SAFE MODE Restriction in effect.

Ana dizinde bir klasor yaratılıp yazma izni verilmeli ve config dosyalarına ekteki komut eklenmelidir.
Example :
session_save_path($root.’tmp’);

Below are a dozen basic htaccess techniques and tips to get you started. They’re not nearly as intimidating as many people expect, and if you study the code for a few minutes, I’m sure you’ll quickly grasp exactly how they work and why.

After that are a few bewares and don’ts for working with htaccess to help keep you out of trouble, and some more resources for further working with htaccess.

htaccess Techniques
12 Basic htaccess Tips:
1. Create a custom error page.

.htaccess on a Linux Apache server makes it easy to create your own custom error pages. Just create your custom error page files and then add this code to your .htaccess file:

1. ErrorDocument 401 /401.php
2. ErrorDocument 403 /403.php
3. ErrorDocument 404 /404.php
4. ErrorDocument 500 /500.php

ErrorDocument 401 /401.php
ErrorDocument 403 /403.php
ErrorDocument 404 /404.php
ErrorDocument 500 /500.php

(Obviously you should replace the “/500.php” or whatever with your own file path and name.)
2. Prevent directory browsing.

If you don’t include an index file in a directory, visitors can browse the directory itself. But preventing that is as easy as adding a single line to your .htaccess file:

1. Options All -Indexes

Options All -Indexes

3. Set the default page of each directory.

If you don’t want to use an index page in each directory, you can set the default page visited when someone reaches (like an about page or a page offering the newest content) that directory by adding this:

1. DirectoryIndex news.html

DirectoryIndex news.html

(And of course you’d replace the “news.html” bit with whatever you want to use as the default.)
4. Set up a 301 redirect.

If you move around the structure of your site and need to redirect some old URLs to their new locations, the following bit of code will do so for you:
view plaincopy to clipboardprint?

1. Redirect 301 /original/filename.html http://domain.com/updated/filename.html

Redirect 301 /original/filename.html http://domain.com/updated/filename.html

5. Compress file output with GZIP.

You can add the following code to your htaccess file to compress all of your JavaScript, CSS and HTML files using GZIP.

1.
2. mod_gzip_on Yes
3. mod_gzip_dechunk Yes
4. mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
5. mod_gzip_item_include handler ^cgi-script$
6. mod_gzip_item_include mime ^text\.*
7. mod_gzip_item_include mime ^application/x-javascript.*
8. mod_gzip_item_exclude mime ^image\.*
9. mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
10.

mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text\.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image\.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*

secure https connection
6. Redirect to a secure https connection

If you want to redirect your entire site to a secure https connection, use the following:
view plaincopy to clipboardprint?

1. RewriteEngine On
2. RewriteCond %{HTTPS} !on
3. RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

7. Block script execution.

You can stop scripts in certain languages from running with this:

1. Options -ExecCGI
2. AddHandler cgi-script .pl .py .php .jsp. htm .shtml .sh .asp .cgi

Options -ExecCGI
AddHandler cgi-script .pl .py .php .jsp. htm .shtml .sh .asp .cgi

Just replace the types of scripts you want to block.
8. Force a file to download with a “Save As” prompt.

If you want to force someone to download a file instead of opening it in their browser, use this code:

1. AddType application/octet-stream .doc .mov .avi .pdf .xls .mp4

AddType application/octet-stream .doc .mov .avi .pdf .xls .mp4

9. Restrict file upload limits for PHP.

You can restrict the maximum file size for uploading in PHP, as well as the maximum execution time. Just add this:

1. php_value upload_max_filesize 10M
2. php_value post_max_size 10M
3. php_value max_execution_time 200
4. php_value max_input_time 200

php_value upload_max_filesize 10M
php_value post_max_size 10M
php_value max_execution_time 200
php_value max_input_time 200

Line one specifies the maximum file size for uploading; line two is the maximum size for post data; line three is the maximum time in seconds a script can run before it’s terminated; and line four is the maximum amount of time in seconds a script is allowed to parse input data.
10. Enable File Caching.

Enabling file caching can greatly improve your site’s performance and speed. Use the following code to set up caching (changing the file types and time values to suit your site’s needs):
view plaincopy to clipboardprint?

1. #cache html and htm files for one day
2.
3. Header set Cache-Control “max-age=43200″
4.
5.
6. #cache css, javascript and text files for one week
7.
8. Header set Cache-Control “max-age=604800″
9.
10.
11. #cache flash and images for one month
12.
13. Header set Cache-Control “max-age=2592000″
14.
15.
16. #disable cache for script files
17.
18. Header unset Cache-Control
19.

#cache html and htm files for one day

Header set Cache-Control “max-age=43200″

#cache css, javascript and text files for one week

Header set Cache-Control “max-age=604800″

#cache flash and images for one month

Header set Cache-Control “max-age=2592000″

#disable cache for script files

Header unset Cache-Control

(Time shown for max-age is in seconds.)
11. Protect your site from hotlinking.

The last thing you want is for those stealing your content to also be able to embed the images hosted on your server in their posts. It takes up your bandwidth and can quickly get expensive. Here’s a way to block hotlinking within htaccess:
view plaincopy to clipboardprint?

1. RewriteEngine On
2. RewriteCond %{HTTP_REFERER} !^$
3. RewriteCond %{HTTP_REFERER} !^http://([ -a-z0-9] \.)?domain\.com [NC]
4. RewriteRule \.(gif|jpe?g|png)$ – [F,NC,L]

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([ -a-z0-9] \.)?domain\.com [NC]
RewriteRule \.(gif|jpe?g|png)$ – [F,NC,L]

(Of course you’ll want to replace the domain\.com with your own domain name.)
12. Disguise your file types.

You can disguise all of your file types by making them appear as PHP files. Just insert this snippet in:

1. ForceType application/x-httpd-php

ForceType application/x-httpd-php

htaccess Techniques
8 Common htaccess Mistakes and Don’ts:

* Be careful of spelling- .htaccess is not forgiving of spelling errors.
* htaccess is case sensitive. If something is shown in the examples with a capital letter, make sure it’s capitalized in your htaccess file.
* Consider your caching needs carefully before setting it up. If your site is almost entirely static, you can set longer cache times. If your site changes daily, make sure you adapt which files will cache for how long. There’s nothing worse as a visitor than coming back to a site thinking there’s been an update and not seeing it.
* Don’t forget to comment out your notes within the file. This is done by adding a # before the comment line.
* Always test your site immediately after making any changes to your htaccess file. One mistyped character could make the difference between your site working and being down for hours before you realize what’s happened.
* On that note, always make sure you backup your htaccess file before making any changes. That way, if there is a problem, you can easily swap back in the old file.
* Make sure any essential htaccess functions you’ve included are cross-browser compatible. There are certain things some browsers just won’t support (one example is with certain methods for forcing file downloads).
* Remember when protecting a web directory with htaccess, that unless it’s restricted to https access, the password could be sniffed (as your authentication will be done over an un-secure connection).

Tekrar başıma geldiğinde sorun benim çok daha büyüktü. Koca bir serverın ftpsine sızmıştı scriptler butun index.html, index.php ,config.php , config.html , mail.html , mail.php dosyalarına çoktan yerleşmiş ve googleda sitelerin bir çoğunu engelemişti bile. Ufak bir araştırma yapıp virusun ne olduğunu anlamaya çalıştım.Gördümki forumlarda ve yazılarda bu sorunu yaşayan çok insan olmasına rağmen kimse detaylı açıklamamıl. Bundan sonrasını ve nasıl çözdüğümü adım adım anlatmaya çalışım.

1) Bilgisayarı temizleyin. Virus bilgisayarınızda olduğunda tekrardan ftpye yayılıcaktır. Benim için eski backuplarımı açmak çözüm oldu. Cute ftp ve cracklarından uzak durun Ücretsiz bir çözüm olan WinSCP en az cuteftp kadar iyi ve sorunsuz bir ftp yazılımı.

2) FTP şifrelerini değişin. O servera bağlanan sizin kulandığınız bütün ftp şifrelerini acil olarak değiştirin. Virusun yayılması durucaktır.

3) Temizlik Başlasın. Virusu temizlediğimize , ftp şifrelerimizi değiştirdiğimize göre bahar temizliğine hazırız. Öncelikle bu virus klasik find and replace methodlarıyla malesef temizlenemiyor. com/?click=171722 tarzinda iframeler yerleştirdiği için , tek ftp li ve az dosyalı durumlarda bilgisayara indirip iframe diye aratıp temizlemek kısa ve iyi bir çözüm olucaktır. Ancak , benim gibi server sahibi veya çok fazla dosya sahibi insanlar için bu eziyet ve bitmeyen bir işkence oluyor. Çözümün bundan sonraki kısmı için ssh yetkisi gerekli.

a) Scriptin bulaştığı dosyaları tespit edin. Linux e ssh ile bağlanarak ekteki komutu çalıştırın bu komutun çalıştığı dizine viruslu dosyaların bir listesini ve bulunan kelimelerin satırındaki kodları bir liste olarak kaydedicektir.Ben PHP ve html dosyaları için ayrı ayrı liste oluşturmayı seçtim.

find -name “*”.php -type f -print0 | xargs -0 grep iframe > list_php.txt
find -name “*”.html -type f -print0 | xargs -0 grep iframe > list_html.txt

b) Sorunlu dosya listesi elinizde olduğuna göre listelere bir gözatıp gerekli olabilecek yerleri listelerden çıkarın.

c) Aşağıdaki script dosyasını oluşturduğunuz listeler ile aynı dizine upload edin. (Upload etmeden önce hangi listeyi kulanmak istiyorsanız script dosyası içinden liste adını değişin.

d) upload işleminden sonra ssh ile scripti çagırın
php virus_fixer.php

Sonuç olarak butun işlemleri doğru yaptı iseniz herşeyin yoluna girdiğini görüceksiniz. Yapamayan anlamayan sorun yaşayan arkadaşlar yorum bırakabılırler yardımcı olmaya çalışırım……