Full Disclosure mailing list archives
Code for ban IP adresses inmediately
From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com>
Date: Sat, 11 Oct 2003 16:19:10 +0200
Hi there friends, Since my last fixes of Geeklog i was a ittle busy recovering my system ( i made some stupid things with Stack Defender ) and i lost some important files... kernel32.dll , ntoskrnl , etc xD I was using GetDataBack for NTFS Pro ( really good product ) , anyone have used this app ? i will write a paper about file recovering using this type of apps. The topic of this post, I have desgined a new php code for ban internet addresses inmediately , can be used for weblogs , etc . I was telling in my last advisory the pseudo-code for ban ips inmediately but i didn't sent any real code. Here is it: The code for ban addresses: /\ cut from here /\ <?php if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $clip = $_SERVER['HTTP_X_FORWARDED_FOR']; } elseif (isset($_SERVER['HTTP_VIA'])) { $clip = $_SERVER['HTTP_VIA']; } elseif (isset($_SERVER['REMOTE_ADDR'])) { $clip = $_SERVER['REMOTE_ADDR']; } else { $clip = "Unknown"; } $banned = file("BANED.TXT", "r+"); $cbanned = count($banned); function banit($clip,$banned,$cbanned){ for ($i = 0 ; $i < $cbanned ; $i++){ if ($clip==$banned[$i]){ echo '<br><br>Once upon a time there was a script kiddie touching my balls , he was banned from our server and the next time he was killed.<br><br>Trulux ProCode against silly boys.'; die(); } } } banit($clip,$banned,$cbanned); ?> /\ END OF CUTE & PASTE /\ Call this file banit.php or similar , useful a name related with his function... ;-) Another thing is the system for write the ips to bann into BANED.TXT just use your mind and think in things like: [PSEUDO-CODE] .-.-. ANTI-SQL INJECTION STUFF -.-.-.- ..-.-. ANTI XSS STUFF -.-.-.-.-. ---- LET'S USE PHP FILE M. FUNCTIONS ----- write to BANED.TXT the attacker ip. and then go to the die routine ( end the app ). die .-.. your die message -.-.-. [<<<EOF] That's it. NOTES: I have the code for use a mysql backend but it is not really good for users with no mysql support. The webmaster of www.nsrg-security.com will publish the necessary code for do it soon. The best regards , ------------------------------- 0x00->Lorenzo Hernandez Garcia-Hierro 0x01->/* not csh but sh */ 0x02->$ PATH=pretending!/usr/ucb/which sense 0x03-> no sense in pretending! __________________________________ PGP: Keyfingerprint B6D7 5FCC 78B4 97C1 4010 56BC 0E5F 2AB2 ID: 0x9C38E1D7 ********************************** No Secure Root Group Security Research Team http://www.nsrg-security.com ______________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Code for ban IP adresses inmediately Lorenzo Hernandez Garcia-Hierro (Oct 11)
- Re: Code for ban IP adresses inmediately Valdis . Kletnieks (Oct 11)