Support

Admin Tools

#35314 .htaccess SetEnvIf user-agent "(?i:any-bot-name)" stayout=1

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by tampe125 on Saturday, 29 May 2021 03:12 CDT

Friday, 28 May 2021 20:11 CDT

lynn

We are trying to resolve modifications to our .htaccess

1.  From March through early May 2021, these unauthorized modifications were occurring every 4-7 days at exactly 11:57PM PST ...

2.  We would get the email saying:  "We would like to notify you that one or more critical files that you decided to monitor have been modified on your site "domainname.com". The list of files modified on your site is as follows:

  • .htaccess

3.  We would go to the .htaccess file, and notice the original lines that got changed are all admintools controlled entries in the "User agents to block, one per line" in ".htaccess maker", which USED TO LOOK LIKE: 


SetEnvIf user-agent "WebBandit" stayout=1
SetEnvIf user-agent "webbandit" stayout=1
SetEnvIf user-agent "Acunetix" stayout=1
SetEnvIf user-agent "binlar" stayout=1
SetEnvIf user-agent "BlackWidow" stayout=1
SetEnvIf user-agent "Bolt 0" stayout=1
SetEnvIf user-agent "Bot mailto:[email protected]" stayout=1


But have now been CHANGED TO:

SetEnvIf user-agent "(?i:WebBandit)" stayout=1
SetEnvIf user-agent "(?i:webbandit)" stayout=1
SetEnvIf user-agent "(?i:Acunetix)" stayout=1
SetEnvIf user-agent "(?i:binlar)" stayout=1
SetEnvIf user-agent "(?i:BlackWidow)" stayout=1
SetEnvIf user-agent "(?i:Bolt 0)" stayout=1
SetEnvIf user-agent "(?i:Bot mailto:[email protected])" stayout=1

It appears that any "xxx" is getting changed to "(?i:xxx)"

4.  We would go to ADMINTOOLS and have .HTACCESS MAKER rebuild the .htaccess file, and the unauthorized changes would be reversed.   We have no cronos/chronos scripts running by us.  We asked the ISP if they were running scripts, they said no.  

5.  BUT NOW, when we use the ".htaccess maker" to rebuild, the SetEnvIf user-agent being generated is 

SetEnvIf user-agent "(?i:anybotname)" stayout=1


Is this the new format for the "SetEnvIf user-agent" line?  If yes, then I will look elsewhere to find what is happening.  

If no, this is not the correct format to block bots, then something has gotten into the admintools htaccess maker generator tools and modified it.   How would I correct it?

Saturday, 29 May 2021 03:12 CDT

tampe125

Hello,

it seems that something else is changing your .htaccess file. The change won't affect the behavior, but there's something going on.

Do you have any other security plugin installed? If not, I'd suggest you to contact your host and report the issue, maybe they have an automatic script that reads and "fixes" .htaccess files.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!