The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Addon Domain redirects to another Addon Domain

Discussion in 'Bind / DNS / Nameserver Issues' started by THE11thROCK, Mar 9, 2017.

  1. THE11thROCK

    THE11thROCK Registered

    Joined:
    Mar 9, 2017
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Philippines
    cPanel Access Level:
    Website Owner
    I havean an issue with two Addon Domains both in different folders. Addon Domain 1 redirects to Addon Domain 2. For easy recognition:

    • Addon Domain 1 = Addon1.com
    • Addon Domain 2 = Addon2.rocks

    • The problem is Addon2.rocks redirects to Addon1.com
    • Both use Wordpress
    • Both reside in different directory under one Main Domain Account (Let's call the Main Domain = MainDomain.com)

    I read a previous thread that tackled something close to this /Addon Domain from one account redirects to a domain on another account

    The previous solution was to have this in the htaccess:
    Code:
    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP_HOST} ^(?:www\.)?(maindomain|addondomain if it is a case)\.com$ [NC]
    RewriteRule ^ https://%1.com%{REQUEST_URI} [R=302,L,NE]
    Any idea how can I fix this?

    Tried searching for an answer, but I guess the issue that I have is a bit different than with the others. Thanks for the help.

    By the wy, just to add, Addon Domain 2 ends with .rocks tld, if that helps
     
    #1 THE11thROCK, Mar 9, 2017
    Last edited by a moderator: Mar 9, 2017
  2. THE11thROCK

    THE11thROCK Registered

    Joined:
    Mar 9, 2017
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Philippines
    cPanel Access Level:
    Website Owner
    Just to add if it can help, this only happens when I go the homepage. Going to either wp-admin pages, category or post links will not redirect the Addon2.rocks to Addon1.com. It only happens in the front page.
     
  3. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    588
    Likes Received:
    88
    Trophy Points:
    153
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    1. Is there a .htaccess in a parent folder that has a redirect in there that is affecting it? Example

    /home/user/public_html/domain1.com
    /home/user/public_html/domain2.com

    and there is a .htaccess in

    /home/user/public_html/.htaccess

    If this is the scenario, rename /home/user/public_html/.htaccess to /home/user/public_html/ht and open up Incognito mode in your browser to see if the redirect still happens.

    2. Are you using seperate databases?

    3. Do you have just the default WordPress redirects setup in each domains .htaccess?
     
  4. THE11thROCK

    THE11thROCK Registered

    Joined:
    Mar 9, 2017
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Philippines
    cPanel Access Level:
    Website Owner
    Thanks for the reply.

    1. No there is no redirect in the parent folder. And yes, there is htaccess in /public_html/

    2. Yes. All have separate databases. Separate Wordpress installs. Separate folders of their own. It has one main domain in /public_html/ (named=MainDomain.com) and 6 other addon domains in independent folders. The addon domains include (addon2.rocks) and also (addon1.com).

    It seems (MainDomain.com) is not directly affecting the addon domains as the issue is only with (addon2.rocks) which redirects to (addon1.com). And to note, it only happens in the homepage or frontpage of (addon2.rocks). Addon2.rocks/post/ or Addon2.rocks/category/ or Addon2.rocks/wp-admin/ does not redirect to Addon1.com.

    Addon3.com, Addon4.com, Addon5.com, Addon6.com are all unaffected. All ends with a dotcom tld, only Addon2.rocks ends with dotrocks. On its own, Addon1.com works without problems.

    3. They have separate htaccess file for each wordpress install.

    Just to note, the addon domains reside in their own folders like Addon2.rocks is installed inside add0n2.rocks,
    Addon1.com resides in Addon1folder.com
    Addon3.com resides in Addon3custom.com
    And so on.

