In general, chat scripts are huge targets for malicious activity. My chat plugin, Simple Ajax Chat is no exception, and includes strong security measures to protect against attack.
Even with the strong security in place, it’s possible to take it a step further and really lock things down by “whitelisting” the files included with Simple Ajax Chat. Doing so ensures that only legit requests for existing files will be met with 200 success, while all other 404 and other bad requests are quietly blocked.
To implement the whitelist for SAC, add the following slice of .htaccess to the root .htaccess file of your website:
<FilesMatch "^(?:msg\.mp3|sac\.(?:css|php)|sac-logo\.png|simple-ajax-chat-core\.php)$"> Order Allow,Deny Allow from all </FilesMatch>
Note that this script is for SAC version 20160408 and better. For older versions, change
Also note, Apache 2.x or better is required for this to work. If in doubt, ask your host. Make sure to test thoroughly on your site before going live with this security technique.