Question posted in 
Some hacker has been annoying me today by succesfully altering my database with a certain type of DOM injection, using automated scripts.
I fixed my website, but on top of that I want to redirect future hacking attempts to a website. I have tried to search for suggestions, but cannot find any good websites which will either:
- automatically report the hacking attempt to the authorities,
- or will frustrate the hacker/scripts
Simple example; I can block most of the SQL injections in .htaccess, and now my question is, which website do I send the traffic to?
RewriteCond %{QUERY_STRING} (eval() [NC,OR]
RewriteCond %{QUERY_STRING} (.*)(javascript)(.*) [NC,OR]
.... etc.
RewriteRule .* https://www.nsa.gov/? [L,R=301]
2
Answers
Don’t bother trying to redirect the request, just block it with a 403 Forbidden (or 404).
No other site will want to receive these “hacker” requests.
The “hacker” (most probably a bot) probably won’t follow the redirect anyway.
In other words, to send a 403, it’s simply…
^is more efficient than.*in this case, since.*must traverse the entire URL-path (matches everything), whereas^simply asserts the start-of-string (matches nothing, but successful for everything).Or to return a 404, change
FtoR=404.Redirect to a random local network address, e.g. http://168.192.1.200. On most devices that’ll cause it to hang for ages before timing out, without wasting your server resources, and should hopefully slow down any scripts looking for hundreds of URLs on your website.
I don’t use WordPress, and most hacker’s bots are searching for URLs based on one of the main WordPress locations, so I’ve got this in my htaccess. If these strings are found anywhere in the requested URL it’ll bounce them onto their own local network, hang, then fail…
RewriteCond %{QUERY_STRING} wp-admin [OR]
RewriteCond %{QUERY_STRING} wp-login [OR]
RewriteCond %{QUERY_STRING} wp-json [OR]
RewriteCond %{QUERY_STRING} wp-content
RewriteRule .? http://192.168.0.200 [L,R]