I have been running with some problems with some sites that have been given to me recently, they are consuming A LOT of bandwidth, they are hosted on a shared server, they have been DDoS attacked, but I never have had this issue before, I have been reading but it seems that there's not much I can do (correct me if I'm wrong) since I don't have access to the terminal in that shared server, so it appears the .htaccess file is as follows:
Options -Indexes
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
RewriteCond %{REQUEST_URI} !(\.css|\.svg|\.mp4|\.woff|\.woff2|\.ttf|\.eot|\.js|\.png|\.jpg|\.gif|robots\.txt)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/public/
RewriteRule ^(css|js|images|favicon|fonts|videos|storage)/(.*)$ public/$1/$2 [L,NC]
</IfModule>
<Files .env>
order allow,deny
Deny from all
</Files>
Is the
.htacessfile alright in order to prevent hackers to write or do tricky stuff inside the root folder or in all the site in general?What can I do to prevent these DDoS attacks?, also, there seems to be the possiblity to write inside the
robots.txtfile the files or folders that I would like to ignore in order to stop google from showing MASSIVE amount of results, but, how will I know the name of the files/folders the hackers are making?I'm using Laravel framework and it seems that the vulnerability is in the root folder and in phpunit vendor's folder.