ok so u wana make your script secure against sql injection ive made this possible to ban the hacker directly from the server
first add this to your htaccess page rename my url to yours
make sure your htaccess page is chmodded to 666 to allow rewrite
now make a logs.php page for your server
now make a page called iplog.txt
chmod it to 777
and we are done this will block sql injection logg the attempt email it to you then write the log onto a text file then ban the ip from your server...
thus stopping them in their tracks. hope you all enjoy this code i made
dont forget to say thanks
first add this to your htaccess page rename my url to yours
Code:
Options -Indexes
ErrorDocument 402 http://mobilezonez.net/?err
ErrorDocument 403 http://mobilezonez.net/?err
ErrorDocument 404 http://mobilezonez.net/?err
ErrorDocument 500 http://mobilezonez.net/?err
RewriteEngine On
RewriteCond %{QUERY_STRING} (\"|%22).*(\>|%3E|<|%3C).* [NC]
RewriteRule ^(.*)$ logs.php [NC]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC]
RewriteRule ^(.*)$ logs.php [NC]
RewriteCond %{QUERY_STRING} (javascript:).*(\;).* [NC]
RewriteRule ^(.*)$ logs.php [NC]
RewriteCond %{QUERY_STRING} (\;|\’|\"|\%22).*(union|select|insert|drop|update|validated|md5|1|5|perm|1 FROM ibwf_users|benchmark|or|and|if).* [NC]
RewriteRule ^(.*)$ logs.php [NC]
RewriteRule (,|;|<|>|’|`) /logs.php [NC]
RemoveHandler .phtml .php3 .php4 .php5 .php6 .phps .cgi .pl .asp .aspx .shtml .shtm .fcgi .fpl .jsp .py
AddType application/x-httpd-php-source .phtml .php3 .php4 .php5 .php6 .phps .cgi .pl .asp .aspx .shtml .shtm .fcgi .fpl .jsp .py
php_flag display_errors 0
php_value error_reporting 7
php_value register_globals 0
php_flag session.use_trans_sid off
php_value magic_quotes_gpc 0
php_value magic_quotes_runtime 0
php_value magic_quotes_sybase 0
php_value allow_url_fopen 0
php_value arg_separator.output "&"
AddDefaultCharset UTF-8
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault A1209600
<FilesMatch \.php$>
ExpiresActive Off
</FilesMatch>
</IfModule>
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$)
RewriteRule .* - [F]
RewriteCond %{HTTP_USER_AGENT} libwww [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)=http [NC]
RewriteRule ^(.*)$ – [F,L]
now make a logs.php page for your server
Code:
<?php
/*
////////////////////////////////////////
// mobilezonez sql inject trap //
// by //
// Ozziemale aka Rampage //
///////////////////////////////// //////
*/
$r= $_SERVER['REQUEST_URI'];
$q= $_SERVER['QUERY_STRING'];
$i= $_SERVER['REMOTE_ADDR'];
$u= $_SERVER['HTTP_USER_AGENT'];
$i = "deny from $REMOTE_ADDR\n" ;
$banip = '.htaccess';
$fp = fopen($banip, "a");
$write = fputs($fp, $i);
fclose($fp);
$ref = $_SERVER['HTTP_REFERER'];
$phone=$_SERVER['HTTP_USER_AGENT'];
$forwarder_ip = @htmlspecialchars(getenv('HTTP_X_FORWARDED_FOR'));
$sydnNew_Time = time() + (24 * 60 * 60);
$sydn=date("H:i",$sydnNew_Time);
$time = date("F jS Y,");
$iplog = "Time:$time-$sydn ::Browser:$r :: Ip-$i ::Referer:$ref ::Attempt: $r - $q - $i - $u";
$fp=@fopen("iplog.txt","a+");
@fputs($fp,"$iplog \r\n");
@fclose($fp);
$mess = $r . ' | ' . $q . ' | ' . $i . ' | ' .$u;
mail("admin@mobilezonez.net","bad request",$mess,"from:hacker@mobilezonez.net");
echo "Bye Bye Mother ****er!!!";
?>
chmod it to 777
and we are done this will block sql injection logg the attempt email it to you then write the log onto a text file then ban the ip from your server...
thus stopping them in their tracks. hope you all enjoy this code i made
dont forget to say thanks
Comment