Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Enhancement Requests
Author Message
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Sun Jul 23, 2006 4:36 am Reply with quote

My apologies this did not work:
<?
Header("content-type: application/x-javascript");
$text=" Powered by phpNUKE;
echo "document.write(\"<b><a href=\"http://phpnuke.org\">" . $text . "</b></a>\")";
?>


But this did:

<?
Header("content-type: application/x-javascript");
$text=" Powered by phpNUKE;
echo "document.write(\"<b><a href=\'http://phpnuke.org\'>" . $text . "</b></a>\")";
?>


I read somewhere that you must use dingle quotes inside of double quotes with javascript...nice Laughing

Learn more and more everday.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
spottedhog
Regular
Regular


Joined: Jun 02, 2004
Posts: 88

PostPosted: Sun Jul 23, 2006 7:08 am Reply with quote

darklord, I am very much interested in that text.php file if you would care to share. (larry@smf-nuke.com) I am wondering if that could be incorporated into the current javascript.php file. It would sure be nice to show the admin email and the copyright footer like this.

Here is what I am thinking about..... Putting a "Contact Us" and the bottom of the Modules block with a call to $adminmail so clicking on a link would automatically bring up the admin's email address. No programming changes needed for the site admin.

If you had not seen, I have started a Nuke fork, removing phpbb and replacing it with SMF. Part of this new fork, I had already made a field in the nuke_config table for Meta tags and it is located in the "Preferences" or what I have now called the Site Config admin file. Works perfectly and one can easily change keywords without file modifications.

OK.... back into the fray... Wink

The ultimate goal here is website security. Security through obscurity does have a place, but the true bottom line is stopping hack attempts as early in the process as is possible. For UNIX hosting one has this:

1. Obscurity---reducing presence without clouding content in Search Engines
2. Referring---Not being linked from well known Nuke sites
3. Apache Webserver---hopefully at least having DOS protection
4. .htaccess---The first wall for specific site security
5. Secure Code---Patching holes in mainfile.php, admin.php, and all modules, etc.

kguske, your original post was asking how to lesson two specific searches. I think there are some very good and usable ideas are presented in hiding "powered by" etc. Sooo, now on to the other search criteria... One could put in the .htaccess file a RewriteCond and RewriteRule for changing "modules.php?name" to something else. Isn't this how GoogleTap works?
 
View user's profile Send private message Visit poster's website
gregexp
PostPosted: Sun Jul 23, 2006 7:26 am Reply with quote

if you rewrite the url, you would still be left with the problem of links on the mainpage directing to modules.php

You would need to completely rewrite those links and I posted the text.php code, Its all javascript and I thought perhaps this was exactly what you all were looking for, a way to keep it out of the source but still display what you would like.
 
spottedhog
PostPosted: Sun Jul 23, 2006 9:04 am Reply with quote

Thanks for the code darklord! ...just wanted to make sure.

ahhhhh yes.... great point about links, etc.

Hmmmmm.... It would appear then that one cannot totally eliminate all search engine possible queries, but maybe only lesson the potential, which is not a bad thing.
 
gregexp
PostPosted: Sun Jul 23, 2006 9:54 am Reply with quote

well most would like to difine there own search patterns but I have no clue how google and other search engines actually interact with a site, I just had an idea.
I'm willing to learn and would be more beneficial to this discussion if I knew. Right now I can feel the gears in my head turning, I have some ideas.
Just need to redup on some things.
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Sun Jul 23, 2006 11:44 am Reply with quote

You can use a simple script like this (not tested) to echo referer strings to you site
Code:


<?
$referer = $_SERVER['HTTP_REFERER'];

$temp_array = explode('?', $referer);
echo "<pre>";
print_r($temp_array);
echo "</pre><hr>";

$temp_array2 = explode('&', $temp_array[1]);
echo "<pre>";
print_r($temp_array2);
echo "</pre><hr>";

$searchwords = explode('=', $temp_array2[0]);
$searchword = urldecode($searchwords[1]);
echo "Your search words are: $searchword<br /><br />";
?>

It is then only a matter or searching the $temp_array2 for a match and then executing something if a match is found (such as feeding it to a Sentinel blocker).
 
View user's profile Send private message Send e-mail
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Sun Jul 23, 2006 3:24 pm Reply with quote

Really, I was half-kidding when I started this topic. Given the many responses, the question becomes: what do you do when you identify one who searches for these terms? Ban them?

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
gregexp
PostPosted: Sun Jul 23, 2006 3:52 pm Reply with quote

banning would be kinda an overkill, would be nice to bann them for an hour or so.

Like to add them to the .htacess then remove them.
 
kguske
PostPosted: Sun Jul 23, 2006 3:59 pm Reply with quote

Hmmm. A temporary ban is interesting. Most don't have the patience to wait, but why not just let NukeSentinel handle that, instead of writing it to htaccess?

Still, what if it is a legitimate search? How can you really know...
 
gregexp
PostPosted: Sun Jul 23, 2006 4:07 pm Reply with quote

This is true,
Curious ok, lets say they use a bot to search the sites with, Do they normally do that? if so lets force it to redirect to ....DoIBannYou.php

Then DoIBannYou.php would be setup with a security image and timed dealay.

Put 2 scenerios in there, If they dont except cookies, bann em for the hour, if they do, wait lets say 30 sec and if they dont respond bann em. If they respond but do it 5 times incorrectly, bann em. If they manage to make it within 5 times, let them on through and set a cookie tellin sentinel that they are welcome.

And I like the idea to use the database to bann someone but I've been told that the database can be specifically hit to lagg enough for sentinel to not catch them. As long as aache is up, .htaccess catches em.
 
Guardian2003
PostPosted: Sun Jul 23, 2006 4:17 pm Reply with quote

I guess it depends on the search terms used.
For example, a search for 'nukeseo' of 'phpnuke seo module' would be quite valid search criteria for your site kguske so one would have to be careful when handling 'phpnuke' as a search term.
The same could be said for support and development sites where 'phpnuke' might be part of a valid search. I guess it depends on what else is part of the string or if it is something in the default meta.php.

What might be interesting is search strings for the likes of 'vwar' or 'gallery' etc.

A very interesting thread though Smile
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Enhancement Requests

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©