How to secure lavalair ALL versions

Jerson replied

08.10.10, 17:04
php_flag off for shell script...
Leave a comment:
mhazter replied

29.03.10, 20:05
nice one this is big help.
Leave a comment:
pretend replied

12.03.10, 23:07
any expert help me.

Last edited by pretend; 12.03.10, 23:11.
Leave a comment:
pretend replied

12.03.10, 23:06
Originally posted by djlee View Post

PHP Code:

$query = $_SERVER['QUERY_STRING']; $fookoff = array('chr(', 'chr=', 'chr%20', '%20chr', 'wget%20', '%20wget', 'wget(', 'cmd=', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20', 'union%20', '%20union', 'union(', 'union=', 'echr(', '%20echr', 'echr%20', 'echr=', 'esystem(', 'esystem%20', 'cp%20', '%20cp', 'cp(', 'mdir%20', '%20mdir', 'mdir(', 'mcd%20', 'mrd%20', 'rm%20', '%20mcd', '%20mrd', '%20rm', 'mcd(', 'mrd(', 'rm(', 'mcd=', 'mrd=', 'mv%20', 'rmdir%20', 'mv(', 'rmdir(', 'chmod(', 'chmod%20', '%20chmod', 'chmod(', 'chmod=', 'chown%20', 'chgrp%20', 'chown(', 'chgrp(', 'locate%20', 'grep%20', 'locate(', 'grep(', 'diff%20', 'kill%20', 'kill(', 'killall', 'passwd%20', '%20passwd', 'passwd(', 'telnet%20', 'vi(', 'vi%20', 'insert%20into', 'select%20', 'nigga(', '%20nigga', 'nigga%20', 'fopen', 'fwrite', '%20like', 'like%20', '$_request', '$_get', '$request', '$get', '.system', 'HTTP_PHP', '&aim', '%20getenv', 'getenv%20', 'new_password', '&icq','/etc/password','/etc/shadow', '/etc/groups', '/etc/gshadow', 'HTTP_USER_AGENT', 'HTTP_HOST', '/bin/ps', 'wget%20', 'uname\x20-a', '/usr/bin/id', '/bin/echo', '/bin/kill', '/bin/', '/chgrp', '/chown', '/usr/bin', 'g\+\+', 'bin/python', 'bin/tclsh', 'bin/nasm', 'perl%20', 'traceroute%20', 'ping%20', '.pl', '/usr/X11R6/bin/xterm', 'lsof%20', '/bin/mail', '.conf', 'motd%20', 'HTTP/1.', '.inc.php', 'config.php', 'cgi-', '.eml', 'file\://', 'window.open', '<script>', 'javascript\://','img src', 'img%20src','.jsp','ftp.exe', 'xp_enumdsn', 'xp_availablemedia', 'xp_filelist', 'xp_cmdshell', 'nc.exe', '.htpasswd', 'servlet', '/etc/passwd', 'wwwacl', '~root', '~ftp', '.js', '.jsp', 'admin_', '.history', 'bash_history', '.bash_history', '~nobody', 'server-info', 'server-status', 'reboot%20', 'halt%20', 'powerdown%20', '/home/ftp', '/home/www', 'secure_site, ok', 'chunked', 'org.apache', '/servlet/con', '<script', '/robot.txt' ,'/perl' ,'mod_gzip_status', 'db_mysql.inc', '.inc', 'select%20from', 'select from', 'drop%20', '.system', 'getenv', 'http_', '_php', 'php_', 'phpinfo()', '<?php', '?>', 'sql='); $check = str_replace($fookoff, '*', $query); if ($query != $check) { $addy = $_SERVER['REMOTE_ADDR']; $agent = $_SERVER['HTTP_USER_AGENT']; $fp = fopen ('./log.txt', 'a'); fwrite ($fp, 'Blocked attack from: IP - ' . $_SERVER['REMOTE_ADDR'] . ' User Agent - ' . $_SERVER['HTTP_USER_AGENT'] . ' '); fclose ($fp); die( "Attack detected! <br /><br /><b>Your attack was blocked:</b><br />$addy - $agent<br /><br />DJLEE 0wned you ! (dont remove this message you arse, credit where credits due)" ); }

can some one say me where should i include this?
if ($query != $check)
in which other pages and where should i place this thing? cause

Originally posted by djlee View Post

PHP Code:

