stop sqli now and protect your site ok so u wana make your script secure against sql injection ive made this possible to ban the hacker directly from the server
first add this to your htaccess page rename my url to yours
make sure your htaccess page is chmodded to 666 to allow rewriteCode:Options -Indexes ErrorDocument 402 http://mobilezonez.net/?err ErrorDocument 403 http://mobilezonez.net/?err ErrorDocument 404 http://mobilezonez.net/?err ErrorDocument 500 http://mobilezonez.net/?err RewriteEngine On RewriteCond %{QUERY_STRING} (\"|%22).*(\>|%3E|<|%3C).* [NC] RewriteRule ^(.*)$ logs.php [NC] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC] RewriteRule ^(.*)$ logs.php [NC] RewriteCond %{QUERY_STRING} (javascript:).*(\;).* [NC] RewriteRule ^(.*)$ logs.php [NC] RewriteCond %{QUERY_STRING} (\;|\’|\"|\%22).*(union|select|insert|drop|update|validated|md5|1|5|perm|1 FROM ibwf_users|benchmark|or|and|if).* [NC] RewriteRule ^(.*)$ logs.php [NC] RewriteRule (,|;|<|>|’|`) /logs.php [NC] RemoveHandler .phtml .php3 .php4 .php5 .php6 .phps .cgi .pl .asp .aspx .shtml .shtm .fcgi .fpl .jsp .py AddType application/x-httpd-php-source .phtml .php3 .php4 .php5 .php6 .phps .cgi .pl .asp .aspx .shtml .shtm .fcgi .fpl .jsp .py php_flag display_errors 0 php_value error_reporting 7 php_value register_globals 0 php_flag session.use_trans_sid off php_value magic_quotes_gpc 0 php_value magic_quotes_runtime 0 php_value magic_quotes_sybase 0 php_value allow_url_fopen 0 php_value arg_separator.output "&" AddDefaultCharset UTF-8 <IfModule mod_expires.c> ExpiresActive On ExpiresDefault A1209600 <FilesMatch \.php$> ExpiresActive Off </FilesMatch> </IfModule> RewriteCond %{REQUEST_METHOD} ^TRACE RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$) RewriteRule .* - [F] RewriteCond %{HTTP_USER_AGENT} libwww [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)=http [NC] RewriteRule ^(.*)$ – [F,L]
now make a logs.php page for your server
now make a page called iplog.txtCode:<?php /* //////////////////////////////////////// // mobilezonez sql inject trap // // by // // Ozziemale aka Rampage // ///////////////////////////////// ////// */ $r= $_SERVER['REQUEST_URI']; $q= $_SERVER['QUERY_STRING']; $i= $_SERVER['REMOTE_ADDR']; $u= $_SERVER['HTTP_USER_AGENT']; $i = "deny from $REMOTE_ADDR\n" ; $banip = '.htaccess'; $fp = fopen($banip, "a"); $write = fputs($fp, $i); fclose($fp); $ref = $_SERVER['HTTP_REFERER']; $phone=$_SERVER['HTTP_USER_AGENT']; $forwarder_ip = @htmlspecialchars(getenv('HTTP_X_FORWARDED_FOR')); $sydnNew_Time = time() + (24 * 60 * 60); $sydn=date("H:i",$sydnNew_Time); $time = date("F jS Y,"); $iplog = "Time:$time-$sydn ::Browser:$r :: Ip-$i ::Referer:$ref ::Attempt: $r - $q - $i - $u"; $fp=@fopen("iplog.txt","a+"); @fputs($fp,"$iplog \r\n"); @fclose($fp); $mess = $r . ' | ' . $q . ' | ' . $i . ' | ' .$u; mail("admin@mobilezonez.net","bad request",$mess,"from:hacker@mobilezonez.net"); echo "Bye Bye Mother ****er!!!"; ?>
chmod it to 777
and we are done this will block sql injection logg the attempt email it to you then write the log onto a text file then ban the ip from your server...
thus stopping them in their tracks. hope you all enjoy this code i made
dont forget to say thanks
Last edited by ozziemale31; 24-01-12 at 09:56.
Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
for those who end up with a 500 misconfiguration error
use this version
Code:RewriteEngine On RewriteCond %{QUERY_STRING} (\"|%22).*(\>|%3E|<|%3C).* [NC] RewriteRule ^(.*)$ logs.php [NC] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC] RewriteRule ^(.*)$ logs.php [NC] RewriteCond %{QUERY_STRING} (javascript:).*(\;).* [NC] RewriteRule ^(.*)$ logs.php [NC] RewriteCond %{QUERY_STRING} (\;|\’|\"|\%22).*(union|select|insert|drop|update|perm|validated|md5|benchmark|or|and|if).* [NC] RewriteRule ^(.*)$ logs.php [NC] RewriteRule (,|;|<|>|’|`) /logs.php [NC] RemoveHandler .phtml .php3 .php4 .php5 .php6 .phps .cgi .pl .asp .aspx .shtml .shtm .fcgi .fpl .jsp .py AddType application/x-httpd-php-source .phtml .php3 .php4 .php5 .php6 .phps .cgi .pl .asp .aspx .shtml .shtm .fcgi .fpl .jsp .py php_flag display_errors 0 php_value error_reporting 7 php_value register_globals 0 php_flag session.use_trans_sid off php_value magic_quotes_gpc 0 php_value magic_quotes_runtime 0 php_value magic_quotes_sybase 0 php_value allow_url_fopen 0 php_value arg_separator.output "&" AddDefaultCharset UTF-8 <IfModule mod_expires.c> ExpiresActive On ExpiresDefault A1209600 <FilesMatch \.php$> ExpiresActive Off </FilesMatch> </IfModule> RewriteCond %{REQUEST_METHOD} ^TRACE RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$) RewriteRule .* - [F] RewriteCond %{HTTP_USER_AGENT} libwww [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)=http [NC] RewriteRule ^(.*)$ – [F,L]
Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
this now working bro i think you should test it and add it to the htaccess for does using the scriptand make it possible to download
This code was made for lava script, but will work also for other script if this script work
this is not for sql injection, its for xss
[Only registered and activated users can see links. Click Here To Register...]
Applications, Games, Wallpapers, Ringtones, Videos, Themes, Screensaver and More!!!
Thank you for acetate given code
I honestly don't understand why people go through much stress over this whole injection thing, I've learnt enough to know there is no way to inject cleanly written codes. The php function coupled with good filter practices effectively contains injection.
True words. However these codes might give a sense of security for people who have just set up a site out of free available scriptOriginally Posted by CreativityKills [Only registered and activated users can see links. Click Here To Register...]
tinyurl.com/earnbymobile
Easy earning for Indians
---------------------
Alternative mobile advertising network .. Minimum 100 USD pay / NET15 pay cycle, Good Brand, Best targeting for Android
goo.gl/6vub3
Yeah good point bro
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
4Likes
LinkBack URL
About LinkBacks
Reply With Quote
Bookmarks