    For your convenience, I included the htaccess in public_html and also the Addon2.rocks addon domain folder

    For (public_html) main domain or (MainDomain.com)
    PHP:
    #   BULLETPROOF PRO 12.7 SECURE .HTACCESS       

    # CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
    <IfModule mod_headers.c>
    # Using DENY will block all iFrames including iFrames on your own website
    # Header set X-Frame-Options DENY
    # Recommended: SAMEORIGIN - iFrames from the same site are allowed - other sites are blocked
    # Block other sites from displaying your website in iFrames
    # Protects against Clickjacking
    Header always append X-Frame-Options SAMEORIGIN
    # Protects against Drive-by Download attacks
    # Protects against MIME/Content/Data sniffing
    Header set X-Content-Type-Options nosniff
    </IfModule>

    # BEGIN WEBSITE SPEED BOOST
    # Time cheat sheet in seconds
    # A86400 = 1 day
    # A172800 = 2 days
    # A2419200 = 1 month
    # A4838400 = 2 months
    # A29030400 = 1 year

    # Test which ETag setting works best on your Host/Server/Website
    # with Firefox Firebug, Firephp and Yslow benchmark tests.

    # Create the ETag (entity tag) response header field
    # This is probably not the optimum choice to use.
    #FileETag MTime Size

    # Remove the ETag (entity tag) response header field
    # This is most likely the optimum choice to use.
    Header unset ETag
    FileETag none

    <IfModule mod_expires.c>
    ExpiresActive on
    # ExpiresByType overrides the ExpiresDefault...
    # cache expiration time of 2 days|A172800.
    ExpiresDefault A172800
    ExpiresByType image
    /jpg A4838400
    ExpiresByType image
    /jpeg A4838400
    ExpiresByType image
    /gif A4838400
    ExpiresByType image
    /png A4838400
    ExpiresByType image
    /bmp A4838400
    ExpiresByType image
    /x-icon A4838400
    ExpiresByType image
    /svg+xml A4838400
    ExpiresByType text
    /javascript A4838400
    ExpiresByType text
    /x-javascript A4838400
    ExpiresByType text
    /css A4838400
    ExpiresByType text
    /html A4838400
    ExpiresByType application
    /x-font-ttf A4838400
    ExpiresByType application
    /x-font-woff A4838400
    ExpiresByType font
    /opentype A4838400
    ExpiresByType application
    /x-shockwave-flash A4838400
    ExpiresByType application
    /x-javascript A4838400
    ExpiresByType application
    /javascript A4838400
    ExpiresByType video
    /mp4 A4838400
    ExpiresByType video
    /ogg A4838400
    ExpiresByType video
    /webm A4838400
    </IfModule>

    <
    IfModule mod_headers.c>
    <
    FilesMatch "\.(js|css|flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|gif|jpg|jpeg|png|swf|webm)$">
    Header append Cache-Control "public"
    </FilesMatch>
    <
    FilesMatch "\.(txt|html)$">
    Header append Cache-Control "proxy-revalidate"
    </FilesMatch>
    <
    FilesMatch "\.(php|cgi|pl|htm|xml)$">
    Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
    Header set Pragma "no-cache"
    </FilesMatch>
    </
    IfModule>

    <
    IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css text/javascript
    AddOutputFilterByType DEFLATE application
    /javascript application/x-javascript
    AddOutputFilterByType DEFLATE application
    /x-httpd-php application/x-httpd-fastphp
    AddOutputFilterByType DEFLATE application
    /xml application/xhtml+xml application/xml-dtd
    AddOutputFilterByType DEFLATE application
    /rdf+xml application/rss+xml application/atom+xml
    AddOutputFilterByType DEFLATE font
    /otf font/opentype application/font-otf application/x-font-otf
    AddOutputFilterByType DEFLATE font
    /ttf font/truetype application/font-ttf application/x-font-ttf
    AddOutputFilterByType DEFLATE image
    /svg+xml

    # Drop problematic browsers
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch 
    ^Mozilla/4\.0[678no-gzip
    BrowserMatch 
    \bMSI[E] !no-gzip !gzip-only-text/html

    # Make sure proxies don't deliver the wrong content
    Header append Vary User-Agent env=!dont-vary
    </IfModule>
    # END WEBSITE SPEED BOOST

    # TURN OFF YOUR SERVER SIGNATURE
    # Suppresses the footer line server version number and ServerName of the serving virtual host
    ServerSignature Off

    # DO NOT SHOW DIRECTORY LISTING
    # Disallow mod_autoindex from displaying a directory listing
    # If a 500 Internal Server Error occurs when activating Root BulletProof Mode
    # copy the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code
    # and paste it into BPS Custom Code and comment out Options -Indexes
    # by adding a # sign in front of it.
    # Example: #Options -Indexes
    Options -Indexes

    # DIRECTORY INDEX FORCE INDEX.PHP
    # Use index.php as default directory index file. index.html will be ignored.
    # If a 500 Internal Server Error occurs when activating Root BulletProof Mode
    # copy the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code
    # and paste it into BPS Custom Code and comment out DirectoryIndex
    # by adding a # sign in front of it.
    # Example: #DirectoryIndex index.php index.html /index.php
    DirectoryIndex index.php index.html /index.php

    # BRUTE FORCE LOGIN PAGE PROTECTION
    # PLACEHOLDER ONLY
    # Use BPS Custom Code to add Brute Force Login protection code and to save it permanently.
    # See this link: https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/
    # for more information.

    # BPS PRO ERROR LOGGING AND TRACKING
    # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
    # BPS Pro has premade 400 Bad Request, 403 Forbidden, 404 Not Found, 405 Method Not Allowed and
    # 410 Gone template logging files that are used to track and log 400, 403, 404, 405 and 410 errors
    # that occur on your website. When a hacker attempts to hack your website the hackers IP address,
    # Host name, Request Method, Referering link, the file name or requested resource, the user agent
    # of the hacker and the query string used in the hack attempt are logged.
    # All BPS Pro log files are htaccess protected so that only you can view them.
    # The 400.php, 403.php, 404.php, 405.php and 410.php files are located in /wp-content/plugins/bulletproof-security/
    # The 400, 403, 405 and 410 Error logging files are already set up and will automatically start logging errors
    # after you install BPS Pro and have activated BulletProof Mode for your Root folder.
    # If you would like to log 404 errors you will need to copy the logging code in the BPS Pro 404.php file
    # to your Theme's 404.php template file. Simple instructions are included in the BPS Pro 404.php file.
    # You can open the BPS Pro 404.php file using the WP Plugins Editor or by using the BPS Pro File Manager.
    # NOTE: By default WordPress automatically looks in your Theme's folder for a 404.php Theme template file.

    ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php
    ErrorDocument 401 
    default
    ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php
    ErrorDocument 404 
    /404.php
    ErrorDocument 405 
    /wp-content/plugins/bulletproof-security/405.php
    ErrorDocument 410 
    /wp-content/plugins/bulletproof-security/410.php

    # DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS
    # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
    # Files and folders starting with a dot: .htaccess, .htpasswd, .errordocs, .logs
    RedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$

    # WP-ADMIN/INCLUDES
    # Use BPS Custom Code to remove this code permanently.
    RewriteEngine On
    RewriteBase 
    /
    RewriteRule ^wp-admin/includes/ - [F]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
    RewriteRule ^wp-includes/theme-compat/ - [F]

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase 
    /
    RewriteRule ^index\.php$ - [L]

    # CUSTOM CODE REQUEST METHODS FILTERED
    # REQUEST METHODS FILTERED
    # If you want to allow HEAD Requests use BPS Custom Code and copy
    # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
    # text box: CUSTOM CODE REQUEST METHODS FILTERED.
    # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F]
    #RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
    #RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]

    # PLUGINS/THEMES AND VARIOUS EXPLOIT FILTER SKIP RULES
    # To add plugin/theme skip/bypass rules use BPS Custom Code.
    # The [S] flag is used to skip following rules. Skip rule [S=12] will skip 12 following RewriteRules.
    # The skip rules MUST be in descending consecutive number order: 12, 11, 10, 9...
    # If you delete a skip rule, change the other skip rule numbers accordingly.
    # Examples: If RewriteRule [S=5] is deleted than change [S=6] to [S=5], [S=7] to [S=6], etc.
    # If you add a new skip rule above skip rule 12 it will be skip rule 13: [S=13]

