# ============================================ # ADVANCED ANTI-MALWARE PROTECTION - UPDATED # Blocks: tkuvalis.com, verdman.com, 3 IPs # Last Updated: Now # ============================================ RewriteEngine On RewriteCond %{QUERY_STRING} (wprosacco|tkuvalis|verdman|j251010|uschimmel) [NC] RewriteRule .* - [F,L] RewriteEngine On # Block ALL Known Malicious IPs RewriteCond %{REMOTE_ADDR} ^198\.204\.225\.86$ [OR] RewriteCond %{REMOTE_ADDR} ^198\.204\.225\. [OR] RewriteCond %{REMOTE_ADDR} ^107\.150\.46\.245\. [OR] RewriteCond %{REMOTE_ADDR} ^107\.150\.50\.154$ [OR] RewriteCond %{REMOTE_ADDR} ^107\.150\.50\. [OR] RewriteCond %{REMOTE_ADDR} ^107\.150\. RewriteRule .* - [F,L] # Block ALL Malicious Domains RewriteCond %{HTTP_REFERER} tkuvalis\.com [NC,OR] RewriteCond %{HTTP_REFERER} uschimmel.com [NC,OR] RewriteCond %{HTTP_REFERER} verdman\.com [NC,OR] RewriteCond %{QUERY_STRING} tkuvalis [NC,OR] RewriteCond %{QUERY_STRING} verdman [NC,OR] RewriteCond %{QUERY_STRING} j250914 [NC,OR] RewriteCond %{QUERY_STRING} j250925 [NC,OR] RewriteCond %{QUERY_STRING} j250929 [NC,OR] RewriteCond %{QUERY_STRING} j251010 [NC] RewriteRule .* - [F,L] # Block Dangerous PHP Functions RewriteCond %{QUERY_STRING} eval\( [NC,OR] RewriteCond %{QUERY_STRING} curl_init [NC,OR] RewriteCond %{QUERY_STRING} base64_decode [NC,OR] RewriteCond %{QUERY_STRING} base64_encode [NC,OR] RewriteCond %{QUERY_STRING} system\( [NC,OR] RewriteCond %{QUERY_STRING} exec\( [NC,OR] RewriteCond %{QUERY_STRING} shell_exec [NC,OR] RewriteCond %{QUERY_STRING} passthru [NC,OR] RewriteCond %{QUERY_STRING} phpinfo [NC,OR] RewriteCond %{QUERY_STRING} proc_open [NC,OR] RewriteCond %{QUERY_STRING} popen [NC] RewriteRule .* - [F,L] # Block Suspicious User Agents RewriteCond %{HTTP_USER_AGENT} ^$ [OR] RewriteCond %{HTTP_USER_AGENT} (libwww|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader|harvest|extract|grab|miner|bot|crawler) [NC] RewriteRule .* - [F,L] # Block Suspicious Request Methods RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|PUT) [NC] RewriteRule .* - [F,L] # Block URL patterns used by malware RewriteCond %{REQUEST_URI} init\.txt [NC,OR] RewriteCond %{REQUEST_URI} init\.php [NC,OR] RewriteCond %{REQUEST_URI} db\.php [NC] RewriteRule .* - [F,L] # Block Malware Files by Name Order Deny,Allow Deny from all # Protect Configuration Files Order Deny,Allow Deny from all # Disable Directory Browsing Options -Indexes -FollowSymLinks # Prevent Access to Hidden Files Order Allow,Deny Deny from all # Block PHP Execution in Upload Folders RewriteCond %{REQUEST_URI} (uploads|files|media|tmp|temp|cache|images|assets)/.*\.(php|phtml|php3|php4|php5|php7|phar|phps)$ [NC] RewriteRule . - [F,L] # Disable PHP in Specific Directories (if they exist) php_flag engine off Deny from all # Security Headers Header set X-XSS-Protection "1; mode=block" Header set X-Content-Type-Options "nosniff" Header set X-Frame-Options "SAMEORIGIN" Header set Referrer-Policy "no-referrer-when-downgrade" # Block File Uploads with PHP Extension SecFilterEngine On SecFilterScanPOST On