-1

I am worried that my web may be hacked (apache + joomla 3). Most of hacks consist on placing spam on posts or sending information to other websites in other domains/IPs. I am thinking about a security protection, maybe done with .htaccess that blocks any request done from my web site to some blacklist of domains. Or the other way around, allow only to fetch content from a whitelist of domains (localhost and very few).

Any idea how this can be done? Ideally it eould require only to change the root .htaccess file and be compatible with joomla SEF.

Just to be clear, I don't want to block sites from the internet to access my web. I need to block my site from accessing content from other sites.

Tor
  • 141
  • 8
  • I've worked on a number of Joomla sites recently, I would suggest you keep your installation as up to date as possible. All sites I inherited had been compromised via extensions and spammed the database and executed malware on the server causing a huge headache – Andy Holmes Feb 26 '17 at 17:32

1 Answers1

0

you can use use the httpd.conf file (or it's equivilent on your setup) to block access from specific ips or ranges of ips...

this gives a very nice over view of the commands available to you: https://httpd.apache.org/docs/2.2/howto/access.html

for example: 

Order deny,allow
Deny from all
Allow from dev.example.com
me_
  • 681
  • 1
  • 8
  • 18
  • What about block my web site to access other websites/domains? – Tor Feb 26 '17 at 17:40
  • i think i would look into the access logs and try to match outgoing spam with the access log... then block that ip from my server – me_ Feb 26 '17 at 17:43
  • Ok thanks, once you know the ip, how do you block it so the call from my site doesnt go through? – Tor Feb 26 '17 at 17:45
  • 1
    you can't use htaccess to block outgoing requests, it is possible that they can be redirected to another site http://stackoverflow.com/questions/37249769/is-it-possible-to-block-outgoing-connections-using-htaccess-file... a stupid thought is that you might create an alias in your httpd.conf file and redirect outgoing requests to the domains you want to block to a 404 error page in the alias... never tried anything like that but there is some information out there that says it might work... https://perishablepress.com/stupid-htaccess-tricks/#sec2 – me_ Mar 01 '17 at 16:41
  • not changing my answer though... it solves the original problem and narrowed your search for information to something more specific – me_ Mar 01 '17 at 16:42