$query = $_SERVER['QUERY_STRING']; $fookoff = array('chr(', 'chr=', 'chr%20', '%20chr', 'wget%20', '%20wget', 'wget(', 'cmd=', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20', 'union%20', '%20union', 'union(', 'union=', 'echr(', '%20echr', 'echr%20', 'echr=', 'esystem(', 'esystem%20', 'cp%20', '%20cp', 'cp(', 'mdir%20', '%20mdir', 'mdir(', 'mcd%20', 'mrd%20', 'rm%20', '%20mcd', '%20mrd', '%20rm', 'mcd(', 'mrd(', 'rm(', 'mcd=', 'mrd=', 'mv%20', 'rmdir%20', 'mv(', 'rmdir(', 'chmod(', 'chmod%20', '%20chmod', 'chmod(', 'chmod=', 'chown%20', 'chgrp%20', 'chown(', 'chgrp(', 'locate%20', 'grep%20', 'locate(', 'grep(', 'diff%20', 'kill%20', 'kill(', 'killall', 'passwd%20', '%20passwd', 'passwd(', 'telnet%20', 'vi(', 'vi%20', 'insert%20into', 'select%20', 'nigga(', '%20nigga', 'nigga%20', 'fopen', 'fwrite', '%20like', 'like%20', '$_request', '$_get', '$request', '$get', '.system', 'HTTP_PHP', '&aim', '%20getenv', 'getenv%20', 'new_password', '&icq','/etc/password','/etc/shadow', '/etc/groups', '/etc/gshadow', 'HTTP_USER_AGENT', 'HTTP_HOST', '/bin/ps', 'wget%20', 'uname\x20-a', '/usr/bin/id', '/bin/echo', '/bin/kill', '/bin/', '/chgrp', '/chown', '/usr/bin', 'g\+\+', 'bin/python', 'bin/tclsh', 'bin/nasm', 'perl%20', 'traceroute%20', 'ping%20', '.pl', '/usr/X11R6/bin/xterm', 'lsof%20', '/bin/mail', '.conf', 'motd%20', 'HTTP/1.', '.inc.php', 'config.php', 'cgi-', '.eml', 'file\://', 'window.open', '<script>', 'javascript\://','img src', 'img%20src','.jsp','ftp.exe', 'xp_enumdsn', 'xp_availablemedia', 'xp_filelist', 'xp_cmdshell', 'nc.exe', '.htpasswd', 'servlet', '/etc/passwd', 'wwwacl', '~root', '~ftp', '.js', '.jsp', 'admin_', '.history', 'bash_history', '.bash_history', '~nobody', 'server-info', 'server-status', 'reboot%20', 'halt%20', 'powerdown%20', '/home/ftp', '/home/www', 'secure_site, ok', 'chunked', 'org.apache', '/servlet/con', '<script', '/robot.txt' ,'/perl' ,'mod_gzip_status', 'db_mysql.inc', '.inc', 'select%20from', 'select from', 'drop%20', '.system', 'getenv', 'http_', '_php', 'php_', 'phpinfo()', '<?php', '?>', 'sql='); $check = str_replace($fookoff, '*', $query); if ($query != $check) { $addy = $_SERVER['REMOTE_ADDR']; $agent = $_SERVER['HTTP_USER_AGENT']; $fp = fopen ('./log.txt', 'a'); fwrite ($fp, 'Blocked attack from: IP - ' . $_SERVER['REMOTE_ADDR'] . ' User Agent - ' . $_SERVER['HTTP_USER_AGENT'] . ' '); fclose ($fp); die( "Attack detected! <br /><br /><b>Your attack was blocked:</b><br />$addy - $agent<br /><br />DJLEE 0wned you ! (dont remove this message you arse, credit where credits due)" ); }

is placed in core.php is it? and the function should be included some where on other pages to detect the attack so where should i include it i mean this if ($query != $check)
Leave a comment:
pretend replied

12.03.10, 22:53
hey subzero!!!!

Originally posted by subzero View Post

How to secure lavalair ALL versions!!!!!!!

Wapspire v1,v2
fummobile v1
aarawap v1

Yes you hear me right they all are lavalair scripts !!!!!

First Lets get to know how...

Place this in your core.php

PHP Code:

function check_injection() { $badchars = array("DROP","TRUNCATE", "SELECT", "UPDATE", "DELETE" , "UNION", "WHERE", "FROM","INSERT","ORDER BY"); foreach($_REQUEST as $value) { if(in_array(strtoupper($value), $badchars)) { $logfile= 'logs/log.txt'; //chmod 777 $IP = $_SERVER['REMOTE_ADDR']; $logdetails= date("F j, Y, g:i a") . ': ' . '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].'</a>'; $fp = fopen($logfile, "r+"); fwrite($fp, $logdetails, strlen($logdetails)); fclose($fp); header('Location:http://google.com'); } else { $check = preg_split("//", $value, -1, PREG_SPLIT_OFFSET_CAPTURE); foreach($check as $char) { if(in_array(strtoupper($char), $badchars)) { $logfile= 'logs/log.txt'; $IP = $_SERVER['REMOTE_ADDR']; $logdetails= date("F j, Y, g:i a") . ': ' . '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].'</a>'; $fp = fopen($logfile, "r+"); fwrite($fp, $logdetails, strlen($logdetails)); fclose($fp); header('Location:http://google.com'); }}}} }

Add this too ALL of your headers Before <html or <doc type Under core.php include file

"
include("core.php");
check_injection();
"

Step 2:

Do Not Host a UPLOADER

Step 3:

Don`t let users hotlink images as there avatar delete this asap from your site. or host it with a php thumb script you may search this forum for it !!

Step 4:

Do not save logs in logs or any txt files to members/owners info

Step 5

Do not use easy passwords like eg: 123456 , abc1234 , password , guest , john , orbit

Most guest password is your username as your password you must not sign up like

username: john1942
password: john1942

End of page.......

If you still getting hacked / sql / hijacked this means you didn't go thou the steps as i told you...

i got a question i included check_injection(); as you said under core.php like this

include("core.php");
check_injection();

its ok with all pages but only genproc.php when i post the code

include("core.php");
check_injection();

and after if i try to update my profile settings my self it is getting redirected google.com whats the solution for this?

Last edited by pretend; 12.03.10, 23:09.
Leave a comment:
djlee replied

13.01.10, 18:00
PHP Code:

<?php $query = $_SERVER['QUERY_STRING']; $fookoff = array('chr(', 'chr=', 'chr%20', '%20chr', 'wget%20', '%20wget', 'wget(', 'cmd=', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20', 'union%20', '%20union', 'union(', 'union=', 'echr(', '%20echr', 'echr%20', 'echr=', 'esystem(', 'esystem%20', 'cp%20', '%20cp', 'cp(', 'mdir%20', '%20mdir', 'mdir(', 'mcd%20', 'mrd%20', 'rm%20', '%20mcd', '%20mrd', '%20rm', 'mcd(', 'mrd(', 'rm(', 'mcd=', 'mrd=', 'mv%20', 'rmdir%20', 'mv(', 'rmdir(', 'chmod(', 'chmod%20', '%20chmod', 'chmod(', 'chmod=', 'chown%20', 'chgrp%20', 'chown(', 'chgrp(', 'locate%20', 'grep%20', 'locate(', 'grep(', 'diff%20', 'kill%20', 'kill(', 'killall', 'passwd%20', '%20passwd', 'passwd(', 'telnet%20', 'vi(', 'vi%20', 'insert%20into', 'select%20', 'nigga(', '%20nigga', 'nigga%20', 'fopen', 'fwrite', '%20like', 'like%20', '$_request', '$_get', '$request', '$get', '.system', 'HTTP_PHP', '&aim', '%20getenv', 'getenv%20', 'new_password', '&icq','/etc/password','/etc/shadow', '/etc/groups', '/etc/gshadow', 'HTTP_USER_AGENT', 'HTTP_HOST', '/bin/ps', 'wget%20', 'uname\x20-a', '/usr/bin/id', '/bin/echo', '/bin/kill', '/bin/', '/chgrp', '/chown', '/usr/bin', 'g\+\+', 'bin/python', 'bin/tclsh', 'bin/nasm', 'perl%20', 'traceroute%20', 'ping%20', '.pl', '/usr/X11R6/bin/xterm', 'lsof%20', '/bin/mail', '.conf', 'motd%20', 'HTTP/1.', '.inc.php', 'config.php', 'cgi-', '.eml', 'file\://', 'window.open', '<script>', 'javascript\://','img src', 'img%20src','.jsp','ftp.exe', 'xp_enumdsn', 'xp_availablemedia', 'xp_filelist', 'xp_cmdshell', 'nc.exe', '.htpasswd', 'servlet', '/etc/passwd', 'wwwacl', '~root', '~ftp', '.js', '.jsp', 'admin_', '.history', 'bash_history', '.bash_history', '~nobody', 'server-info', 'server-status', 'reboot%20', 'halt%20', 'powerdown%20', '/home/ftp', '/home/www', 'secure_site, ok', 'chunked', 'org.apache', '/servlet/con', '<script', '/robot.txt' ,'/perl' ,'mod_gzip_status', 'db_mysql.inc', '.inc', 'select%20from', 'select from', 'drop%20', '.system', 'getenv', 'http_', '_php', 'php_', 'phpinfo()', '<?php', '?>', 'sql='); $check = str_replace($fookoff, '*', $query); if ($query != $check) { $addy = $_SERVER['REMOTE_ADDR']; $agent = $_SERVER['HTTP_USER_AGENT']; $fp = fopen ('./log.txt', 'a'); fwrite ($fp, 'Blocked attack from: IP - ' . $_SERVER['REMOTE_ADDR'] . ' User Agent - ' . $_SERVER['HTTP_USER_AGENT'] . ' '); fclose ($fp); die( "Attack detected! <br /><br /><b>Your attack was blocked:</b><br />$addy - $agent<br /><br />DJLEE 0wned you ! (dont remove this message you arse, credit where credits due)" ); } ?>

