[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <001f01c39003$1285b500$050010ac@Estila>
From: lorenzohgh at nsrg-security.com (Lorenzo Hernandez Garcia-Hierro)
Subject: Code for ban IP adresses inmediately
Hi there friends,
Since my last fixes of Geeklog i was a ittle busy recovering my system ( i
made some stupid things with Stack Defender ) and i lost some important
files...
kernel32.dll , ntoskrnl , etc xD
I was using GetDataBack for NTFS Pro ( really good product ) , anyone have
used this app ? i will write a paper about file recovering using this type
of apps.
The topic of this post,
I have desgined a new php code for ban internet addresses inmediately , can
be used for weblogs , etc .
I was telling in my last advisory the pseudo-code for ban ips inmediately
but i didn't sent any real code.
Here is it:
The code for ban addresses:
/\ cut from here /\
<?php
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$clip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
elseif (isset($_SERVER['HTTP_VIA'])) {
$clip = $_SERVER['HTTP_VIA'];
}
elseif (isset($_SERVER['REMOTE_ADDR'])) {
$clip = $_SERVER['REMOTE_ADDR'];
}
else {
$clip = "Unknown";
}
$banned = file("BANED.TXT", "r+");
$cbanned = count($banned);
function banit($clip,$banned,$cbanned){
for ($i = 0 ; $i < $cbanned ; $i++){
if ($clip==$banned[$i]){
echo '<br><br>Once upon a time there was a script kiddie touching my balls ,
he was banned from our server and the next time he was killed.<br><br>Trulux
ProCode against silly boys.';
die();
}
}
}
banit($clip,$banned,$cbanned);
?>
/\ END OF CUTE & PASTE /\
Call this file banit.php or similar , useful a name related with his
function... ;-)
Another thing is the system for write the ips to bann into BANED.TXT
just use your mind and think in things like:
[PSEUDO-CODE]
.-.-. ANTI-SQL INJECTION STUFF -.-.-.-
..-.-. ANTI XSS STUFF -.-.-.-.-.
---- LET'S USE PHP FILE M. FUNCTIONS -----
write to BANED.TXT the attacker ip.
and then go to the die routine ( end the app ).
die .-.. your die message -.-.-.
[<<<EOF]
That's it.
NOTES:
I have the code for use a mysql backend but it is not really good for users
with no mysql support.
The webmaster of www.nsrg-security.com will publish the necessary code for
do it soon.
The best regards ,
-------------------------------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which sense
0x03-> no sense in pretending!
__________________________________
PGP: Keyfingerprint
B6D7 5FCC 78B4 97C1 4010 56BC 0E5F 2AB2
ID: 0x9C38E1D7
**********************************
No Secure Root Group Security Research Team
http://www.nsrg-security.com
______________________
Powered by blists - more mailing lists