How to secure lavalair ALL versions

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #46
    Say wha? Sum functions r depreciated?

    Comment


      #47
      PHP Code:
      <?php
        $query 
      $_SERVER['QUERY_STRING'];
        
      $fookoff = array('chr(''chr=''chr%20''%20chr''wget%20''%20wget''wget(',
                                          
      'cmd=''%20cmd''cmd%20''rush=''%20rush''rush%20',
                                         
      'union%20''%20union''union(''union=''echr(''%20echr''echr%20''echr=',
                                         
      'esystem(''esystem%20''cp%20''%20cp''cp(''mdir%20''%20mdir''mdir(',
                                         
      'mcd%20''mrd%20''rm%20''%20mcd''%20mrd''%20rm',
                                         
      'mcd(''mrd(''rm(''mcd=''mrd=''mv%20''rmdir%20''mv(''rmdir(',
                                         
      'chmod(''chmod%20''%20chmod''chmod(''chmod=''chown%20''chgrp%20''chown(''chgrp(',
                                         
      'locate%20''grep%20''locate(''grep(''diff%20''kill%20''kill(''killall',
                                         
      'passwd%20''%20passwd''passwd(''telnet%20''vi(''vi%20',
                                         
      'insert%20into''select%20''nigga(''%20nigga''nigga%20''fopen''fwrite''%20like''like%20',
                                         
      '$_request''$_get''$request''$get''.system''HTTP_PHP''&aim''%20getenv''getenv%20',
                                         
      'new_password''&icq','/etc/password','/etc/shadow''/etc/groups''/etc/gshadow',
                                         
      'HTTP_USER_AGENT''HTTP_HOST''/bin/ps''wget%20''uname\x20-a''/usr/bin/id',
                                         
      '/bin/echo''/bin/kill''/bin/''/chgrp''/chown''/usr/bin''g\+\+''bin/python',
                                         
      'bin/tclsh''bin/nasm''perl%20''traceroute%20''ping%20''.pl''/usr/X11R6/bin/xterm''lsof%20',
                                         
      '/bin/mail''.conf''motd%20''HTTP/1.''.inc.php''config.php''cgi-''.eml',
                                         
      'file\://''window.open''<script>''javascript\://','img src''img%20src','.jsp','ftp.exe',
                                         
      'xp_enumdsn''xp_availablemedia''xp_filelist''xp_cmdshell''nc.exe''.htpasswd',
                                         
      'servlet''/etc/passwd''wwwacl''~root''~ftp''.js''.jsp''admin_''.history',
                                         
      'bash_history''.bash_history''~nobody''server-info''server-status''reboot%20''halt%20',
                                         
      'powerdown%20''/home/ftp''/home/www''secure_site, ok''chunked''org.apache''/servlet/con',
                                         
      '<script''/robot.txt' ,'/perl' ,'mod_gzip_status''db_mysql.inc''.inc''select%20from',
                                         
      'select from''drop%20''.system''getenv''http_''_php''php_''phpinfo()''<?php''?>''sql=');

        
      $check str_replace($fookoff'*'$query);

        if (
      $query != $check)
              {
                
      $addy $_SERVER['REMOTE_ADDR'];
                
      $agent $_SERVER['HTTP_USER_AGENT'];

            
      $fp fopen ('./log.txt''a');
            
      fwrite ($fp'Blocked attack from: IP - ' $_SERVER['REMOTE_ADDR'] . ' User Agent - ' $_SERVER['HTTP_USER_AGENT'] . '
      '
      );
            
      fclose ($fp);

                die( 
      "Attack detected! <br /><br /><b>Your attack was blocked:</b><br />$addy - $agent<br /><br />DJLEE 0wned you ! (dont remove this message you arse, credit where credits due)" );
              }
      ?>
      Last edited by metulj; 08.10.10, 19:06.

      Comment


        #48
        hey subzero!!!!


        Originally posted by subzero View Post
        How to secure lavalair ALL versions!!!!!!!

        Wapspire v1,v2
        fummobile v1
        aarawap v1

        Yes you hear me right they all are lavalair scripts !!!!!

        First Lets get to know how...

        Place this in your core.php

        PHP Code:
        function check_injection() 
          { 
            
        $badchars = array("DROP","TRUNCATE""SELECT""UPDATE""DELETE" "UNION""WHERE""FROM","INSERT","ORDER BY"); 
           
            foreach(
        $_REQUEST  as $value
            { 
              if(
        in_array(strtoupper($value), $badchars)) 
              { 
              
        $logfile'logs/log.txt'//chmod 777 
        $IP $_SERVER['REMOTE_ADDR']; 
        $logdetailsdate("F j, Y, g:i a") . ': ' '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].'</a>'
        $fp fopen($logfile"r+"); 
        fwrite($fp$logdetailsstrlen($logdetails)); 
        fclose($fp); 

               
        header('Location:http://google.com'); 

              } 
              else 
              { 
                
        $check preg_split("//"$value, -1PREG_SPLIT_OFFSET_CAPTURE); 
        foreach(
        $check as $char)
        {
        if(
        in_array(strtoupper($char), $badchars))
        {
              
        $logfile'logs/log.txt'
        $IP $_SERVER['REMOTE_ADDR']; 
        $logdetailsdate("F j, Y, g:i a") . ': ' '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].'</a>'
        $fp fopen($logfile"r+"); 
        fwrite($fp$logdetailsstrlen($logdetails)); 
        fclose($fp); 

                    
        header('Location:http://google.com'); 
        }}}} 

        Add this too ALL of your headers Before <html or <doc type Under core.php include file

        "
        include("core.php");
        check_injection();
        "

        Step 2:

        Do Not Host a UPLOADER

        Step 3:

        Don`t let users hotlink images as there avatar delete this asap from your site. or host it with a php thumb script you may search this forum for it !!

        Step 4:

        Do not save logs in logs or any txt files to members/owners info

        Step 5

        Do not use easy passwords like eg: 123456 , abc1234 , password , guest , john , orbit

        Most guest password is your username as your password you must not sign up like

        username: john1942
        password: john1942

        End of page.......

        If you still getting hacked / sql / hijacked this means you didn't go thou the steps as i told you...


        i got a question i included check_injection(); as you said under core.php like this

        include("core.php");
        check_injection();


        its ok with all pages but only genproc.php when i post the code

        include("core.php");
        check_injection();

        and after if i try to update my profile settings my self it is getting redirected google.com whats the solution for this?
        Last edited by pretend; 12.03.10, 23:09.
        Nice Effects

        Comment


          #49
          Originally posted by djlee View Post
          PHP Code:
            $query = $_SERVER['QUERY_STRING'];
            $fookoff = array('chr(', 'chr=', 'chr%20', '%20chr', 'wget%20', '%20wget', 'wget(',
                                              'cmd=', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20',
                                             'union%20', '%20union', 'union(', 'union=', 'echr(', '%20echr', 'echr%20', 'echr=',
                                             'esystem(', 'esystem%20', 'cp%20', '%20cp', 'cp(', 'mdir%20', '%20mdir', 'mdir(',
                                             'mcd%20', 'mrd%20', 'rm%20', '%20mcd', '%20mrd', '%20rm',
                                             'mcd(', 'mrd(', 'rm(', 'mcd=', 'mrd=', 'mv%20', 'rmdir%20', 'mv(', 'rmdir(',
                                             'chmod(', 'chmod%20', '%20chmod', 'chmod(', 'chmod=', 'chown%20', 'chgrp%20', 'chown(', 'chgrp(',
                                             'locate%20', 'grep%20', 'locate(', 'grep(', 'diff%20', 'kill%20', 'kill(', 'killall',
                                             'passwd%20', '%20passwd', 'passwd(', 'telnet%20', 'vi(', 'vi%20',
                                             'insert%20into', 'select%20', 'nigga(', '%20nigga', 'nigga%20', 'fopen', 'fwrite', '%20like', 'like%20',
                                             '$_request', '$_get', '$request', '$get', '.system', 'HTTP_PHP', '&aim', '%20getenv', 'getenv%20',
                                             'new_password', '&icq','/etc/password','/etc/shadow', '/etc/groups', '/etc/gshadow',
                                             'HTTP_USER_AGENT', 'HTTP_HOST', '/bin/ps', 'wget%20', 'uname\x20-a', '/usr/bin/id',
                                             '/bin/echo', '/bin/kill', '/bin/', '/chgrp', '/chown', '/usr/bin', 'g\+\+', 'bin/python',
                                             'bin/tclsh', 'bin/nasm', 'perl%20', 'traceroute%20', 'ping%20', '.pl', '/usr/X11R6/bin/xterm', 'lsof%20',
                                             '/bin/mail', '.conf', 'motd%20', 'HTTP/1.', '.inc.php', 'config.php', 'cgi-', '.eml',
                                             'file\://', 'window.open', '<script>', 'javascript\://','img src', 'img%20src','.jsp','ftp.exe',
                                             'xp_enumdsn', 'xp_availablemedia', 'xp_filelist', 'xp_cmdshell', 'nc.exe', '.htpasswd',
                                             'servlet', '/etc/passwd', 'wwwacl', '~root', '~ftp', '.js', '.jsp', 'admin_', '.history',
                                             'bash_history', '.bash_history', '~nobody', 'server-info', 'server-status', 'reboot%20', 'halt%20',
                                             'powerdown%20', '/home/ftp', '/home/www', 'secure_site, ok', 'chunked', 'org.apache', '/servlet/con',
                                             '<script', '/robot.txt' ,'/perl' ,'mod_gzip_status', 'db_mysql.inc', '.inc', 'select%20from',
                                             'select from', 'drop%20', '.system', 'getenv', 'http_', '_php', 'php_', 'phpinfo()', '<?php', '?>', 'sql=');

            $check = str_replace($fookoff, '*', $query);

            if ($query != $check)
                  {
                    $addy = $_SERVER['REMOTE_ADDR'];
                    $agent = $_SERVER['HTTP_USER_AGENT'];

                $fp = fopen ('./log.txt', 'a');
                fwrite ($fp, 'Blocked attack from: IP - ' . $_SERVER['REMOTE_ADDR'] . ' User Agent - ' . $_SERVER['HTTP_USER_AGENT'] . '
          ');
                fclose ($fp);

                    die( "Attack detected! <br /><br /><b>Your attack was blocked:</b><br />$addy - $agent<br /><br />DJLEE 0wned you ! (dont remove this message you arse, credit where credits due)" );
                  }

          can some one say me where should i include this?
          if ($query != $check)
          in which other pages and where should i place this thing? cause

          Originally posted by djlee View Post
          PHP Code:
           $query = $_SERVER['QUERY_STRING'];
            $fookoff = array('chr(', 'chr=', 'chr%20', '%20chr', 'wget%20', '%20wget', 'wget(',
                                              'cmd=', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20',
                                             'union%20', '%20union', 'union(', 'union=', 'echr(', '%20echr', 'echr%20', 'echr=',
                                             'esystem(', 'esystem%20', 'cp%20', '%20cp', 'cp(', 'mdir%20', '%20mdir', 'mdir(',
                                             'mcd%20', 'mrd%20', 'rm%20', '%20mcd', '%20mrd', '%20rm',
                                             'mcd(', 'mrd(', 'rm(', 'mcd=', 'mrd=', 'mv%20', 'rmdir%20', 'mv(', 'rmdir(',
                                             'chmod(', 'chmod%20', '%20chmod', 'chmod(', 'chmod=', 'chown%20', 'chgrp%20', 'chown(', 'chgrp(',
                                             'locate%20', 'grep%20', 'locate(', 'grep(', 'diff%20', 'kill%20', 'kill(', 'killall',
                                             'passwd%20', '%20passwd', 'passwd(', 'telnet%20', 'vi(', 'vi%20',
                                             'insert%20into', 'select%20', 'nigga(', '%20nigga', 'nigga%20', 'fopen', 'fwrite', '%20like', 'like%20',
                                             '$_request', '$_get', '$request', '$get', '.system', 'HTTP_PHP', '&aim', '%20getenv', 'getenv%20',
                                             'new_password', '&icq','/etc/password','/etc/shadow', '/etc/groups', '/etc/gshadow',
                                             'HTTP_USER_AGENT', 'HTTP_HOST', '/bin/ps', 'wget%20', 'uname\x20-a', '/usr/bin/id',
                                             '/bin/echo', '/bin/kill', '/bin/', '/chgrp', '/chown', '/usr/bin', 'g\+\+', 'bin/python',
                                             'bin/tclsh', 'bin/nasm', 'perl%20', 'traceroute%20', 'ping%20', '.pl', '/usr/X11R6/bin/xterm', 'lsof%20',
                                             '/bin/mail', '.conf', 'motd%20', 'HTTP/1.', '.inc.php', 'config.php', 'cgi-', '.eml',
                                             'file\://', 'window.open', '<script>', 'javascript\://','img src', 'img%20src','.jsp','ftp.exe',
                                             'xp_enumdsn', 'xp_availablemedia', 'xp_filelist', 'xp_cmdshell', 'nc.exe', '.htpasswd',
                                             'servlet', '/etc/passwd', 'wwwacl', '~root', '~ftp', '.js', '.jsp', 'admin_', '.history',
                                             'bash_history', '.bash_history', '~nobody', 'server-info', 'server-status', 'reboot%20', 'halt%20',
                                             'powerdown%20', '/home/ftp', '/home/www', 'secure_site, ok', 'chunked', 'org.apache', '/servlet/con',
                                             '<script', '/robot.txt' ,'/perl' ,'mod_gzip_status', 'db_mysql.inc', '.inc', 'select%20from',
                                             'select from', 'drop%20', '.system', 'getenv', 'http_', '_php', 'php_', 'phpinfo()', '<?php', '?>', 'sql=');

            $check = str_replace($fookoff, '*', $query);

            if ($query != $check)
                  {
                    $addy = $_SERVER['REMOTE_ADDR'];
                    $agent = $_SERVER['HTTP_USER_AGENT'];

                $fp = fopen ('./log.txt', 'a');
                fwrite ($fp, 'Blocked attack from: IP - ' . $_SERVER['REMOTE_ADDR'] . ' User Agent - ' . $_SERVER['HTTP_USER_AGENT'] . '
          ');
                fclose ($fp);

                    die( "Attack detected! <br /><br /><b>Your attack was blocked:</b><br />$addy - $agent<br /><br />DJLEE 0wned you ! (dont remove this message you arse, credit where credits due)" );
                  }
          is placed in core.php is it? and the function should be included some where on other pages to detect the attack so where should i include it i mean this if ($query != $check)
          Nice Effects

          Comment


            #50
            any expert help me.
            Last edited by pretend; 12.03.10, 23:11.
            Nice Effects

            Comment


              #51
              nice one this is big help.

              Comment


                #52
                php_flag off for shell script...

                Comment


                  #53
                  Originally posted by Jerson View Post
                  php_flag off for shell script...
                  not all server works on this lol
                  com site: http://vampist.net
                  download site: http://wapdloads.net
                  fb: http://www.facebook.com/pmplx

                  Comment


                    #54
                    Is this thread dead?

                    Comment


                      #55
                      lol what do you mean by dead?.
                      com site: http://vampist.net
                      download site: http://wapdloads.net
                      fb: http://www.facebook.com/pmplx

                      Comment


                        #56
                        You better hide the sid to be secured. And rename php file then use mod rewrite. Its more easy than coding like that

                        Comment


                          #57
                          Originally posted by Jerson View Post
                          You better hide the sid to be secured. And rename php file then use mod rewrite. Its more easy than coding like that
                          hidding session => sid.. doesnt make your site secure at all...
                          It's better to keep your mouth shut and give the impression that you're stupid, than to open it and remove all doubt.
                          ⓣⓗⓔ ⓠⓤⓘⓔⓣⓔⓡ ⓨⓞⓤ ⓑⓔ©ⓞⓜⓔ, ⓣⓗⓔ ⓜⓞⓡⓔ ⓨⓞⓤ ⓐⓡⓔ ⓐⓑⓛⓔ ⓣⓞ ⓗⓔⓐⓡ !
                          ιη тнєσяу, тнє ρяα¢тι¢є ιѕ α яєѕυℓт σƒ тнє тнєσяу, вυт ιη ρяα¢тι¢є ιѕ тнє σρρσѕιтє.
                          キノgんイノ刀g 4 ア乇ムc乇 ノ丂 レノズ乇 キucズノ刀g 4 √ノ尺gノ刀ノイリ!

                          Comment


                            #58
                            Second that ^

                            Comment


                              #59
                              i three that.

                              Users still can grab cookies / session from a user only way to block it if you made a script that needs two cookies and decoded to 651 ways of bass
                              Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
                              Visit: WapMasterz Coming Back Soon!
                              _______
                              SCRIPTS FOR SALE BY SUBZERO
                              Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
                              FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
                              _______
                              Info & Tips
                              php.net
                              w3schools.com

                              Comment


                                #60
                                ^ actually dat still doesnt make it safe from ALL methods.

                                Comment

                                Working...
                                X