How to make secure Website to being Hacked(Blocked Scanner)

Jul 24, 2016 | 9:30 am

Published by | Chandan Singh

As you may all know there are many Web Vulnerability Scanning devices and software available on internet which can scan any website for vulnerabilities? It is just a fashion nowadays to scan an internet site from a Web Susceptibility Scanner and if received or acquired any vulnerability then record or survey vulnerabilities to the manager, officer or supervisor for bug-bounty. Well i am not saying that this is wrong but its not necessary that these kids will not harm your website. The fact is they can shell/hack/deface your website or go harm for their profit.

Now all the scanners get their own methods to scan require scanners send request to your site with different user-agents. Intended for Example:

  • Acunetix
  • Nikto
  • Nessus
  • Openwas

These are uses their own user-agent string having their own name. Therefore what we can do..??

Yes we can refuse these well-known scanning devices user-agent string for our directories i. e. if these user-agent strings will be in request then their request will be rejected by our machine.

You simply need to add the below code in your .htaccess file in your web directory i.e. public_html generally for LINUX.

RewriteEngine On
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_USER_AGENT} ^w3af.sourceforge.net [NC,OR]
RewriteCond %{HTTP_USER_AGENT} dirbuster [NC,OR]
RewriteCond %{HTTP_USER_AGENT} nikto [NC,OR]
RewriteCond %{HTTP_USER_AGENT} SF [OR]
RewriteCond %{HTTP_USER_AGENT} sqlmap [NC,OR]
RewriteCond %{HTTP_USER_AGENT} fimap [NC,OR]
RewriteCond %{HTTP_USER_AGENT} nessus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} whatweb [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Openvas [NC,OR]
RewriteCond %{HTTP_USER_AGENT} jbrofuzz [NC,OR]
RewriteCond %{HTTP_USER_AGENT} libwhisker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} webshag [NC,OR]
RewriteCond %{HTTP:Acunetix-Product} ^WVS
RewriteRule ^.* http://127.0.0.1/ [R=301,L]
</IfModule>

Best suited now your website is secure from these scanning devices or vulnerabilities readers, and its reduced to chance your website to find vulnerabilities

Note: This kind of will only reduce harm opportunity on your website its not the completely secure method as an smart attacker can create there custom user-agent thread.