PHP קוד:
<?php
/*
------------------------------------------------------------
| Defense.php Is to free use
| Defense from: Xss,Sql Inj in url only
| =============================
| > Date of Created: 21/12/08
------------------------------------------------------------
*/
class Defense
{
Var $Url;
Var $Attack;
Var $IP;
Var $Method;
Var $headers;
Var $Out = "";
Var $Value;
Var $Email;
Var $Date;
function eMail($Subject)
{
$this->headers = "MIME-Version: 1.0\r\n";
$this->headers.= "Content-type:text/html;charset=windows-1255\r\n";
$this->Subject = $Subject;
$this->Message = "<html><head></head><body dir='ltr'><div style='direction: ltr; font-family: arial; font-size: 11px;'>Method Of this Attack: {$this->Method}<br />IP Of this Attack: {$this->IP}<br />Url Of this Attack: {$this->Attack}</body></html>";
mail($this->Email,$this->Subject,$this->Message,$this->headers);
}
function Defense()
{
$this->Url = $_SERVER['QUERY_STRING'];
$this->Attack = $_SERVER['REQUEST_URI'];
$this->IP = $_SERVER['REMOTE_ADDR'];
$this->Value = "Defense()";
$this->Email = "yourmail@gmail.com";
$this->Date = date("d/m/Y H:i:s");
if (preg_match("#(union|drop|alter|update|having|insert|select|create|<(.+)|alert)#i",$this->Url))
{
SetCookie("Defense",$this->Value,time()+3600*2);
$this->Method = "Url String";
$this->eMail("Your site has benn Attacked");
Die($Defense->Out="
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xml:lang='en' lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>
<meta http-equiv='content-type' content='text/html; charset=windows-1255' />
<title>Defense</title>
</head>
<body style='background-color: #000;'>
<div style='margin: 0 auto 0 auto; text-align: center;'>
<div style='background-color: #fff; width: auto; height: auto; border: 1px dashed #fafafa;'>
<pre>Method Of this Attack: {$this->Method}<br />IP Of this Attack: {$this->IP}<br />Url Of this Attack: {$this->Attack}</pre>
</div>
<div style='color: #fafafa; font-weight: bold; font-size: 10pt;'>Your Detalis Is Send to the Admin forum</div>
</div>
</body>
</html>
");
}
}
}
$Defense = new Defense;
if (isset($_COOKIE['Defense']) && $_COOKIE['Defense'] == $Defense->Value)
{
Die($Defense->Out="
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xml:lang='en' lang='en' xmlns='http://www.w3.org/1999/xhtml'>
<head>
<meta name='author' content='sHoN.G' />
<meta http-equiv='content-type' content='text/html; charset=windows-1255' />
<title>Defense</title>
</head>
<body style='background-color: #000;'>
<div style='text-align: center; color: #fafafa; font-weight: bold; font-size: 13pt;'>Your Blocked for 2 Hours<br />Reason: You try to Attack the site</div>
</body>
</html>
");
}
?>
קובץ נחמד המגן מ XSS ו SQL INJ בשיטת GET,
פשוט תעשו INCLUDE בעמודים בהם יש חשש..
או תעשו INCLUDE כולל על ידי הכנסת העמוד הזה כ INCLUDE בתוך ה CONFIG
(בהנחה שאתם עשיתם INCLUDE לקובץ הCONFIG שלכם בכל האתר)