Thread:Project:Support desk/Titles with parentheses/reply (10)

This is my .htaccess:

=
=======================================================================================
 * 1)   BULLETPROOF .50.3 >>>>>>> SECURE .HTACCESS


 * 1) If you edit the BULLETPROOF .50.3 >>>>>>> SECURE .HTACCESS text above
 * 2) you will see error messages on the BPS Security Status page
 * 3) BPS is reading the version number in the htaccess file to validate checks
 * 4) If you would like to change what is displayed above you
 * 5) will need to edit the BPS /includes/functions.php file to match your changes
 * 6) If you update your WordPress Permalinks the code between BEGIN WordPress and
 * 7) END WordPress is replaced by WP htaccess code.
 * 8) This removes all of the BPS security code and replaces it with just the default WP htaccess code
 * 9) To restore this file use BPS Restore or activate BulletProof Mode for your Root folder again.

           BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html         Header append Vary User-Agent env=!dont-vary  AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json        # DEFLATE by extension AddOutputFilter DEFLATE js css htm html xml    FileETag None         Header unset ETag    FileETag None         Header unset ETag   <FilesMatch "\.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|woff|xla|xls|xlsx|xlt|xlw|zip|ASF|ASX|WAX|WMV|WMX|AVI|BMP|CLASS|DIVX|DOC|DOCX|EOT|EXE|GIF|GZ|GZIP|ICO|JPG|JPEG|JPE|JSON|MDB|MID|MIDI|MOV|QT|MP3|M4A|MP4|M4V|MPEG|MPG|MPE|MPP|OTF|ODB|ODC|ODF|ODG|ODP|ODS|ODT|OGG|PDF|PNG|POT|PPS|PPT|PPTX|RA|RAM|SVG|SVGZ|SWF|TAR|TIF|TIFF|TTF|TTC|WAV|WMA|WRI|WOFF|XLA|XLS|XLSX|XLT|XLW|ZIP)$"> FileETag None         Header unset ETag </IfModule> </FilesMatch>    RewriteEngine On    RewriteBase / RewriteCond %{HTTP:Accept-Encoding} gzip RewriteRule .* - [E=W3TC_ENC:_gzip] RewriteCond %{HTTP_COOKIE} w3tc_preview [NC] RewriteRule .* - [E=W3TC_PREVIEW:_preview] RewriteCond %{REQUEST_METHOD} !=POST RewriteCond %{QUERY_STRING} ="" RewriteCond %{REQUEST_URI} \/$ RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|w3tc_logged_out|wordpress_logged_in|wptouch_switch_toggle) [NC] RewriteCond %{HTTP_USER_AGENT} !(W3\ Total\ Cache/0\.9\.4) [NC] RewriteCond "%{DOCUMENT_ROOT}/wp-content/cache/page_enhanced/%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_PREVIEW}.html%{ENV:W3TC_ENC}" -f RewriteRule .* "/wp-content/cache/page_enhanced/%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_PREVIEW}.html%{ENV:W3TC_ENC}" [L] </IfModule>
 * 1) BEGIN W3TC Browser Cache
 * 1) END W3TC Browser Cache
 * 2) BEGIN W3TC Page Cache core
 * 1) END W3TC Page Cache core
 * 2) BEGIN WordPress
 * 3) IMPORTANT!!! DO NOT DELETE!!! - B E G I N Wordpress above or E N D WordPress - text in this file
 * 4) They are reference points for WP, BPS and other plugins to write to this htaccess file.
 * 5) IMPORTANT!!! DO NOT DELETE!!! - BPSQSE BPS QUERY STRING EXPLOITS - text
 * 6) BPS needs to find the - BPSQSE - text string in this file to validate that your security filters exist

ServerSignature Off
 * 1) TURN OFF YOUR SERVER SIGNATURE


 * 1) ADD A PHP HANDLER
 * 2) If you are using a PHP Handler add your web hosts PHP Handler below

Options -Indexes
 * 1) DO NOT SHOW DIRECTORY LISTING
 * 2) If you are getting 500 Errors when activating BPS then comment out Options -Indexes
 * 3) by adding a # sign in front of it. If there is a typo anywhere in this file you will also see 500 errors.

DirectoryIndex index.php index.html /index.php
 * 1) DIRECTORY INDEX FORCE INDEX.PHP
 * 2) Use index.php as default directory index file
 * 3) index.html will be ignored will not load.


 * 1) BRUTE FORCE LOGIN PAGE PROTECTION
 * 2) PLACEHOLDER ONLY
 * 3) See this link: http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/
 * 4) for more information before choosing to add this code to BPS Custom Code
 * 5) Protects the Login page from SpamBots & Proxies
 * 6) that use Server Protocol HTTP/1.0 or a blank User Agent


 * 1) BPS ERROR LOGGING AND TRACKING
 * 2) BPS has premade 403 Forbidden, 400 Bad Request and 404 Not Found files that are used
 * 3) to track and log 403, 400 and 404 errors that occur on your website. When a hacker attempts to
 * 4) hack your website the hackers IP address, Host name, Request Method, Referering link, the file name or
 * 5) requested resource, the user agent of the hacker and the query string used in the hack attempt are logged.
 * 6) All BPS log files are htaccess protected so that only you can view them.
 * 7) The 400.php, 403.php and 404.php files are located in /wp-content/plugins/bulletproof-security/
 * 8) The 400 and 403 Error logging files are already set up and will automatically start logging errors
 * 9) after you install BPS and have activated BulletProof Mode for your Root folder.
 * 10) If you would like to log 404 errors you will need to copy the logging code in the BPS 404.php file
 * 11) to your Theme's 404.php template file. Simple instructions are included in the BPS 404.php file.
 * 12) You can open the BPS 404.php file using the WP Plugins Editor.
 * 13) NOTE: By default WordPress automatically looks in your Theme's folder for a 404.php template file.

ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php ErrorDocument 401 default ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php ErrorDocument 404 /404.php

RedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$
 * 1) DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS
 * 2) Files and folders starting with a dot: .htaccess, .htpasswd, .errordocs, .logs

RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L]
 * 1) WP-ADMIN/INCLUDES

RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L]
 * 1) WP REWRITE LOOP START

RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC] RewriteRule ^(.*)$ - [F,L]
 * 1) REQUEST METHODS FILTERED
 * 2) This filter is for blocking junk bots and spam bots from making a HEAD request, but may also block some
 * 3) HEAD request from bots that you want to allow in certains cases. This is not a security filter and is just
 * 4) a nuisance filter. This filter will not block any important bots like the google bot. If you want to allow
 * 5) all bots to make a HEAD request then remove HEAD from the Request Method filter.
 * 6) The TRACE, DELETE, TRACK and DEBUG request methods should never be allowed against your website.


 * 1) PLUGINS/THEMES AND VARIOUS EXPLOIT FILTER SKIP RULES
 * 2) IMPORTANT!!! If you add or remove a skip rule you must change S= to the new skip number
 * 3) Example: If RewriteRule S=5 is deleted than change S=6 to S=5, S=7 to S=6, etc.

RewriteCond %{REQUEST_URI} ^/wp-content/plugins/adminer/ [NC] RewriteRule. - [S=12] RewriteCond %{REQUEST_URI} ^/wp-content/mu-plugins/custom-anti-spam/ [NC] RewriteRule. - [S=11] RewriteCond %{REQUEST_URI} ^/wp-content/plugins/peters-custom-anti-spam-image/ [NC] RewriteRule. - [S=10] RewriteCond %{REQUEST_URI} ^/wp-content/plugins/fb-status-updater/ [NC] RewriteRule. - [S=9] RewriteCond %{REQUEST_URI} ^/wp-content/plugins/stream-video-player/ [NC] RewriteRule. - [S=8] RewriteCond %{REQUEST_URI} ^/wp-content/plugins/xcloner-backup-and-restore/ [NC] RewriteRule. - [S=7] RewriteCond %{QUERY_STRING} action=logout&redirect_to=http%3A%2F%2F(.*) [NC] RewriteRule. - [S=6] RewriteCond %{QUERY_STRING} redirect_to=(.*) [NC] RewriteRule. - [S=5] RewriteCond %{QUERY_STRING} action=resetpass&key=(.*) [NC] RewriteRule. - [S=4] RewriteCond %{QUERY_STRING} action=rp&key=(.*) [NC] RewriteRule. - [S=3]
 * 1) Adminer MySQL management tool data populate
 * 1) Comment Spam Pack MU Plugin - CAPTCHA images not displaying
 * 1) Peters Custom Anti-Spam display CAPTCHA Image
 * 1) Status Updater plugin fb connect
 * 1) Stream Video Player - Adding FLV Videos Blocked
 * 1) XCloner 404 or 403 error when updating settings
 * 1) BuddyPress Logout Redirect
 * 1) redirect_to=
 * 1) Login Plugins Password Reset And Redirect 1
 * 1) Login Plugins Password Reset And Redirect 2

RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR] RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC] RewriteRule .* index.php [F,L] RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC] RewriteCond %{HTTP_REFERER} ^.*com.br.* RewriteRule. - [S=1]
 * 1) TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
 * 2) Only Allow Internal File Requests From Your Website
 * 3) To Allow Additional Websites Access to a File Use [OR] as shown below.
 * 4) RewriteCond %{HTTP_REFERER} ^.*YourWebsite.com.* [OR]
 * 5) RewriteCond %{HTTP_REFERER} ^.*AnotherWebsite.com.*

RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR] RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\s+|%20+\s+|\s+%20+|\s+%20+\s+)HTTP(:/|/) [NC,OR] RewriteCond %{THE_REQUEST} etc/passwd [NC,OR] RewriteCond %{THE_REQUEST} cgi-bin [NC,OR] RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR] RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR] RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR] RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR] RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR] RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR] RewriteCond %{QUERY_STRING} ftp\: [NC,OR] RewriteCond %{QUERY_STRING} http\: [NC,OR] RewriteCond %{QUERY_STRING} https\: [NC,OR] RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR] RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR] RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR] RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR] RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR] RewriteCond %{QUERY_STRING} (|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR] RewriteCond %{QUERY_STRING} (sp_executesql) [NC] RewriteRule ^(.*)$ - [F,L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]
 * 1) BEGIN BPSQSE BPS QUERY STRING EXPLOITS
 * 2) The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
 * 3) Good sites such as W3C use it for their W3C-LinkChecker.
 * 4) Add or remove user agents temporarily or permanently from the first User Agent filter below.
 * 5) If you want a list of bad bots / User Agents to block then scroll to the end of this file.
 * 1) END BPSQSE BPS QUERY STRING EXPLOITS
 * 1) WP REWRITE LOOP END


 * 1) DENY BROWSER ACCESS TO THESE FILES
 * 2) wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
 * 3) Replace Allow from 88.77.66.55 with your current IP address and remove the
 * 4) pound sign # from in front of the Allow from line of code below to access these
 * 5) files directly from your browser.

<FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)"> Order Allow,Deny Deny from all </FilesMatch>
 * 1) Allow from 88.77.66.55


 * 1) IMPORTANT!!! DO NOT DELETE!!! the END WordPress text below
 * 2) END WordPress


 * 1) BLOCK HOTLINKING TO IMAGES
 * 2) To Test that your Hotlinking protection is working visit http://altlab.com/htaccess_tutorial.html
 * 3) RewriteEngine On
 * 4) RewriteCond %{HTTP_REFERER} !^https?://(www\.)?add-your-domain-here\.com [NC]
 * 5) RewriteCond %{HTTP_REFERER} !^$
 * 6) RewriteRule .*\.(jpeg|jpg|gif|bmp|png)$ - [F]


 * 1) FORBID COMMENT SPAMMERS ACCESS TO YOUR wp-comments-post.php FILE
 * 2) This is a better approach to blocking Comment Spammers so that you do not
 * 3) accidentally block good traffic to your website. You can add additional
 * 4) Comment Spammer IP addresses on a case by case basis below.
 * 5) Searchable Database of known Comment Spammers http://www.stopforumspam.com/

<FilesMatch "^(wp-comments-post\.php)"> Order Allow,Deny Deny from 46.119.35. Deny from 46.119.45. Deny from 91.236.74. Deny from 93.182.147. Deny from 93.182.187. Deny from 94.27.72. Deny from 94.27.75. Deny from 94.27.76. Deny from 193.105.210. Deny from 195.43.128. Deny from 198.144.105. Deny from 199.15.234. Allow from all </FilesMatch>


 * 1) BLOCK MORE BAD BOTS RIPPERS AND OFFLINE BROWSERS
 * 2) If you would like to block more bad bots you can get a blacklist from
 * 3) http://perishablepress.com/press/2007/06/28/ultimate-htaccess-blacklist/
 * 4) You should monitor your site very closely for at least a week if you add a bad bots list
 * 5) to see if any website traffic problems or other problems occur.
 * 6) Copy and paste your bad bots user agent code list directly below.