    # Adminer MySQL management tool data populate
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/adminer/ [NC]
    RewriteRule . - [S=12]
    # Comment Spam Pack MU Plugin - CAPTCHA images not displaying
    RewriteCond %{REQUEST_URI} ^/wp-content/mu-plugins/custom-anti-spam/ [NC]
    RewriteRule . - [S=11]
    # Peters Custom Anti-Spam display CAPTCHA Image
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/peters-custom-anti-spam-image/ [NC]
    RewriteRule . - [S=10]
    # Status Updater plugin fb connect
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/fb-status-updater/ [NC]
    RewriteRule . - [S=9]
    # Stream Video Player - Adding FLV Videos Blocked
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/stream-video-player/ [NC]
    RewriteRule . - [S=8]
    # XCloner 404 or 403 error when updating settings
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/xcloner-backup-and-restore/ [NC]
    RewriteRule . - [S=7]
    # BuddyPress Logout Redirect
    RewriteCond %{QUERY_STRINGaction=logout&redirect_to=http%3A%2F%2F(.*) [NC]
    RewriteRule . - [S=6]
    # redirect_to=
    RewriteCond %{QUERY_STRINGredirect_to=(.*) [NC]
    RewriteRule . - [S=5]
    # Login Plugins Password Reset And Redirect 1
    RewriteCond %{QUERY_STRINGaction=resetpass&key=(.*) [NC]
    RewriteRule . - [S=4]
    # Login Plugins Password Reset And Redirect 2
    RewriteCond %{QUERY_STRINGaction=rp&key=(.*) [NC]
    RewriteRule . - [S=3]

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
    # Remote File Inclusion (RFI) security rules
    # Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F]
    #
    # Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
    RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    # Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
    RewriteCond %{HTTP_REFERER} ^.*maindomain.com.*
    RewriteRule . - [S=1]

    # BEGIN BPSQSE BPS QUERY STRING EXPLOITS
    # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
    # Good sites such as W3C use it for their W3C-LinkChecker.
    # Use BPS Custom Code to add or remove user agents temporarily or permanently from the
    # User Agent filters directly below or to modify/edit/change any of the other security code rules below.
    RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)HTTP(:/|/) [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]
    RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
    RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
    RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} http\: [NC,OR]
    RewriteCond %{QUERY_STRING} https\: [NC,OR]
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'
    |%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRINGconcat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRINGunion([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRINGunion([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F]
    # END BPSQSE BPS QUERY STRING EXPLOITS
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    # WP REWRITE LOOP END

    # DENY BROWSER ACCESS TO THESE FILES
    # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
    # wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
    # To be able to view these files from a Browser, replace 127.0.0.1 with your actual
    # current IP address. Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1
    # Note: The BPS System Info page displays which modules are loaded on your server.

    <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
    Order Allow,Deny
    Deny from all
    #Allow from 127.0.0.1
    </FilesMatch>

    # CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE
    # Jetpack XML-RPC DDoS & TRACKBACK/PINGBACK PROTECTION
    # You can whitelist your IP address if you use A Weblog Client
    # or want to whitelist an IP address for any other reasons.
    # Example: Add this line of code RewriteCond %{REMOTE_ADDR} ^(xxx\.xxx\.xxx\.xxx) [OR]
    # inbetween the first and second lines of code below. Then replace the x'
    s with the
    # actual IP address you want to whitelist.
    # Note: It is recommended that you use 3 octets x.x.x. of your IP address
    # instead of 4 octets x.x.x.x of your IP address.
    # Example: RewriteCond %{REMOTE_ADDR} ^(xxx\.xxx\.xxx\.) [OR]
    RewriteCond %{REQUEST_URI} ^.*(xmlrpc\.php|wp-trackback\.php)$
    RewriteCond %{HTTP_USER_AGENT} !^(.*Jetpack.*)$
    RewriteRule ^(.*)$ - [F]

    For Addon2.rocks htaccess
    PHP:
    #   BULLETPROOF PRO 12.7 SECURE .HTACCESS       

    # CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
    <IfModule mod_headers.c>
    # Using DENY will block all iFrames including iFrames on your own website
    # Header set X-Frame-Options DENY
    # Recommended: SAMEORIGIN - iFrames from the same site are allowed - other sites are blocked
    # Block other sites from displaying your website in iFrames
    # Protects against Clickjacking
    Header always append X-Frame-Options SAMEORIGIN
    # Protects against Drive-by Download attacks
    # Protects against MIME/Content/Data sniffing
    Header set X-Content-Type-Options nosniff
    </IfModule>

    # BEGIN WEBSITE SPEED BOOST
    # Time cheat sheet in seconds
    # A86400 = 1 day
    # A172800 = 2 days
    # A2419200 = 1 month
    # A4838400 = 2 months
    # A29030400 = 1 year

    # Test which ETag setting works best on your Host/Server/Website
    # with Firefox Firebug, Firephp and Yslow benchmark tests.

    # Create the ETag (entity tag) response header field
    # This is probably not the optimum choice to use.
    #FileETag MTime Size

    # Remove the ETag (entity tag) response header field
    # This is most likely the optimum choice to use.
    Header unset ETag
    FileETag none

    <IfModule mod_expires.c>
    ExpiresActive on
    # ExpiresByType overrides the ExpiresDefault...
    # cache expiration time of 2 days|A172800.
    ExpiresDefault A172800
    ExpiresByType image
    /jpg A4838400
    ExpiresByType image
    /jpeg A4838400
    ExpiresByType image
    /gif A4838400
    ExpiresByType image
    /png A4838400
    ExpiresByType image
    /bmp A4838400
    ExpiresByType image
    /x-icon A4838400
    ExpiresByType image
    /svg+xml A4838400
    ExpiresByType text
    /javascript A4838400
    ExpiresByType text
    /x-javascript A4838400
    ExpiresByType text
    /css A4838400
    ExpiresByType text
    /html A4838400
    ExpiresByType application
    /x-font-ttf A4838400
    ExpiresByType application
    /x-font-woff A4838400
    ExpiresByType font
    /opentype A4838400
    ExpiresByType application
    /x-shockwave-flash A4838400
    ExpiresByType application
    /x-javascript A4838400
    ExpiresByType application
    /javascript A4838400
    ExpiresByType video
    /mp4 A4838400
    ExpiresByType video
    /ogg A4838400
    ExpiresByType video
    /webm A4838400
    </IfModule>

    <
    IfModule mod_headers.c>
    <
    FilesMatch "\.(js|css|flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|gif|jpg|jpeg|png|swf|webm)$">
    Header append Cache-Control "public"
    </FilesMatch>
    <
    FilesMatch "\.(txt|html)$">
    Header append Cache-Control "proxy-revalidate"
    </FilesMatch>
    <
    FilesMatch "\.(php|cgi|pl|htm|xml)$">
    Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
    Header set Pragma "no-cache"
    </FilesMatch>
    </
    IfModule>

    <
    IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css text/javascript
    AddOutputFilterByType DEFLATE application
    /javascript application/x-javascript
    AddOutputFilterByType DEFLATE application
    /x-httpd-php application/x-httpd-fastphp
    AddOutputFilterByType DEFLATE application
    /xml application/xhtml+xml application/xml-dtd
    AddOutputFilterByType DEFLATE application
    /rdf+xml application/rss+xml application/atom+xml
    AddOutputFilterByType DEFLATE font
    /otf font/opentype application/font-otf application/x-font-otf
    AddOutputFilterByType DEFLATE font
    /ttf font/truetype application/font-ttf application/x-font-ttf
    AddOutputFilterByType DEFLATE image
    /svg+xml

    # Drop problematic browsers
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch 
    ^Mozilla/4\.0[678no-gzip
    BrowserMatch 
    \bMSI[E] !no-gzip !gzip-only-text/html

    # Make sure proxies don't deliver the wrong content
    Header append Vary User-Agent env=!dont-vary
    </IfModule>
    # END WEBSITE SPEED BOOST

    # TURN OFF YOUR SERVER SIGNATURE
    # Suppresses the footer line server version number and ServerName of the serving virtual host
    ServerSignature Off

    # DO NOT SHOW DIRECTORY LISTING
    # Disallow mod_autoindex from displaying a directory listing
    # If a 500 Internal Server Error occurs when activating Root BulletProof Mode
    # copy the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code
    # and paste it into BPS Custom Code and comment out Options -Indexes
    # by adding a # sign in front of it.
    # Example: #Options -Indexes
    Options -Indexes

    # DIRECTORY INDEX FORCE INDEX.PHP
    # Use index.php as default directory index file. index.html will be ignored.
    # If a 500 Internal Server Error occurs when activating Root BulletProof Mode
    # copy the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code
    # and paste it into BPS Custom Code and comment out DirectoryIndex
    # by adding a # sign in front of it.
    # Example: #DirectoryIndex index.php index.html /index.php
    DirectoryIndex index.php index.html /index.php

    # BRUTE FORCE LOGIN PAGE PROTECTION
    # PLACEHOLDER ONLY
    # Use BPS Custom Code to add Brute Force Login protection code and to save it permanently.
    # See this link: https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/
    # for more information.

