B
Bagi Zoltán
Guest
Today I have already released a security solution at iwt, but now i will post one for here as well. You need to know that it was developped in the last ten minutes, but very effective. The basic would be the same as it was posted at iwt with less modification.
The sql injection is very popular hacking method but there is one common thing in these type of attacks. According to this resource, the URL contains a string which cause a bad manipulation of the sql database, for instance the 'UNION SELECT', 'DROP TABLE', 'TRUNCATE TABLE' sql commands as the part of the requested url. For instance my directory was hacked requesting this string
Since we know that the requested url will contain a certain string defending against this is quite easy, and funny.
1. Create a php file i would call this validator.php with the following content.
The first part of the code will check if a certain browser is on our blacklist, and the second one will show him something special, can be found in the message.php file. At my site i use something very offensive text, but i don't want to influence you.
2. Create our logfile the blacklist which is called in my example bannolnilog.txt (to ban in Hungarian) chmod 644. Upload it to the root folder as you did it with the validator.php file.
3. We have the validator and the logfile so we need to create the message.php
I use this censored content as message
This will take the IP adress of the attacker and put it into our log file, so using the same IP all we get is the 403 error.
4 We already have everything, the message the logfile and the validator, all we need to do is to place the invitation of the validator file to the very front of your script.
Now you may say good bye to those script kiddies.
The sql injection is very popular hacking method but there is one common thing in these type of attacks. According to this resource, the URL contains a string which cause a bad manipulation of the sql database, for instance the 'UNION SELECT', 'DROP TABLE', 'TRUNCATE TABLE' sql commands as the part of the requested url. For instance my directory was hacked requesting this string
show_cat.php?cat_id=-1 union ALL SELECT login,password FROM dir_login /*
Since we know that the requested url will contain a certain string defending against this is quite easy, and funny.
1. Create a php file i would call this validator.php with the following content.
PHP:
<?php
$url = $_SERVER['REQUEST_URI'];
$ip = $_SERVER["REMOTE_ADDR"];
$target = file(dirname(__FILE__). "/bannolnilog.txt");
foreach($target as $item){
$item = trim($item);
if(stristr($ip, $item)){
header("HTTP/1.0 403 Forbidden");
exit;
}
}
if(stristr($url, 'union') || stristr($url, 'drop') || stristr($url, 'truncate')){
include "message.php";
exit;
}
?>
2. Create our logfile the blacklist which is called in my example bannolnilog.txt (to ban in Hungarian) chmod 644. Upload it to the root folder as you did it with the validator.php file.
3. We have the validator and the logfile so we need to create the message.php
I use this censored content as message
PHP:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta robots content="noindex, nofollow"/>
<title>F.... ..u!</title>
<style type="text/css">
<!--
.style1 {font-size: 24px}
-->
</style>
</head>
<body>
<br/><br/><br/><br/><br/><br/>
<p align="center" class="style1">Please be so kind and do me a favour</p>
<p align="center" class="style1"> F... ..U!! Poor b....d </p>
<p align="center" class="style1"> Your visit is now over </p>
<?php
$ip = $_SERVER["REMOTE_ADDR"];
$logfile = 'bannolnilog.txt';
$fp = fopen($logfile, 'a');
fputs($fp, "$ip
");
fputs($fp, " ");
fclose($fp);
?>
</body>
</html>
This will take the IP adress of the attacker and put it into our log file, so using the same IP all we get is the 403 error.
4 We already have everything, the message the logfile and the validator, all we need to do is to place the invitation of the validator file to the very front of your script.
PHP:
<?php require "/you/need/to/insert/the/path/here/validator.php";?>
Now you may say good bye to those script kiddies.
Last edited: