HEX
Server: Apache
System: Linux server1.panigaletech.com 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64
User: ubuntu (1000)
PHP: 7.4.30
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /var/www/concertium.com/
Upload Files
File: /var/www/concertium.com/htaccess_bkp_11dec21
# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# HTTP OPTIONS Method Enabled
# Uncommon HTTP Method Enabled
RewriteCond %{THE_REQUEST} !^(POST|GET)\ /.*\ HTTP/1\.1$
RewriteRule .* - [F]
# HTTP OPTIONS Method Enabled end
# Uncommon HTTP Method Enabled end
# xss attack prevention
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# xss attack prevention end
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# restricting access to wp-include and wp-admin folder
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
RedirectMatch 403 /(error_log|fantastico_fileslist|fantversion|install|license|readme|wp-config|wp-config-sample)\.
RedirectMatch Permanent wp-admin/install(-helper)?\.php /
# restricting access to wp-include and wp-admin folder end
</IfModule>

# END WordPress
#Options All -Indexes
#<files readme.html>
#         order allow,deny
#         deny from all
#</files>


# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
	Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
	Order deny,allow
	Deny from all
</IfModule>
</Files>

# END Wordfence WAF
<FilesMatch "\.(?i:pdf)$">
   ForceType application/octet-stream
   Header set Content-Disposition attachment
</FilesMatch>
<IfModule mod_deflate.c>
  # Compress HTML, CSS, JavaScript, Text, XML and fonts
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
  AddOutputFilterByType DEFLATE application/x-font
  AddOutputFilterByType DEFLATE application/x-font-opentype
  AddOutputFilterByType DEFLATE application/x-font-otf
  AddOutputFilterByType DEFLATE application/x-font-truetype
  AddOutputFilterByType DEFLATE application/x-font-ttf
  AddOutputFilterByType DEFLATE application/x-javascript
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE font/opentype
  AddOutputFilterByType DEFLATE font/otf
  AddOutputFilterByType DEFLATE font/ttf
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE image/x-icon
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/javascript
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/xml

  # Remove browser bugs (only needed for really old browsers)
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4\.0[678] no-gzip
  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
  Header append Vary User-Agent
</IfModule>
# X-Frame-Options, Cookie, Content-Type-Options, Access-Control, Cache-Control
<IfModule mod_headers.c>
	Header set X-Frame-Options "SAMEORIGIN"
	Header always edit Set-Cookie (.*) "$1; path=/; HTTPOnly; Secure"
	Header always edit Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; secure"
	Header edit Set-Cookie ^(.*);\s?;\s?(.*)$ "$1; $2"
	Header add X-XSS-Protection "1; mode=block"
	Header set X-Frame-Options: deny
	Header set X-Content-Type-Options nosniff
	Header set X-Permitted-Cross-Domain-Policies: none
	Header unset X-Powered-By
	Header add Access-Control-Allow-Methods: "POST, GET, OPTIONS, DELETE"
	Header always set Access-Control-Allow-Credentials "true"
	Header always set Access-Control-Max-Age "1000"
	Header always set Cache-Control "no-cache,no-store,max-age=0,must-revalidate"
	Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token, remember-me"
	Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>
# X-Frame-Options, Cookie, Content-Type-Options, Access-Control, Cache-Control end

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php72” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php72 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
@ Telegram