HEX
Server: LiteSpeed
System: Linux srv158.niagahoster.com 4.18.0-553.30.1.lve.el8.x86_64 #1 SMP Tue Dec 3 01:21:19 UTC 2024 x86_64
User: u1694298 (3732)
PHP: 7.4.33
Disabled: symlink,shell_exec,exec,popen,system,dl,passthru,escapeshellarg,escapeshellcmd,show_source,pcntl_exec
$ pwd: /home/u1694298/www/staging3.christina.my.id/
Upload Files
File: /home/u1694298/www/staging3.christina.my.id/.htaccess
# BEGIN HMWP_RULES
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^([0-9a-zA-Z_-]+/)?amsangaji$ /wp-login.php [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?amsangaji/(.*) /wp-login.php$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?lostpass$ /wp-login.php?action=lostpassword [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?register$ /wp-login.php?action=register [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/7694d8ed17/(.*) /wp-content/plugins/ads-txt/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/07b95b67ca/(.*) /wp-content/plugins/all-in-one-seo-pack/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/d513e1ab01/(.*) /wp-content/plugins/antispam-bee/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/521ee6ffc9/(.*) /wp-content/plugins/wp-asset-clean-up/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/12bb1b410e/(.*) /wp-content/plugins/disable-generate-thumbnails/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/ac5341d0c4/(.*) /wp-content/plugins/disable-post-revision/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/8707efa35f/(.*) /wp-content/plugins/duplicate-page/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/9ac854dc7f/(.*) /wp-content/plugins/stops-core-theme-and-plugin-updates/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/50bbf7407b/(.*) /wp-content/plugins/gn-publisher/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/7c29c164ed/(.*) /wp-content/plugins/incoming-links/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/feaa71ed59/(.*) /wp-content/plugins/loginizer/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/f353ec6a7a/(.*) /wp-content/plugins/one-click-ssl/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/2bfb1317bb/(.*) /wp-content/plugins/redirection/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/ae0148ca2c/(.*) /wp-content/plugins/schema-and-structured-data-for-wp/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/9d434d7f46/(.*) /wp-content/plugins/secure-copy-content-protection/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/1a60a0f6ed/(.*) /wp-content/plugins/google-site-kit/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/882eb7ffb0/(.*) /wp-content/plugins/squirrly-seo/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/9cf9318dc1/(.*) /wp-content/plugins/td-composer/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/33ad507102/(.*) /wp-content/plugins/td-newsletter/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/29ab0e4e1d/(.*) /wp-content/plugins/td-social-counter/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/5f535e89d2/(.*) /wp-content/plugins/wordfence/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/041dc5d622/(.*) /wp-content/plugins/js_composer/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/32a82a95e5/(.*) /wp-content/plugins/insert-headers-and-footers/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/b593a3ee4d/(.*) /wp-content/plugins/wp-fastest-cache/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/6825163933/(.*) /wp-content/plugins/wpforms/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/d0f4711431/(.*) /wp-content/plugins/hide-my-wp/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/23c53d09b3/(.*) /wp-content/plugins/yop-poll/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/modules/(.*) /wp-content/plugins/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/views/3c096b2338/design.css$ /wp-content/themes/Newsmag/style.css [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/views/3c096b2338/(.*) /wp-content/themes/Newsmag/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/views/(.*) /wp-content/themes/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?storage/(.*) /wp-content/uploads/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?core/(.*) /wp-content/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?lib/(.*) /wp-includes/$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?comments/(.*) /wp-comments-post.php$2 [QSA,NC,L]
RewriteRule ^([0-9a-zA-Z_-]+/)?writer/(.*) /author/$2 [QSA,NC,L]
</IfModule>
# END HMWP_RULES
# BEGIN HMWP_VULNERABILITY
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !/wp-admin [NC]
RewriteCond %{QUERY_STRING} ^author=\d+ [NC]
RewriteRule ^(.*)$ - [L,R=404]
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^35.214.130.87$ [NC,OR]
RewriteCond %{REMOTE_ADDR} ^192.185.4.40$ [NC,OR]
RewriteCond %{REMOTE_ADDR} ^15.235.50.223$ [NC,OR]
RewriteCond %{REMOTE_ADDR} ^172.105.48.130$ [NC,OR]
RewriteCond %{REMOTE_ADDR} ^167.99.233.123$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (wpthemedetector|builtwith|isitwp|wappalyzer|Wappalyzer|mShots|WhatCMS|gochyu|wpdetector|scanwp) [NC]
RewriteRule ^(.*)$ - [L,R=404]
</IfModule>
<IfModule mod_headers.c>
Header always unset x-powered-by
Header always unset server
ServerSignature Off
</IfModule>
<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=15768000;includeSubdomains"
Header set Content-Security-Policy "object-src 'none'"
Header set X-XSS-Protection "1; mode=block"
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP:Cookie} !(wordpress_logged_in_|hmwp_logged_in_) [NC]
RewriteCond %{REQUEST_URI} ^/wp-content/?$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/wp-content/[^\.]+/?$ [NC,OR]
RewriteCond %{THE_REQUEST} /wp-includes/?$ [NC,OR]
RewriteCond %{THE_REQUEST} /wp-content/plugins/[^\.]+(\.htm|\.html|\.rtf|\.rtx|\.txt|\.lock) [NC,OR]
RewriteCond %{THE_REQUEST} /wp-content/themes/[^\.]+(\.htm|\.html|\.rtf|\.rtx|\.txt|\.lock)    [NC,OR]
RewriteCond %{THE_REQUEST} /wp-content/uploads/[^\.]+(\.htm|\.html|\.rtf|\.rtx|\.txt|\.lock) [NC,OR]
RewriteCond %{THE_REQUEST} /wp-includes/[^\.]+(\.htm|\.html|\.rtf|\.rtx|\.txt|\.lock) [NC,OR]
RewriteCond %{THE_REQUEST} /([_0-9a-zA-Z-]+/)?(wp-comments-post\.php|wp-config\.php|readme\.html|readme\.txt|license\.txt) [NC]
RewriteRule ^(.*)$ - [L,R=404]
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} /(wp-comments-post\.php|wp-config\.php|readme\.html|readme\.txt|license\.txt) [NC]
RewriteRule ^(.*)$ - [L,R=404]
</IfModule>
# END HMWP_VULNERABILITY

# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# Wordfence WAF
<IfModule LiteSpeed>
php_value auto_prepend_file '/home/u1694298/public_html/wordfence-waf.php'
</IfModule>
<IfModule lsapi_module>
php_value auto_prepend_file '/home/u1694298/public_html/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
	Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
	Order deny,allow
	Deny from all
</IfModule>
</Files>
# END Wordfence WAF
@ Telegram