turn off registration from any other sites

**GiLL** · 23.10.09, 03:06

try this in your reg.php if your using mobile chat script etc

Code:

$cou = mysql_fetch_array(mysql_query("SELECT `ip`,`soft` FROM `chat_users` order by id desc LIMIT 1"));


if($cou[0]=="".getenv(REMOTE_ADDR)."") { include "./ban.php"; }

make a ban.php

Code:

<?
echo '<card title="'.getenv(REMOTE_ADDR).'@ NO ACCESS  banned!">';
echo "<p align=\"center\">";
echo"<b>banned  by staff !</b><br/>";
echo"<b>Contact Site Owners  admin@yoursite.com</b><br/>";
echo "<a href=\"index.php\">BACK</a><br/><b>© your site</b>";
echo "</p></card></wml>";
@mysql_close();
?>

or use this for ban ip range or seg make a php file called ipban.php and in reg.php put this on top after header codes

include "./ipban.php";

Code:

<?


$getip = $_SERVER["REMOTE_ADDR"];
$banned_ip = array();

// Here you  change ips which  you   want   ban  
$banned_ip[] = '172.99.*';
$banned_ip[] = '200.145.131.216*';
$banned_ip[] = '193.*';



foreach($banned_ip as $banned)
{
$blacked=str_replace('*', '', $banned);
$len=strlen($blacked);
if ($ip==$blacked || substr($getip, 0, $len)==$blacked)
{

echo 'You are banned!';
exit;
}
}

?>

**~~coder4u~~** · 23.10.09, 03:13

random bot

plz put captcha.php number and alphabet ok u can secure ur register its a auto bot

**~~coder4u~~** · 23.10.09, 03:15

hmm

gill u gv here code its a live chat reg secure not forum secure lol

**~~coder4u~~** · 23.10.09, 03:17

captcha.php
<?
session_start();
header('content-type: image/jpeg');
$text = rand(10000,99999);
$_SESSION["vercode"] = $text;

$height = 25;
$width = 65;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 0, 0, 0);
$white = imagecolorallocate($image_p, 255, 255, 255);
$font_size = 14;
imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);
?>

**GiLL** · 23.10.09, 03:21

Originally posted by coder4u View Post

captcha.php
<?
session_start();
header('content-type: image/jpeg');
$text = rand(10000,99999);
$_SESSION["vercode"] = $text;

$height = 25;
$width = 65;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 0, 0, 0);
$white = imagecolorallocate($image_p, 255, 255, 255);
$font_size = 14;
imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);
?>

what you wana say it doesnt make sense what the h** your talking about mr poor hacker ? dont teach me ok ?and stop flooding here

**~~coder4u~~** · 23.10.09, 04:00

gill shut up go to hell dont mezz with me mad

**ranzit2** · 23.10.09, 04:29

Originally posted by coder4u View Post

gill shut up go to hell dont mezz with me mad

keep your fights in inbox.

**GiLL** · 23.10.09, 04:47

Originally posted by coder4u View Post

gill shut up go to hell dont mezz with me mad

do what ever u can do ok ? blody i know very well u dont crack me up

**Navjot_Saini** · 23.10.09, 08:19

lolz.......

**bijaybd** · 23.10.09, 08:34

hey gril bro thanks but can you give me a cobination code like it will delect the browser or like it will detect both like if brower=="soft" AND ip=="ipadd" like this because they are single ip used by 100 of chatter so if i block 1 ip then the user will face problem so either i need the browser detection or ip and browser both i have tried to put the browser problem but it wont work for me

**Navjot_Saini** · 23.10.09, 08:50

juz wait 4 2 days i ill share wht u need ....dammm busy sorry

**subzero** · 23.10.09, 09:25

Code:

This is your basic CAPTCHA that you can find on many web sites to HELP stop robots.
image.php

