Full Disclosure mailing list archives
Code for write the IPs to ban
From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com>
Date: Sat, 11 Oct 2003 17:04:56 +0200
Here is that i promised, ;-) /\CUT FROM HERE/\ <?php if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $goalone = $_SERVER['HTTP_X_FORWARDED_FOR']."\r\n"; } elseif (isset($_SERVER['HTTP_VIA'])) { $goalone = $_SERVER['HTTP_VIA']."\r\n"; } elseif (isset($_SERVER['REMOTE_ADDR'])) { $goalone = $_SERVER['REMOTE_ADDR']."\r\n"; } else { $goalone = "Unknown"; } $banning = fopen("BANED.TXT","a+"); fwrite($banning, $goalone); fclose($banning) ?> /\<<<EOF/\ Call this script from your protection routines , i have done one ( i reomved the die line due to the inclusion of another one in the banning script ): /\ NEW PROTECTION ROUTINES /\ foreach ($HTTP_GET_VARS as $secvalue) { if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*span*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*h1*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*table*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*pre*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*em*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*input*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*td*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*option*\"?[^>]*>", $secvalue)) || (eregi(";", $secvalue)) || (eregi("'", $secvalue)) || (eregi("ยด", $secvalue)) || (eregi("`", $secvalue)) || (eregi("+", $secvalue)) || (eregi("\"", $secvalue))) { // NEW PREVENTION SYSTEM , USE THIS ONE // proactive ;-))))))))) include ("toban.php"); // My old prevention system // die (";-) whereis lammer lammer: you"); } } /\<<<EOF/\ As you see , it is needed to include two files in your scripts: One to include banip.php for block the access and another one to write blocked addresses formatted with a file readable format. ;-) ENJOY ! NOTES: i'm using this system in www.nsrg-security.com the BANED.TXT is not in the web root , but soon i will put a /BANNED dir with useful scripts for see wich boys are blocked in my server, these functions will be available: /BANNED/?0x00=show /BANNED/?0x00=meornotme /BANNED/?0x00=noban and others. Of course the only way for be again allowed to access is contacting the admin;-) soon i will add functions to the logging system for include "reasons" per users like: Blocked due to: -[RULE]-> XSS attacks attempting. Etc. I think that i must provide these things to the community , these things are important for the security in web servers. I need a python developer , jelmer ? , an asp developer , who ? , and a jsp developer for port these things. a perl developer will be useful ( reeeeaaaaallyyyyy useful ) :-) The best regards to the community and, jelmer morning_wood etc ( people of the fantastic Full-Disclosure list ) ------------------------------- 0x00->Lorenzo Hernandez Garcia-Hierro 0x01->/* not csh but sh */ 0x02->$ PATH=pretending!/usr/ucb/which sense 0x03-> no sense in pretending! __________________________________ PGP: Keyfingerprint B6D7 5FCC 78B4 97C1 4010 56BC 0E5F 2AB2 ID: 0x9C38E1D7 ********************************** No Secure Root Group Security Research Team http://www.nsrg-security.com ______________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Code for write the IPs to ban Lorenzo Hernandez Garcia-Hierro (Oct 11)
- Message not available
- Re: Code for write the IPs to ban Lorenzo Hernandez Garcia-Hierro (Oct 11)
- Message not available