B
Bagi Zoltán
Guest
I would like to declare that this is not a genuine post, so i already posted it on an other forum as well, but now i know that i should have post it here firstly.
This script arsenal will help to fight against hacker, won't make your script more secure so if it is open for a certain attack this won't solve the programing bug, but will make the entrance more difficoult.
Let's see what are the functions:
This is the core code called security.php
As you may recognise the script uses txt files which stores the banned user agents / IPs and typical string particulars which might be used during the sql injection attack.
Very important part of the solution is the index.php file with the following code
My favourite part of the whole thing is the message.php which stores my greetings to the attackers, very nice one so nothing rough.
Attaching you may find the whole archived folder (with Hungarian comments in the files). In order to implement the trap all you need to do is to upload the files into an optional folder let's name it core for instance and place this code to the very front of the files you would like to protect.
PHP Code:
And one more thing. Don't forget to restict the crawl of the optional core folder where the files are stored in the robots.txt file, this may catch some extra bad guy.
I warrant nothing but this works very well at my site. I regularly check the requested-string.txt to see if somebody had been banned accidentally. But i regularly smile on the catchings.
Thanks
ps. today i realized that at my Hungarian blog some very strange URLs has been restricted for instance /Databases/vicndatadata.mdb or /Reg/User_Reg.asp. I though that is something that i don't need it and since i know that WP is written in php and i use permalinks i completed my sql-injection.txt file with this two lines:
restricting the access of these certain file extensions, and my security logs become very busy since then:good:
I'm going to ask Cyrus to help me extend the protection covering leeching and xss attacks as well, but don't tell him, he knows nothing about my purpose:yahoo:
This script arsenal will help to fight against hacker, won't make your script more secure so if it is open for a certain attack this won't solve the programing bug, but will make the entrance more difficoult.
Let's see what are the functions:
- validate the Googlebot, the msnbot and the Yahoo! Slurp so when someone proxify the the site it won't cause content duplication,
- make possible to ban certain user agents, IPs as well,
- inspect the requested URL string so when someone would like to manipulate the mysql database via injection method the trap will reward it with a very elegant IP ban (this function must be modify in accordance of the website and the needs) ,
This is the core code called security.php
PHP:
<?php
$ua = $_SERVER['HTTP_USER_AGENT'];
$webadress = $_SERVER['REQUEST_URI'];
$ip = $_SERVER['REMOTE_ADDR'];
$target = file(dirname(__FILE__)."/ip-logfile.txt");
$sqltarget = file(dirname(__FILE__)."/sql-injection.txt");
$ualist = file(dirname(__FILE__)."/banned-ua.txt");
$loc = dirname(__FILE__);
//if the visitor said to be a robot
if(strstr($ua, 'msnbot') || stristr($ua, 'Googlebot') || stristr($ua, 'Yahoo! Slurp')){
//we must validate it
require "$loc/security-proxy-checker.php";
}
else{
//visitors with banned user agents are not allowed to access
foreach($ualist as $item){
$item = trim($item);
if(stristr($ua, $item)){
require "$loc/message.php";
exit;}}
//visitors with banned IPs are not allowed to access
foreach($target as $item){
$item = trim($item);
if(stristr($ip, $item)){
require "$loc/message.php";
exit;
}}
//let's inspect the requested URL string
foreach($sqltarget as $sqlitem){
$sqlitem = trim($sqlitem);
if(stristr($webadress, $sqlitem)){
require "$loc/index.php";
exit;}}}
?>
As you may recognise the script uses txt files which stores the banned user agents / IPs and typical string particulars which might be used during the sql injection attack.
Very important part of the solution is the index.php file with the following code
PHP:
<?php
$ip = $_SERVER["REMOTE_ADDR"];
$webadress = $_SERVER['REQUEST_URI'];
$loc = dirname(__FILE__);
$logfile = "$loc/ip-logfile.txt";
$urllogfile = "$loc/requested-string.txt";
$time = date("F j, Y, g:i a");
require "$loc/message.php";
//Let's start the statistic module
//store the IP as first step
$fp = fopen($logfile, 'a');
fputs($fp, "$ip
");
fclose($fp);
$fpstring = fopen($urllogfile, 'a');
//Put the string and some very importent parameter into a control logfile so if somebody was banned without any reason we will have the chance to fix that
fputs($fpstring, "$ip requested this string $webadress this time $time
");
fclose($fpstring);
exit;
?>
My favourite part of the whole thing is the message.php which stores my greetings to the attackers, very nice one so nothing rough.
Attaching you may find the whole archived folder (with Hungarian comments in the files). In order to implement the trap all you need to do is to upload the files into an optional folder let's name it core for instance and place this code to the very front of the files you would like to protect.
PHP Code:
PHP:
<?php require "/thisisthepathof/core/security.php"; ?>
And one more thing. Don't forget to restict the crawl of the optional core folder where the files are stored in the robots.txt file, this may catch some extra bad guy.
I warrant nothing but this works very well at my site. I regularly check the requested-string.txt to see if somebody had been banned accidentally. But i regularly smile on the catchings.
Thanks
ps. today i realized that at my Hungarian blog some very strange URLs has been restricted for instance /Databases/vicndatadata.mdb or /Reg/User_Reg.asp. I though that is something that i don't need it and since i know that WP is written in php and i use permalinks i completed my sql-injection.txt file with this two lines:
.asp
.mdb
restricting the access of these certain file extensions, and my security logs become very busy since then:good:
I'm going to ask Cyrus to help me extend the protection covering leeching and xss attacks as well, but don't tell him, he knows nothing about my purpose:yahoo: