No announcement yet.

.htaccess - I must have something wrong

  • Filter
  • Time
  • Show
Clear All
new posts

  • .htaccess - I must have something wrong

    Hi -

    I have created my .htaccess and .htpassword files. Initially I put the .htaccess in the public html folder and found it blocked out access for normal users to the forum (but I could log in with auth and get to the forum). Then I read further... I then removed the original file and added it to the admincp, modcp, install and includes and now I can't access the admincp unless I delete the .htaccess.

    I put all of the errors in a folder under the root called errors as the tutorial suggested.

    Any suggestions?

    Also, sorry for the lame question but how do you CHMOD the PHP files?

  • #2
    can you paste your .htaccess here?
    you can chmod your files and folders by loging into ftp and right click -> properties and give the right read/write/execute permissions
    $someone->needsHelp() && $i->canHelp()) $post->help();
    $i->findBug()) $post->bug();


    • #3
      RewriteEngine on
      # Use PHP5 as default
      AddHandler application/x-httpd-php5 .php
      RewriteCond %{HTTP_HOST} ^$
      RewriteRule ^/?$ "http\:\/\/mysite\.com" [R=301,L]
      ErrorDocument 400 /errors/400.shtml
      ErrorDocument 401 /errors/401.shtml
      ErrorDocument 403 /errors/403.shtml
      ErrorDocument 404 /errors/404.shtml
      ErrorDocument 500 /errors/500.shtml
      AuthName "Restricted Area" 
      AuthType Basic 
      AuthUserFile /folder/.htpasswd 
      AuthGroupFile /dev/null 
      require valid-user
      I should clarify that when I say I can't access the admincp, I mean that I get an 'internal server error' and it also states 'additionally, a 404 error was returned'.

      I will try the chmod next login. Thanks.


      • #4
        Any ideas?


        • #5
          What exactly is it you are trying to achieve with your .htaccess file? For the most part what you pasted reads as nonsense and won't do anything other than to confuse your web server.
          Anybody who says "it can't be done" will usually be interrupted by somebody who is already doing it.


          • #6
            I am trying to limit access to the critical folders that have the potential to be hacked.

            I am following this list on making my site more secure. See item #3. I followed the link info (to the best of my non-programmer abilities) and it doesn't appear to work correctly.

            1. Always upgrade to the latest stable version.
            2. Do not install any unofficial hacks or plugins as they are not written or reviewed by our developers.
            3. Password protect your Administrator and Moderator Control Panels directories as well as the install and includes directories using .htaccess/.htpassword
            4. Make sure the tools.php (vB3) file is NOWHERE on your website.
            5. Remove the ImpEx files if you had used this import system.
            6. If you have phpMyAdmin make sure it's password protected.
            7. If you suspect a hacking attempt, ask your host to change the login password for your web account.
            8. Make sure all the Admin and Mod passwords are secure. Change them if you have any doubts. And use hard to guess passwords.
            9. NEVER allow HTML in posts, PMs or in sigs.
            10. Make absolutely sure there are no viruses, trojans or keylogger spyware on your PC. Any of these could steal your password and other personal info.
            11. Do NOT upload the directory called do_not_upload/
            12. Use a different password for each forum you sign up with. Use a different password for your forum as you do for the .htaccess directory password.
            13. Update the config.php file and set yourself as undeletable user so they can't touch your admin account.
            14. Do Not Upload when upgrading your forums.


            • #7
              Well a rewrite rule won't be activated unless "Options +followSymlinks" and "RewriteEngine on" precede any call to any RewriteRule, and from that point your RewriteRule needs to make sense. You're missing a few ( and ) and have a few too many / and \ from what my feeble mind can wrap around your attempt without knowing the structure of your file system.
              Anybody who says "it can't be done" will usually be interrupted by somebody who is already doing it.


              • #8
                I ended up using my hosts security application to create the proper htaccess file.



                Related Topics