Coding

Personal Reference

This stuff is a library of snippets and notes for my own personal use. I am not responsible for any damange or loss caused by doing anything on these pages.


Hypertext Access (.htaccess) Master Sheet

# Turns off directory browsing. Gives 403 instead.
# Change it to Options +Indexes if you want that.
Options -Indexes

# Force HTTPS on all pages. The beauty of this version is it doesn't matter how the URL is written.
# If it's HTTP, it'll change it to HTTPS. 301 redirects are "SEO Friendly"
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# This little guy will fix mixed content without actually having to edit every URL hardcoded in your page.
# Still ideal to reference everything as http:// - but it's a handy little bugger.
<IfModule mod_headers.c>
    Header always set Content-Security-Policy "upgrade-insecure-requests;"
</IfModule>

# Block specific IP addresses. These two were real penetration scans.
<Files 403.shtml>
    order allow,deny
    allow from all
</Files>
deny from 208.80.194.0/24
deny from 173.72.158.110

What's Up, Bot?

Using https://whatismyipaddress.com and logging questionable requests

I don't know why but one of the funnest things I've discovered in 2020 is reading through web server raw access logs and seeing what kind of activity is being done by average nogoodnicks. They say over 15% of web traffic is malicious but if you've ever looked at a log file you can tell it's much much more than that. I'm keeping a manual record so I can properly tighten my own firewalls in the future.

11/27 Hit several times by the a range of Static IPs looking for the same thing.
Keep in mind that most people who work in security are also hackers on their free time.
The source appears to be some cyber security firm in Kansas.
/SCANNED/KQJ2115HBLCIBIG/

Requests: Bots/Scanners That Identified Themselves: