04.04.2010, 00:04
|
|
Познающий
Регистрация: 14.03.2009
Сообщений: 86
Провел на форуме:
385811
Репутация:
12
|
|
Может пригодиться кому-нибудь использованный мной контрацептив моих проектов:
PHP код:
<?php
$server = "localhost";
$database = "databasename";
$dbuser = "root";
$dbpass = "";
$email = "";
$con = mysql_connect($server, $dbuser, $dbpass);
mysql_select_db($database, $con);
// создание таблицы
$tableSchema = array();
$tableSchema[] = "CREATE DATABASE IF NOT EXISTS " . $database . "";
$tableSchema[] = "CREATE TABLE IF NOT EXISTS " . $database . ".`logger_logs` (
`name` INT( 10 ) NOT NULL ,
`attack_type` VARCHAR( 200 ) NOT NULL ,
`page` VARCHAR( 200 ) NOT NULL,
`date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
) ENGINE = MYISAM";
foreach($tableSchema as $table) {
mysql_query($table);
}
// КОНЕЦ создание таблицы (после выполнения запроса, желательно удалить этот блок кода)
$username = $_SERVER['REMOTE_ADDR'];
$action[0] = "";
$no = 0;
$full_attack_type = "";
foreach($_REQUEST as $var => $value) {
$action[$no] = $value;
$no = $no + 1;
} // $_REQUEST checks for post, get cookie & file
for($i = 0; $i < $no; $i++) {
$attacktype = "";
// first check for XSS (BASIC checks... easily evaded) doesn't need to be fullproof only for logger, site is vulnerable anyway!
if (preg_match('/((\%3C)|<)((\%2F)|\/)*[a-z0-9\%]+((\%3E)|>)/ix ', $action[$i])) {
$attacktype = "Cross site scripting";
} elseif (preg_match('/((\%3C)|<)((\%69)|i|(\%49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/i ', $action[$i])) {
$attacktype = "Cross site scripting";
} elseif (preg_match('/src=.*?|alert|script|javascript\:|\.js|charset\=|w indow\.|document\.|\.cookie|<script|<xss|base64/i ', $action[$i])) {
$attacktype = "Cross site scripting";
} elseif (preg_match('/((\%3C)|<)[^\n]+((\%3E)|>)/i ', $action[$i])) {
$attacktype = "Cross site scripting";
}
// check for crlf/http response splitting
if (preg_match('/%0a|%0d|\\\r|\\\n|\n|\r/i', $action[$i])) {
$attacktype = "CRLF injection";
}
// check for sql injection
if (preg_match('/(\%27)|(\')|(\-\-)|(\%23)|(\#)/ix', $action[$i])) {
$attacktype = "SQL injection";
} elseif (preg_match('/((\%3D)|(=))[^\n]*((\%27)|(\')|(\-\-)|\*|(\%3B)|(;))/i ', $action[$i])) {
$attacktype = "SQL injection";
} elseif (preg_match('/\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix ', $action[$i])) {
$attacktype = "SQL injection";
} elseif (preg_match('/(()|(\%27)|(\'))union|select|insert|update|delete|drop/ix', $action[$i])) {
$attacktype = "SQL injection";
} elseif (preg_match('/exec(\s|\+)+(s|x)p\w+/ix ', $action[$i])) {
$attacktype = "SQL injection";
}
// check for remote file inclusion
if (preg_match('(http|https|ftp|www)', $action[$i])) {
$attacktype = "Remote file inclusion";
}
// check for local file inclusion
if (preg_match('/\.\./', $action[$i])) {
$attacktype = "Local file inclusion";
}
// check for null byte attack
$non_null = str_replace("\\0", 'NULL byte detected', $action[$i]);
if (preg_match('/NULL byte detected/', $non_null)) {
$attacktype = "Poison null byte";
$non_null = "";
}
// check for email injection
if (preg_match('/cc:|Content-Type:|to:/ix', $action[$i])) {
$attacktype = "Email header injection";
}
// check for server side includes
if (preg_match('/<!--#.*?--\s*>/i', $action[$i])) {
$attacktype = "Server side include";
}
// check for buffer overflow
if (strlen($action[$i]) > 255) {
$attacktype = "Buffer overflow (>255 chars)";
}
if ($attacktype <> "") {
if ($full_attack_type == "") {
$full_attack_type = $attacktype;
} else {
$full_attack_type = $full_attack_type . "<br />" . $attacktype;
}
}
}
setcookie("flood", $full_attack_type, time() + 180);
if ($full_attack_type <> "") {
if ($_COOKIE["flood"] != $full_attack_type) {
$attacked_page = substr($_SERVER["SCRIPT_NAME"], strrpos($_SERVER["SCRIPT_NAME"], "/") + 1);
mysql_query("INSERT INTO logger_logs ( name, attack_type, page, date) VALUES (INET_ATON('$username'), '$full_attack_type', '$attacked_page', NOW())");
mysql_close($con);
if ($email <> "") {
mail($email, "hack attempt", $username . " tried " . $full_attack_type . " on " . $attacked_page);
}
} else {
die('<html><head><title>Achtung! Hacking attempt: ' . $full_attack_type . '</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"></head><body><script language="JavaScript" type="text/javascript" src="http://www.anekdot.ru/rss/random.html"></script></body></html>');
}
die("Achtung! Hacking attempt: " . $full_attack_type); //<-- debug
}
?>
Последний раз редактировалось draliokero; 16.06.2010 в 16:55..
|
|
|