lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <003001c39009$49bbb690$050010ac@Estila>
From: lorenzohgh at nsrg-security.com (Lorenzo Hernandez Garcia-Hierro)
Subject: Code for write the IPs to ban

Here is that i promised, ;-)

/\CUT FROM HERE/\

<?php
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $goalone = $_SERVER['HTTP_X_FORWARDED_FOR']."\r\n";
  }
  elseif (isset($_SERVER['HTTP_VIA'])) {
    $goalone = $_SERVER['HTTP_VIA']."\r\n";
  }
  elseif (isset($_SERVER['REMOTE_ADDR'])) {
    $goalone = $_SERVER['REMOTE_ADDR']."\r\n";
  }
  else {
    $goalone = "Unknown";
  }
$banning = fopen("BANED.TXT","a+");
fwrite($banning, $goalone);
fclose($banning)
?>

/\<<<EOF/\

Call this script from your protection routines , i have done one ( i reomved
the die line due to the inclusion of another one in the banning script ):

/\ NEW PROTECTION ROUTINES /\

foreach ($HTTP_GET_VARS as $secvalue) {
    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*span*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*h1*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*table*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*pre*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*em*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*input*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*td*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*option*\"?[^>]*>", $secvalue)) ||
 (eregi(";", $secvalue)) ||
 (eregi("'", $secvalue)) ||
 (eregi("?", $secvalue)) ||
 (eregi("`", $secvalue)) ||
 (eregi("+", $secvalue)) ||
 (eregi("\"", $secvalue))) {
// NEW PREVENTION SYSTEM , USE THIS ONE
// proactive ;-)))))))))
 include ("toban.php");
 // My old prevention system
 // die (";-) whereis lammer lammer: you");
    }
}

/\<<<EOF/\

As you see , it is needed to include two files in your scripts:
One to include banip.php for block the access and another one to write
blocked addresses formatted with a file readable format.
;-)
ENJOY !
NOTES: i'm using this system in www.nsrg-security.com
the BANED.TXT is not in the web root , but soon i will put a /BANNED dir
with useful scripts for see wich boys are blocked in my server, these
functions will be available:
/BANNED/?0x00=show
/BANNED/?0x00=meornotme
/BANNED/?0x00=noban
and others.
Of course the only way for be again allowed to access is contacting  the
admin;-)
soon i will add functions to the logging system for include "reasons" per
users like:
Blocked due to:
                        -[RULE]-> XSS attacks attempting.
Etc.

I think that i must provide these things to the community , these things are
important for the security in web servers.
I need a python developer , jelmer ? , an asp developer , who ? , and a jsp
developer for port these things.
a perl developer will be useful ( reeeeaaaaallyyyyy useful ) :-)

The best regards to the community and,
jelmer
morning_wood
etc
( people of the fantastic Full-Disclosure list )
-------------------------------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which sense
0x03-> no sense in pretending!
__________________________________
PGP: Keyfingerprint
B6D7 5FCC 78B4 97C1  4010 56BC 0E5F 2AB2
ID: 0x9C38E1D7
**********************************
No Secure Root Group Security Research Team
http://www.nsrg-security.com
______________________



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