Potential threat identified in .htaccess

Popular automatic website translation tool

Potential threat identified in .htaccess

Postby Hannah » Wed Mar 01, 2017 11:30 pm

The WP plugin Anti-Malware from GOTMLS.NET identified the Gtranslate entries in our .htaccess file. It says regarding this section of code:

Code: Select all
RewriteRule ^(af|sq|am|ar|hy|az|eu|be|bn|bs|bg|ca|ceb|ny|zh-CN|zh-TW|co|hr|cs|da|nl|en|eo|et|tl|fi|fr|fy|gl|ka|de|el|gu|ht|ha|haw|iw|hi|hmn|hu|is|ig|id|ga|it|ja|jw|kn|kk|km|ko|ku|ky|lo|la|lv|lt|lb|mk|mg|ms|ml|mt|mi|mr|mn|my|ne|no|ps|fa|pl|pt|pa|ro|ru|sm|gd|sr|st|sn|sd|si|sk|sl|so|es|su|sw|sv|tg|ta|te|th|tr|uk|ur|uz|vi|cy|xh|yi|yo|zu)/(.*)$ /gtranslate/gtranslate.php?glang=$1&gurl=$2 [L,QSA]


Threat identified: "RewriteEngine on UNCONDITIONAL RewriteRule"

Have no idea what that means, but is there a way to fix it? Or is it really not a security threat, after all?

Also, we seem to have duplicate GTranslate entries in our .htaccess file. Can we delete some of this? Or is it all required? Thanks!


Code: Select all
# gtranslate config
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^(af|sq|am|ar|hy|az|eu|be|bn|bs|bg|ca|ceb|ny|zh-CN|zh-TW|co|hr|cs|da|nl|en|eo|et|tl|fi|fr|fy|gl|ka|de|el|gu|ht|ha|haw|iw|hi|hmn|hu|is|ig|id|ga|it|ja|jw|kn|kk|km|ko|ku|ky|lo|la|lv|lt|lb|mk|mg|ms|ml|mt|mi|mr|mn|my|ne|no|ps|fa|pl|pt|pa|ro|ru|sm|gd|sr|st|sn|sd|si|sk|sl|so|es|su|sw|sv|tg|ta|te|th|tr|uk|ur|uz|vi|cy|xh|yi|yo|zu)/(af|sq|am|ar|hy|az|eu|be|bn|bs|bg|ca|ceb|ny|zh-CN|zh-TW|co|hr|cs|da|nl|en|eo|et|tl|fi|fr|fy|gl|ka|de|el|gu|ht|ha|haw|iw|hi|hmn|hu|is|ig|id|ga|it|ja|jw|kn|kk|km|ko|ku|ky|lo|la|lv|lt|lb|mk|mg|ms|ml|mt|mi|mr|mn|my|ne|no|ps|fa|pl|pt|pa|ro|ru|sm|gd|sr|st|sn|sd|si|sk|sl|so|es|su|sw|sv|tg|ta|te|th|tr|uk|ur|uz|vi|cy|xh|yi|yo|zu)/(.*)$ /$1/$3 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(af|sq|am|ar|hy|az|eu|be|bn|bs|bg|ca|ceb|ny|zh-CN|zh-TW|co|hr|cs|da|nl|en|eo|et|tl|fi|fr|fy|gl|ka|de|el|gu|ht|ha|haw|iw|hi|hmn|hu|is|ig|id|ga|it|ja|jw|kn|kk|km|ko|ku|ky|lo|la|lv|lt|lb|mk|mg|ms|ml|mt|mi|mr|mn|my|ne|no|ps|fa|pl|pt|pa|ro|ru|sm|gd|sr|st|sn|sd|si|sk|sl|so|es|su|sw|sv|tg|ta|te|th|tr|uk|ur|uz|vi|cy|xh|yi|yo|zu)/(.*)$ /gtranslate/gtranslate.php?glang=$1&gurl=$2 [L,QSA]
RewriteRule ^(af|sq|am|ar|hy|az|eu|be|bn|bs|bg|ca|ceb|ny|zh-CN|zh-TW|co|hr|cs|da|nl|en|eo|et|tl|fi|fr|fy|gl|ka|de|el|gu|ht|ha|haw|iw|hi|hmn|hu|is|ig|id|ga|it|ja|jw|kn|kk|km|ko|ku|ky|lo|la|lv|lt|lb|mk|mg|ms|ml|mt|mi|mr|mn|my|ne|no|ps|fa|pl|pt|pa|ro|ru|sm|gd|sr|st|sn|sd|si|sk|sl|so|es|su|sw|sv|tg|ta|te|th|tr|uk|ur|uz|vi|cy|xh|yi|yo|zu)$ /$1/ [R=301,L]
Hannah
 
Posts: 2
Joined: Wed Mar 01, 2017 11:19 pm

Re: Potential threat identified in .htaccess

Postby Yana » Thu Mar 02, 2017 11:26 am

Hi,

It is not a security threat. There is no need to worry about that.
There is no duplicate rule. You can compare the rules here
https://gtranslate.io/docs/58-gtranslat ... umentation
Regards,

Yana Ghahramanyan - GTranslate Team

Please leave your feedback on your CMS plugin directory. It is very important for us!
Google Translate Joomla
Google Translate WordPress
Google Translate Drupal
Yana
 
Posts: 4474
Joined: Thu Jan 12, 2012 6:21 pm

Re: Potential threat identified in .htaccess

Postby Hannah » Thu Mar 02, 2017 10:30 pm

Okay, thank you!
Hannah
 
Posts: 2
Joined: Wed Mar 01, 2017 11:19 pm

Re: Potential threat identified in .htaccess

Postby Edvard » Thu Mar 02, 2017 10:35 pm

You are welcome.
Regards,

Edvard Ananyan - GTranslate Team

Please leave your feedback on your CMS plugin directory. It is very important for us!
Google Translate Joomla
Google Translate WordPress
Google Translate Drupal
Edvard
Site Admin
 
Posts: 4363
Joined: Mon Jun 28, 2010 1:54 pm
Location: Yerevan, Armenia


  • Related Topics
    Replies
    Views
    Last post

Who is online

Users browsing this forum: No registered users and 2 guests

2GLux
cron