[anti]

PHP קוד:

<?php
/*
------------------------------------------------------------
|           Defense.php Is to free use
|           Defense from: Xss,Sql Inj in url only
|          =============================
|           > Date of Created: 21/12/08
------------------------------------------------------------
*/
class Defense 
{
    Var $Url;
    Var $Attack;
    Var $IP;
    Var $Method;
    Var $headers;
    Var $Out = "";
    Var $Value;
    Var $Email;
    Var $Date;
     
      function eMail($Subject)
      {
      $this->headers = "MIME-Version: 1.0\r\n";
      $this->headers.= "Content-type:text/html;charset=windows-1255\r\n";
      $this->Subject = $Subject;
      $this->Message = "<html><head></head><body dir='ltr'><div style='direction: ltr; font-family: arial; font-size: 11px;'>Method Of this Attack: {$this->Method}<br />IP Of this Attack: {$this->IP}<br />Url Of this Attack: {$this->Attack}</body></html>";
      mail($this->Email,$this->Subject,$this->Message,$this->headers);
      }
    function Defense()
    {
    $this->Url = $_SERVER['QUERY_STRING'];
    $this->Attack = $_SERVER['REQUEST_URI'];
    $this->IP = $_SERVER['REMOTE_ADDR'];
    $this->Value = "Defense()";
    $this->Email = "yourmail@gmail.com";
    $this->Date = date("d/m/Y H:i:s");

        if (preg_match("#(union|drop|alter|update|having|insert|select|create|<(.+)|alert)#i",$this->Url))
        {
                SetCookie("Defense",$this->Value,time()+3600*2);
                $this->Method = "Url String";
                $this->eMail("Your site has benn Attacked");
    Die($Defense->Out="
    <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'> 
            <html xml:lang='en' lang='en' xmlns='http://www.w3.org/1999/xhtml'>
    <head>
        <meta http-equiv='content-type' content='text/html; charset=windows-1255' />
        <title>Defense</title>
    </head>
<body style='background-color: #000;'>
<div style='margin: 0 auto 0 auto; text-align: center;'>
    <div style='background-color: #fff; width: auto; height: auto; border: 1px dashed #fafafa;'>
        <pre>Method Of this Attack: {$this->Method}<br />IP Of this Attack: {$this->IP}<br />Url Of this Attack: {$this->Attack}</pre>
    </div>
    <div style='color: #fafafa; font-weight: bold; font-size: 10pt;'>Your Detalis Is Send to the Admin forum</div>
</div>
</body>
    </html>
    ");
        }
    }
}
$Defense = new Defense;
if (isset($_COOKIE['Defense']) && $_COOKIE['Defense'] == $Defense->Value)
{
    Die($Defense->Out="
    <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'> 
            <html xml:lang='en' lang='en' xmlns='http://www.w3.org/1999/xhtml'>
    <head>
        <meta name='author' content='sHoN.G' />
        <meta http-equiv='content-type' content='text/html; charset=windows-1255' />
        <title>Defense</title>
    </head>
<body style='background-color: #000;'>
    <div style='text-align: center; color: #fafafa; font-weight: bold; font-size: 13pt;'>Your Blocked for 2 Hours<br />Reason: You try to Attack the site</div>
    
</body>
    </html>
    ");
}
?>

קובץ נחמד המגן מ XSS ו SQL INJ בשיטת GET,
פשוט תעשו INCLUDE בעמודים בהם יש חשש..
או תעשו INCLUDE כולל על ידי הכנסת העמוד הזה כ INCLUDE בתוך ה CONFIG
(בהנחה שאתם עשיתם INCLUDE לקובץ הCONFIG שלכם בכל האתר)