    # BPS PRO ERROR LOGGING AND TRACKING
    # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
    # BPS Pro has premade 400 Bad Request, 403 Forbidden, 404 Not Found, 405 Method Not Allowed and
    # 410 Gone template logging files that are used to track and log 400, 403, 404, 405 and 410 errors
    # that occur on your website. When a hacker attempts to hack your website the hackers IP address,
    # Host name, Request Method, Referering link, the file name or requested resource, the user agent
    # of the hacker and the query string used in the hack attempt are logged.
    # All BPS Pro log files are htaccess protected so that only you can view them.
    # The 400.php, 403.php, 404.php, 405.php and 410.php files are located in /wp-content/plugins/bulletproof-security/
    # The 400, 403, 405 and 410 Error logging files are already set up and will automatically start logging errors
    # after you install BPS Pro and have activated BulletProof Mode for your Root folder.
    # If you would like to log 404 errors you will need to copy the logging code in the BPS Pro 404.php file
    # to your Theme's 404.php template file. Simple instructions are included in the BPS Pro 404.php file.
    # You can open the BPS Pro 404.php file using the WP Plugins Editor or by using the BPS Pro File Manager.
    # NOTE: By default WordPress automatically looks in your Theme's folder for a 404.php Theme template file.

    ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php
    ErrorDocument 401 
    default
    ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php
    ErrorDocument 404 
    /404.php
    ErrorDocument 405 
    /wp-content/plugins/bulletproof-security/405.php
    ErrorDocument 410 
    /wp-content/plugins/bulletproof-security/410.php

    # DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS
    # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
    # Files and folders starting with a dot: .htaccess, .htpasswd, .errordocs, .logs
    RedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$

    # WP-ADMIN/INCLUDES
    # Use BPS Custom Code to remove this code permanently.
    RewriteEngine On
    RewriteBase 
    /
    RewriteRule ^wp-admin/includes/ - [F]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
    RewriteRule ^wp-includes/theme-compat/ - [F]

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase 
    /
    RewriteRule ^index\.php$ - [L]

    # CUSTOM CODE REQUEST METHODS FILTERED
    # REQUEST METHODS FILTERED
    # If you want to allow HEAD Requests use BPS Custom Code and copy
    # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
    # text box: CUSTOM CODE REQUEST METHODS FILTERED.
    # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F]
    #RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
    #RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]

    # PLUGINS/THEMES AND VARIOUS EXPLOIT FILTER SKIP RULES
    # To add plugin/theme skip/bypass rules use BPS Custom Code.
    # The [S] flag is used to skip following rules. Skip rule [S=12] will skip 12 following RewriteRules.
    # The skip rules MUST be in descending consecutive number order: 12, 11, 10, 9...
    # If you delete a skip rule, change the other skip rule numbers accordingly.
    # Examples: If RewriteRule [S=5] is deleted than change [S=6] to [S=5], [S=7] to [S=6], etc.
    # If you add a new skip rule above skip rule 12 it will be skip rule 13: [S=13]

