo "<input type=\"hidden\" name ='vbulletin' value='".$vbulletin."'>\n";
	echo "<input type=\"hidden\" name ='wordpress' value='".$wordpress."'>\n";
	echo "<input type=\"hidden\" name ='pageear' value='".$pageear."'>\n";
	echo "<input type=\"hidden\" name ='JosDewplayer' value='".$JosDewplayer."'>\n";
	echo "<input type=\"hidden\" name ='cornerpubli' value='".$cornerpubli."'>\n";
	echo "<input type=\"hidden\" name ='imperial' value='".$imperial."'>\n";
	echo "<input type=\"hidden\" name ='vbseo' value='".$vbseo."'>\n";
	echo "<input type=\"hidden\" name ='drupal' value='".$drupal."'>\n";
	echo "<input type=\"hidden\" name ='punbb' value='".$punbb."'>\n";
	echo "<input type=\"hidden\" name ='openx' value='".$openx."'>\n";
	echo "<input type=\"hidden\" name ='badip' value='".$badip."'>\n";
	echo "<input type=\"hidden\" name ='badreferer' value='".$badreferer."'>\n";
	echo"<br><br><input name='ok' type='submit'  value='Ok' size='20' >";
	echo"</form>&nbsp;";
	if(count($listbadip) != count($listbadipcheck))
		{
		echo "<br><p style='color:#ff0000; font-size:12px;'><b>".$language['badip2']."</b></p>";
		}
	echo"<div class='htaccess'><pre>\n";
	echo $existingfile;
	echo"</pre></div><br><br>\n";
	}
elseif($createhtaccess==2 && $filereplace==1 && $type=='file')
	{
	echo "<br><p><b>".$language['newhtaccessok']."</b></p><br><br><br>";
	refresh($type);
	}
elseif($createhtaccess==2 && $filereplace==0 && $type=='file')
	{
	echo "<table width=\"70%\"><tr><td><p style='color:#ff0000;'><b>".$language['newhtaccessnook']."</b></p></td></tr></table>";
	echo"<div class='htaccess'><pre>\n";
	echo $existingfile;
	echo"</pre></div>\n";
	}
elseif($createhtaccess==2 && $type!='file')
	{
	echo "<table width=\"70%\"><tr><td><p style='color:#ff0000;'><b>".$language['copyhtaccess']."</b></p></td></tr></table>";
	echo"<form action=\"index.php\" method=\"POST\">";
	echo "<input type=\"hidden\" name ='navig' value='1'>\n";
	echo "<input type=\"hidden\" name ='createhtaccess' value='2'>\n";
	echo "<input type=\"hidden\" name ='yourip' value='".$yourip."'>\n";
	echo "<input type=\"hidden\" name ='crawltrack' value='".$crawltrack."'>\n";
	echo "<input type=\"hidden\" name ='phpmyvisites' value='".$phpmyvisites."'>\n";
	echo "<input type=\"hidden\" name ='piwik' value='".$piwik."'>\n";
	echo "<input type=\"hidden\" name ='socialengine' value='".$socialengine."'>\n";
	echo "<input type=\"hidden\" name ='vbulletin' value='".$vbulletin."'>\n";
	echo "<input type=\"hidden\" name ='wordpress' value='".$wordpress."'>\n";
	echo "<input type=\"hidden\" name ='pageear' value='".$pageear."'>\n";
	echo "<input type=\"hidden\" name ='JosDewplayer' value='".$JosDewplayer."'>\n";
	echo "<input type=\"hidden\" name ='cornerpubli' value='".$cornerpubli."'>\n";
	echo "<input type=\"hidden\" name ='imperial' value='".$imperial."'>\n";
	echo "<input type=\"hidden\" name ='vbseo' value='".$vbseo."'>\n";
	echo "<input type=\"hidden\" name ='drupal' value='".$drupal."'>\n";
	echo "<input type=\"hidden\" name ='punbb' value='".$punbb."'>\n";
	echo "<input type=\"hidden\" name ='openx' value='".$openx."'>\n";
	echo "<input type=\"hidden\" name ='badip' value='".$badip."'>\n";
	echo "<input type=\"hidden\" name ='badreferer' value='".$badreferer."'>\n";
	echo"<br><br><input name='ok' type='submit'  value='Ok' size='20' >";
	echo"</form>&nbsp;";
	echo"<div class='htaccess'><pre>\n";
	echo $existingfile;
	echo"</pre></div><br><br>\n";
	refresh($type);
	}
echo"</div>\n";
echo"</div>\n";
?>
Return current item: CrawlProtect