Last edited by metulj; 08.10.10, 19:06.
Leave a comment:
CreativityKills replied

10.01.10, 19:22
Say wha? Sum functions r depreciated?
Leave a comment:
sklbd replied

10.01.10, 16:23
plz any one make this script php v5/6

function check_injection()
{
$badchars = array("DROP","TRUNCATE", "SELECT", "UPDATE", "DELETE" , "UNION", "WHERE", "FROM","INSERT","ORDER BY");

foreach($_REQUEST as $value)
{
if(in_array(strtoupper($value), $badchars))
{
$logfile= 'logs/log.txt'; //chmod 777
$IP = $_SERVER['REMOTE_ADDR'];
$logdetails= date("F j, Y, g:i a") . ': ' . '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].'</a>';
$fp = fopen($logfile, "r+");
fwrite($fp, $logdetails, strlen($logdetails));
fclose($fp);

header('Location:http://google.com');

}
else
{
$check = preg_split("//", $value, -1, PREG_SPLIT_OFFSET_CAPTURE);
foreach($check as $char)
{
if(in_array(strtoupper($char), $badchars))
{
$logfile= 'logs/log.txt';
$IP = $_SERVER['REMOTE_ADDR'];
$logdetails= date("F j, Y, g:i a") . ': ' . '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].'</a>';
$fp = fopen($logfile, "r+");
fwrite($fp, $logdetails, strlen($logdetails));
fclose($fp);

header('Location:http://google.com');
}}}}
}
Leave a comment:
CreativityKills replied

10.01.10, 05:33
^ Thats stupid
Leave a comment:
comando replied

07.01.10, 07:50
make the session like this:
$ip=base64_encode($_SERVER["REMOTE_ADDR"]);
$brw=base64_encode($_SERVER[USER_AGENT]);
$time=time();
$sid=md5($ip.$brw.time( ));
make in table 'lava_ses' a new field 'login_time' and insert the time( ).
//////////the function islogin will be
etc etc etc
$ip=base64_encode($_SERVER["REMOTE_ADDR"]);
$brw=base64_encode($_SERVER[USER_AGENT]);
$time_login=$row[login_time];
$sid2=md5($ip.$brw.$time_login);
if $sid=$sid2

login

else

not login or this is not your session

/////////////// I HOPE YOU UNDERSTAND
Leave a comment:
sklbd replied

07.01.10, 05:40
i think no site is 100% secure
Leave a comment:
kei_ki7 replied

05.01.10, 16:39
force download is a nice idea.
Leave a comment:
ori replied

05.01.10, 14:24
i make all uploaded files come up as a 404 even if there in there and my script can still force a download or preview (images)
Leave a comment:
thanatos replied

05.01.10, 06:13
Originally posted by WereWolveZ View Post

yeah heheh but we can add up php3 in htacces nothing is impossible

a virus with a .exe extension can be changed to .mp3 using a file binder. My advice is not just block the extensions but it might be better if force download will be used in .htaccess :-)
Leave a comment:
WereWolveZ replied

05.01.10, 06:00
yeah heheh but we can add up php3 in htacces nothing is impossible
Leave a comment:

How to secure lavalair ALL versions

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment: