this php script help u to protect ur site for dangerous SQL injection and RFI vulnerabilities :
Installation
1. make "logs " dir
2. chmod the directory 'logs' to 777
3. Add the following line to the .htaccess file in root folder to monitor the requests.
php_value auto_append_file /home/username/public_html/requestlogger.php
replace /home/username/public_html/ with your root path.
php script here :
PHP Code:
<? // Security module by 12345 xmen
// Please do not change anything in this file
log_requests();
function log_requests(){
$aurl=urldecode($_SERVER['REQUEST_URI']);
if($GLOBALS['logged']!=1){
$GLOBALS['logged']=1;
if(!(
strstr($aurl,'\'') ||
strstr($aurl,'"')
)
)return;
$filename = $_SERVER['DOCUMENT_ROOT'].'/crappylog/crap-'.date("d-M-y", time()).'.txt';
$somecontent = date("D d M y-H:i:s", time());
$somecontent .= "|| TIME: ".$timespent;
$somecontent .= "|| URI: ";
$somecontent.=$_SERVER['REQUEST_URI'];
$somecontent .= "|| URIU: ";
//$somecontent.=$aurl;
/*
$somecontent .= "|| BROWSER: ";
$somecontent.=$_SERVER['HTTP_USER_AGENT'];
$somecontent .= "|| IP: ";
$somecontent.=$_SERVER['REMOTE_ADDR'];
$somecontent .= "|| FORWARDED: ";
$somecontent.=$_SERVER['HTTP_X_FORWARDED_FOR'];
$somecontent .= "|| POST: ";
foreach($_POST as $k=>$v){
$k=preg_replace("/[\s]/", " ", $k);
$v=preg_replace("/[\s]/", " ", $v);
$somecontent.="$k==$v::";
}
*/
touch($filename);
if (is_writable($filename)) {
$handle = fopen($filename, 'a');
flock($handle, LOCK_EX);
if (!$handle) {
echo "Cannot open";
}
if (fwrite($handle, $somecontent."\n") === FALSE) {
echo "Cannot write";
}
flock($handle, LOCK_UN);
fclose($handle);
}
else {
echo "logger not writable";
}
}
}
?>
i hope its hlp you if u like say thanks !
Blog Categories
Originally Posted by 12345xmen 
Email Blog Entry
Go to Profile
Mark as Read