    # Adminer MySQL management tool data populate
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/adminer/ [NC]
    RewriteRule . - [S=12]
    # Comment Spam Pack MU Plugin - CAPTCHA images not displaying
    RewriteCond %{REQUEST_URI} ^/wp-content/mu-plugins/custom-anti-spam/ [NC]
    RewriteRule . - [S=11]
    # Peters Custom Anti-Spam display CAPTCHA Image
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/peters-custom-anti-spam-image/ [NC]
    RewriteRule . - [S=10]
    # Status Updater plugin fb connect
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/fb-status-updater/ [NC]
    RewriteRule . - [S=9]
    # Stream Video Player - Adding FLV Videos Blocked
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/stream-video-player/ [NC]
    RewriteRule . - [S=8]
    # XCloner 404 or 403 error when updating settings
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/xcloner-backup-and-restore/ [NC]
    RewriteRule . - [S=7]
    # BuddyPress Logout Redirect
    RewriteCond %{QUERY_STRINGaction=logout&redirect_to=http%3A%2F%2F(.*) [NC]
    RewriteRule . - [S=6]
    # redirect_to=
    RewriteCond %{QUERY_STRINGredirect_to=(.*) [NC]
    RewriteRule . - [S=5]
    # Login Plugins Password Reset And Redirect 1
    RewriteCond %{QUERY_STRINGaction=resetpass&key=(.*) [NC]
    RewriteRule . - [S=4]
    # Login Plugins Password Reset And Redirect 2
    RewriteCond %{QUERY_STRINGaction=rp&key=(.*) [NC]
    RewriteRule . - [S=3]

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
    # Remote File Inclusion (RFI) security rules
    # Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F]
    #
    # Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
    RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    # Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
    RewriteCond %{HTTP_REFERER} ^.*addon2.rocks.*
    RewriteRule . - [S=1]

    # BEGIN BPSQSE BPS QUERY STRING EXPLOITS
    # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
    # Good sites such as W3C use it for their W3C-LinkChecker.
    # Use BPS Custom Code to add or remove user agents temporarily or permanently from the
    # User Agent filters directly below or to modify/edit/change any of the other security code rules below.
    RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)HTTP(:/|/) [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]
    RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
    RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
    RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} http\: [NC,OR]
    RewriteCond %{QUERY_STRING} https\: [NC,OR]
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'
    |%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRINGconcat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRINGunion([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRINGunion([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F]
    # END BPSQSE BPS QUERY STRING EXPLOITS
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    # WP REWRITE LOOP END

    # DENY BROWSER ACCESS TO THESE FILES
    # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
    # wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
    # To be able to view these files from a Browser, replace 127.0.0.1 with your actual
    # current IP address. Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1
    # Note: The BPS System Info page displays which modules are loaded on your server.

    <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
    Order Allow,Deny
    Deny from all
    #Allow from 127.0.0.1
    </FilesMatch>

    # CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE
    # Jetpack XML-RPC DDoS & TRACKBACK/PINGBACK PROTECTION
    # You can whitelist your IP address if you use A Weblog Client
    # or want to whitelist an IP address for any other reasons.
    # Example: Add this line of code RewriteCond %{REMOTE_ADDR} ^(xxx\.xxx\.xxx\.xxx) [OR]
    # inbetween the first and second lines of code below. Then replace the x'
    s with the
    # actual IP address you want to whitelist.
    # Note: It is recommended that you use 3 octets x.x.x. of your IP address
    # instead of 4 octets x.x.x.x of your IP address.
    # Example: RewriteCond %{REMOTE_ADDR} ^(xxx\.xxx\.xxx\.) [OR]
    RewriteCond %{REQUEST_URI} ^.*(xmlrpc\.php|wp-trackback\.php)$
    RewriteCond %{HTTP_USER_AGENT} !^(.*Jetpack.*)$
    RewriteRule ^(.*)$ - [F]







    Thanks for your help

     
    #4 THE11thROCK, Mar 10, 2017
    Last edited: Mar 10, 2017
  5. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    588
    Likes Received:
    88
    Trophy Points:
    153
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    I would start by temp renaming both

    public_html/.htaccess
    and
    addon2.rocks/.htaccess

    so they are not used, just temporarily, and then test again just to rule them out completely.

    Make sure to use Incognito mode to test as the browser can potentially redirect still if something is cached in your browser.
     
    THE11thROCK and Infopro like this.
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,617
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I agree with Jcats, that's easy place to start, disable any sort of redirects you know of.
     
    THE11thROCK likes this.
  7. THE11thROCK

    THE11thROCK Registered

    Joined:
    Mar 9, 2017
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Philippines
    cPanel Access Level:
    Website Owner
    Hi, sorry for the late reply. The issue is fixed. It seemed that the browser cache was the culprit. Thanks for the tips! Cheers!
     
    Infopro likes this.
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,617
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Thanks for updating the thread with your findings. :)
     
Loading...

Share This Page