lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: lorenzohgh at nsrg-security.com (Lorenzo Hernandez Garcia-Hierro)
Subject: Code for ban IP adresses inmediately

Hi there friends,
Since my last fixes of Geeklog i was a ittle busy recovering my system ( i
made some stupid things with Stack Defender ) and i lost some important
files...
kernel32.dll , ntoskrnl , etc xD
I was using GetDataBack for NTFS Pro ( really good product ) , anyone have
used this app ? i will write a paper about file recovering using this type
of apps.
The topic of this post,
I have desgined a new php code for ban internet addresses inmediately , can
be used for weblogs , etc .
I was telling in my last advisory the pseudo-code for ban ips inmediately
but i didn't  sent any real code.
Here is it:

The code for ban addresses:
/\ cut from here /\
<?php
  if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $clip = $_SERVER['HTTP_X_FORWARDED_FOR'];
  }
  elseif (isset($_SERVER['HTTP_VIA'])) {
    $clip = $_SERVER['HTTP_VIA'];
  }
  elseif (isset($_SERVER['REMOTE_ADDR'])) {
    $clip = $_SERVER['REMOTE_ADDR'];
  }
  else {
    $clip = "Unknown";
  }

$banned = file("BANED.TXT", "r+");
$cbanned = count($banned);
function banit($clip,$banned,$cbanned){
for ($i = 0 ; $i < $cbanned ; $i++){
if ($clip==$banned[$i]){
echo '<br><br>Once upon a time there was a script kiddie touching my balls ,
he was banned from our server and the next time he was killed.<br><br>Trulux
ProCode against silly boys.';
die();
 }
 }
}
banit($clip,$banned,$cbanned);
?>
/\ END OF CUTE & PASTE /\

Call this file banit.php or similar , useful a name related with his
function... ;-)
Another thing is the system for write the ips to bann into BANED.TXT
just use your mind and think in things like:
[PSEUDO-CODE]
.-.-. ANTI-SQL INJECTION STUFF -.-.-.-
..-.-. ANTI XSS STUFF -.-.-.-.-.
---- LET'S USE PHP FILE M. FUNCTIONS -----
write to BANED.TXT the attacker ip.
and then go to the die routine ( end the app ).
die .-.. your die message -.-.-.
[<<<EOF]
That's it.
NOTES:
I have the code for use a mysql backend but it is not really good for users
with no mysql support.
The webmaster of www.nsrg-security.com  will publish the necessary code for
do it soon.

The best regards ,
-------------------------------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which sense
0x03-> no sense in pretending!

__________________________________
PGP: Keyfingerprint
B6D7 5FCC 78B4 97C1  4010 56BC 0E5F 2AB2
ID: 0x9C38E1D7
**********************************
No Secure Root Group Security Research Team
http://www.nsrg-security.com
______________________

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