X7ROOT File Manager
Current Path:
/home/u126090504/domains/ocaacademy.online/public_html
home
/
u126090504
/
domains
/
ocaacademy.online
/
public_html
/
📁
..
📄
.htaccess
(2.31 KB)
📄
ADCA-profile.php
(13.15 KB)
📄
Advance-Tally-profile.php
(13.55 KB)
📄
BCO-profile.php
(12.75 KB)
📄
COA-profile.php
(12.7 KB)
📄
DCP-profile.php
(12.69 KB)
📄
General-Tally-profile.php
(12.79 KB)
📄
about-us.php
(22.99 KB)
📁
admin
📄
cleanup_README.txt
(1.25 KB)
📄
contact-us.php
(6.75 KB)
📄
contactdb.php
(796 B)
📄
courses.php
(34.73 KB)
📁
css
📄
dca-profile.php
(12.87 KB)
📄
director's-message.php
(38.29 KB)
📄
facilities.php
(13.15 KB)
📄
footer.php
(3.57 KB)
📄
gallery.php
(5.38 KB)
📄
header.php
(15.71 KB)
📁
images
📄
index.php
(76.6 KB)
📁
js
📄
oca-smblpur.zip
(107.6 MB)
📄
oca_sambalpur.sql
(5.49 KB)
📄
pgdca-profile.php
(13.01 KB)
📁
revolution
📄
secure_upload.php
(2.87 KB)
📄
showpath.php
(107 B)
📄
students-testimonials.php
(4.29 KB)
Editing: .htaccess
# ---------- Basic hardening (root) ---------- Options -Indexes DirectoryIndex index.php index.html # Protect hidden and sensitive files <FilesMatch "^\.(ht|env|git|svn|DS_Store)"> Require all denied </FilesMatch> <FilesMatch "(wp-config\.php|composer\.json|composer\.lock|\.env|config\.php|phpinfo\.php|readme\.(html|txt))$"> Require all denied </FilesMatch> <Files ".htaccess"> Require all denied </Files> # Limit allowed HTTP methods <LimitExcept GET POST HEAD OPTIONS> Require all denied </LimitExcept> # Block obvious SQLi/XSS patterns in query string and suspicious URIs <IfModule mod_rewrite.c> RewriteEngine On # Block dangerous query strings (tweak as needed) RewriteCond %{QUERY_STRING} (union|select|insert|cast\(|benchmark\(|base64_encode|document\.cookie|<script|eval\(|shell_exec|passthru) [NC] RewriteRule .* - [F,L] # Block double-encoded attack sequences and directory traversal attempts RewriteCond %{REQUEST_URI} (%3C|%3E|%3Cscript%3E|%3Ciframe%3E) [NC,OR] RewriteCond %{REQUEST_URI} (\.\./|\%2e\%2e) [NC] RewriteRule .* - [F,L] # Deny requests for files with multiple extensions (e.g. file.php.txt or .txt.php) RewriteCond %{REQUEST_URI} \.[^/]+\.(php|phtml|phar|pl|py|jsp|asp|aspx|sh|cgi)$ [NC] RewriteRule .* - [F,L] # Block direct access to common shell filenames (add more names as discovered) RewriteRule (^|/)(shell|upload_shell|cmd|wso|c99|r57)\.(php|phtml|phar)$ - [F,NC,L] </IfModule> # Security headers <IfModule mod_headers.c> Header set X-Content-Type-Options "nosniff" Header always set X-Frame-Options "SAMEORIGIN" Header set Referrer-Policy "no-referrer-when-downgrade" # CSP: adapt to your site scripts/styles. Remove 'unsafe-inline' if you can. Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none';" Header set X-XSS-Protection "1; mode=block" Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS </IfModule> # Disable content sniffing in some proxies <IfModule mod_mime.c> AddType application/octet-stream .phar </IfModule> # Deny direct access to certain script and archive extensions <FilesMatch "\.(inc|bak|old|sql|log|sh|swp|dist|env|ini)$"> Require all denied </FilesMatch>
Upload File
Create Folder