forum anasayfanızda log.txt diye bir dosya oluşturmanız da gerekmektedir.
- Kod: Tümünü seç
## easymod compliant
#################################################################
## MOD Title: Board security
## MOD Author: Xenos
##
## MOD Description: Ajout d'une fonction qui vous permets de securiser votre forum
## contre les injections de codes via votre url
## Ce mod vous permets de récuperer les information des attaques via
## un fichier log.txt
##
## MOD Version: 1.0.1
##
## Installation Level: easy
## Installation Time: 1 min
##
## Files To Edit: common.php
##
## Included Files: 1
##
## License: http://opensource.org/licenses/gpl-license.php GNU General Public License v2
##############################################################
## MOD History:
##
## 2006-09-22 - Version 0.1.1
## - integration du log.txt par spitfire pat
##
## 2006-09-21 - Version 0.1.0
## - initial beta
##############################################################
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD
##############################################################
#
#-----[ OLUŞTUR ]------------------------------------------
#
root/log.txt
#
#-----[ OPEN ]------------------------------------------
#
common.php
#
#-----[ FIND ]------------------------------------------
#
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
#
#-----[ BEFORE, ADD ]------------------------------------------
#
//
// Debut Mod board security
//
$url_denied = array(
'/bin', '/usr', '/etc', '/boot', '/dev', '/perl', '/initrd', '/lost+found', '/mnt', '/proc', '/root', '/sbin', '/cgi-bin', '/tmp', '/var',
'ps%20', 'wget%20', 'uname%20-a', '/chgrp', 'chgrp%20', '/chown', 'chown%20', '/chmod', 'chmod%20', 'md%20', 'mdir', 'rm%20', 'rmdir%20', 'mv%20', 'tftp%20', 'ftp%20', 'telnet%20', 'ls%20',
'gcc%20-o', 'cc%20', 'cpp%20', 'g++%20', 'python%20', 'tclsh8%20', 'nasm%20', 'perl%20', 'traceroute%20', 'nc%20', 'nmap%20', '%20-display%20', 'lsof%20',
'.conf', '.htgroup', '.htpasswd', '.htaccess', '.history', '.bash_history',
'/rksh', '/bash', '/zsh', '/csh', '/tcsh', '/rsh', '/ksh', '/icat', 'document.domain(',
'/....', '..../', 'cat%20', '/*%0a.pl',
'/server-status', 'chunked', '/mod_gzip_status',
'cmdd=', 'path=http://', 'exec', 'passthru', 'cmd', 'fopen', 'exit', 'fwrite',
'<script', '/script>', '<?', '?>', 'javascript://', 'img src=',
'phpbb_root_path=', 'sql=', 'delete%20', '%20delete', 'drop%20', '%20drop', 'insert into', 'select%20', '%20select', 'union%20', '%20union', 'union(',
'chr%20', 'chr(', 'http_', '_http', 'php_', '_php', '_global', 'global_', 'global[', '_globals', 'globals_', 'globals[', '_server', 'server_', 'server[',
'$_request', '$_get', '$request', '$get',
);
$_server = isset($_SERVER) && !empty($_SERVER) ? '_SERVER' : 'HTTP_SERVER_VARS';
$_env = isset($_ENV) && !empty($_ENV) ? '_ENV' : 'HTTP_ENV_VARS';
if ( ($url_request = !empty(${$_server}['QUERY_STRING']) ? ${$_server}['QUERY_STRING'] : (!empty(${$_env}['QUERY_STRING']) ? ${$_env}['QUERY_STRING'] : getenv('QUERY_STRING'))) )
{
$url_request = preg_replace('/([\s]+)/', '%20', strtolower($url_request));
$url_checked = preg_replace('/[\n\r]/', '', str_replace($url_denied, '', $url_request));
if ( $url_request != $url_checked )
{ $remote_addr = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') );
$message = "Date: " . Date('D d M Y à G:i', time()) . "\r\n";
$message .= "Requête: " . $HTTP_SERVER_VARS['PHP_SELF'] . '?' . $url_request . "\r\n";
$message .= "Referrer: " . $HTTP_SERVER_VARS['HTTP_REFERER'] . "\r\n";
$message .= "User_agent: " . $HTTP_SERVER_VARS['HTTP_USER_AGENT'] . "\r\n";
$message .= "Adresse IP: " . $remote_addr . "\r\n";
$message .= "Hôte distant: " . $HTTP_SERVER_VARS['REMOTE_HOST'] . "\r\n";
$message .= "__________________________________________________\r\n";
$handle =fopen('log.txt', 'a');
fwrite($handle,$message);
fclose($handle);
die('Securised by Phpbb-fr');
}
}
unset($_server);
unset($_env);
//
// Fin Mod board security
//
#
#-----[ SAVE/CLOSE ALL FILES ]---------------------------------
#
# EoM