הוסטס - פורום אחסון האתרים הגדול בישראל - View Single Post - [מדריך] PHP

anti · 09-07-10, 20:38

PHP קוד:


			
<?php

/*

------------------------------------------------------------

|           Defense.php Is to free use

|           Defense from: Xss,Sql Inj in url only

|          =============================

|           > Date of Created: 21/12/08

------------------------------------------------------------

*/

class Defense 

{

    Var $Url;

    Var $Attack;

    Var $IP;

    Var $Method;

    Var $headers;

    Var $Out = "";

    Var $Value;

    Var $Email;

    Var $Date;

     

      function eMail($Subject)

      {

      $this->headers = "MIME-Version: 1.0\r\n";

      $this->headers.= "Content-type:text/html;charset=windows-1255\r\n";

      $this->Subject = $Subject;

      $this->Message = "<html><head></head><body dir='ltr'><div style='direction: ltr; font-family: arial; font-size: 11px;'>Method Of this Attack: {$this->Method}<br />IP Of this Attack: {$this->IP}<br />Url Of this Attack: {$this->Attack}</body></html>";

      mail($this->Email,$this->Subject,$this->Message,$this->headers);

      }

    function Defense()

    {

    $this->Url = $_SERVER['QUERY_STRING'];

    $this->Attack = $_SERVER['REQUEST_URI'];

    $this->IP = $_SERVER['REMOTE_ADDR'];

    $this->Value = "Defense()";

    $this->Email = "yourmail@gmail.com";

    $this->Date = date("d/m/Y H:i:s");



        if (preg_match("#(union|drop|alter|update|having|insert|select|create|<(.+)|alert)#i",$this->Url))

        {

                SetCookie("Defense",$this->Value,time()+3600*2);

                $this->Method = "Url String";

                $this->eMail("Your site has benn Attacked");

    Die($Defense->Out="

    <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'> 

            <html xml:lang='en' lang='en' xmlns='http://www.w3.org/1999/xhtml'>

    <head>

        <meta http-equiv='content-type' content='text/html; charset=windows-1255' />

        <title>Defense</title>

    </head>

<body style='background-color: #000;'>

<div style='margin: 0 auto 0 auto; text-align: center;'>

    <div style='background-color: #fff; width: auto; height: auto; border: 1px dashed #fafafa;'>

        <pre>Method Of this Attack: {$this->Method}<br />IP Of this Attack: {$this->IP}<br />Url Of this Attack: {$this->Attack}</pre>

    </div>

    <div style='color: #fafafa; font-weight: bold; font-size: 10pt;'>Your Detalis Is Send to the Admin forum</div>

</div>

</body>

    </html>

    ");

        }

    }

}

$Defense = new Defense;

if (isset($_COOKIE['Defense']) && $_COOKIE['Defense'] == $Defense->Value)

{

    Die($Defense->Out="

    <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'> 

            <html xml:lang='en' lang='en' xmlns='http://www.w3.org/1999/xhtml'>

    <head>

        <meta name='author' content='sHoN.G' />

        <meta http-equiv='content-type' content='text/html; charset=windows-1255' />

        <title>Defense</title>

    </head>

<body style='background-color: #000;'>

    <div style='text-align: center; color: #fafafa; font-weight: bold; font-size: 13pt;'>Your Blocked for 2 Hours<br />Reason: You try to Attack the site</div>

    

</body>

    </html>

    ");

}

?>

קובץ נחמד המגן מ XSS ו SQL INJ בשיטת GET,
פשוט תעשו INCLUDE בעמודים בהם יש חשש..
או תעשו INCLUDE כולל על ידי הכנסת העמוד הזה כ INCLUDE בתוך ה CONFIG
(בהנחה שאתם עשיתם INCLUDE לקובץ הCONFIG שלכם בכל האתר)

09-07-10, 20:38	# 15
anti חבר על מיני פרופיל תאריך הצטרפות: Jul 2006 הודעות: 901	PHP קוד: <?php /* ------------------------------------------------------------ \| Defense.php Is to free use \| Defense from: Xss,Sql Inj in url only \| ============================= \| > Date of Created: 21/12/08 ------------------------------------------------------------ / class Defense { Var $Url; Var $Attack; Var $IP; Var $Method; Var $headers; Var $Out = ""; Var $Value; Var $Email; Var $Date; function eMail($Subject) { $this->headers = "MIME-Version: 1.0\r\n"; $this->headers.= "Content-type:text/html;charset=windows-1255\r\n"; $this->Subject = $Subject; $this->Message = "<html><head></head><body dir='ltr'><div style='direction: ltr; font-family: arial; font-size: 11px;'>Method Of this Attack: {$this->Method}<br />IP Of this Attack: {$this->IP}<br />Url Of this Attack: {$this->Attack}</body></html>"; mail($this->Email,$this->Subject,$this->Message,$this->headers); } function Defense() { $this->Url = $_SERVER['QUERY_STRING']; $this->Attack = $_SERVER['REQUEST_URI']; $this->IP = $_SERVER['REMOTE_ADDR']; $this->Value = "Defense()"; $this->Email = "yourmail@gmail.com"; $this->Date = date("d/m/Y H:i:s"); if (preg_match("#(union\|drop\|alter\|update\|having\|insert\|select\|create\|<(.+)\|alert)#i",$this->Url)) { SetCookie("Defense",$this->Value,time()+36002); $this->Method = "Url String"; $this->eMail("Your site has benn Attacked"); Die($Defense->Out=" <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'> <html xml:lang='en' lang='en' xmlns='http://www.w3.org/1999/xhtml'> <head> <meta http-equiv='content-type' content='text/html; charset=windows-1255' /> <title>Defense</title> </head> <body style='background-color: #000;'> <div style='margin: 0 auto 0 auto; text-align: center;'> <div style='background-color: #fff; width: auto; height: auto; border: 1px dashed #fafafa;'> <pre>Method Of this Attack: {$this->Method}<br />IP Of this Attack: {$this->IP}<br />Url Of this Attack: {$this->Attack}</pre> </div> <div style='color: #fafafa; font-weight: bold; font-size: 10pt;'>Your Detalis Is Send to the Admin forum</div> </div> </body> </html> "); } } } $Defense = new Defense; if (isset($_COOKIE['Defense']) && $_COOKIE['Defense'] == $Defense->Value) { Die($Defense->Out=" <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'> <html xml:lang='en' lang='en' xmlns='http://www.w3.org/1999/xhtml'> <head> <meta name='author' content='sHoN.G' /> <meta http-equiv='content-type' content='text/html; charset=windows-1255' /> <title>Defense</title> </head> <body style='background-color: #000;'> <div style='text-align: center; color: #fafafa; font-weight: bold; font-size: 13pt;'>Your Blocked for 2 Hours<br />Reason: You try to Attack the site</div> </body> </html> "); } ?> קובץ נחמד המגן מ XSS ו SQL INJ בשיטת GET, פשוט תעשו INCLUDE בעמודים בהם יש חשש.. או תעשו INCLUDE כולל על ידי הכנסת העמוד הזה כ INCLUDE בתוך ה CONFIG (בהנחה שאתם עשיתם INCLUDE לקובץ הCONFIG שלכם בכל האתר)