<?php 
// Font directory + font name 
$font = 'fonts/Disney.ttf'; 
// Total number of lines 
$lineCount = 40; 
// Size of the font 
$fontSize = 40; 
// Height of the image 
$height = 50; 
// Width of the image 
$width = 150; 
$img_handle = imagecreate ($width, $height) or die ("Cannot Create image"); 
// Set the Background Color RGB 
$backColor = imagecolorallocate($img_handle, 255, 255, 255); 
// Set the Line Color RGB 
$lineColor = imagecolorallocate($img_handle, 175, 238, 238); 
// Set the Text Color RGB 
$txtColor = imagecolorallocate($img_handle, 135, 206, 235); 

// Do not edit below this point 
$string = "abcdefghijklmnopqrstuvwxyz0123456789"; 
for($i=0;$i<6;$i++){ 
    $pos = rand(0,36); 
    $str .= $string{$pos}; 
} 
$textbox = imagettfbbox($fontSize, 0, $font, $str) or die('Error in imagettfbbox function'); 
$x = ($width - $textbox[4])/2; 
$y = ($height - $textbox[5])/2; 
imagettftext($img_handle, $fontSize, 0, $x, $y, $txtColor, $font , $str) or die('Error in imagettftext function'); 
for($i=0;$i<$lineCount;$i++){ 
    $x1 = rand(0,$width);$x2 = rand(0,$width); 
    $y1 = rand(0,$width);$y2 = rand(0,$width); 
    imageline($img_handle,$x1,$y1,$x2,$y2,$lineColor); 
} 
header('Content-Type: image/jpeg'); 
imagejpeg($img_handle,NULL,100); 
imagedestroy($img_handle); 

session_start(); 
$_SESSION['img_number'] = $str; 
?>  

form.php

<form action="result.php" method="post"> 
    <img alt="Random Number" src="image.php">  
    <input type="text" name="num"><br> 
    <input type="submit" name="submit" value="Check"> 
</form>  

result.php

<?php 
session_start(); 
if($_SESSION['img_number'] != $_POST['num']){ 
    echo'The number you entered doesn\'t match the image.<br> 
    <a href="form.php">Try Again</a><br>'; 
}else{ 
    echo'The numbers Match!<br> 
    <a href="form.php">Try Again</a><br>'; 
} 
?>

**bijaybd** · 23.10.09, 11:37

okey work done now user will not able to register with same browser + if the user is from pc will not able to register from same ip i guess it gonna work but if anyone able to give me like 30 seconds wait before registration that will be so greatful me and thanks subzeero bro gill bro and all for helping me

**CreativityKills** · 23.10.09, 20:36

Durin one of my auditing lessons, i deciphered frm the biggest to the smallest hacking trick in PHP apps, they all boil down to one single ****: input validation. The code subzero gave is only useful when defending noobs, cuz i'll break no sweat getn past that. How? Take a luk at his validation, it says if( session stored != posted num ) deny. What if both parts were empty? Like i didnt visit d page and i sent a post request? It'll pass that cuz session_stored=null and posted_num=null which validates as equals cuz null=null. Another hole lingers and im sure majority ov u stil got that, reasn why my bot thrives. U forget to destroy the session. Which means i can use a session a million times. Visiting ur reg page wud give me a session whuz value is gracefully visible in captcha, copy that value, go to my external request sender or external form that posts to ur reg page wit d same text inputs and passing that first session = a millie a millie a millie

**CreativityKills** · 23.10.09, 20:51

So that said i'll give u an example of a proper validation.

PHP Code:


$captchaSession=$_SESSION['img_num']; //session set by ur captcha.php

$captchaMatch=$_POST['num'];

if(empty($captchaSession)||empty($captchaMatch)||$captchaSession!=$captchaMatch){

unset($_SESSION['img_num']);

die('Your verification number didnt match.');

}else{

unset($_SESSION['img_num']);

//CONTINUE

}

you can change the die() to sumtin user friendly. And u may use session_destroy() or session_unset() in place of unset(). The importance of removin or reseting d session cannot be overemphasized as if its nt, u myt as well nt use a captcha.

WANT A SECURITY AUDIT ON YA SCRIPT? PM ME. I DONT COST MUCH ;)

turn off registration from any other sites

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment