| Author |
Message |
bones
Hangin' Around
Joined: Sep 18, 2003
Posts: 36
|
 Posted:
Tue Mar 02, 2004 3:53 pm |
|
just wanted to let you know that your 7.0 distro and the hacker script
works perfectly so far the hacker script has stopped the hacker from hacking my site 3 times. Nice job raven.
bob |
| |
|
 
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Tue Mar 02, 2004 4:09 pm |
|
I can't tell you the number that have been stopped here also. Thanks for the update! |
| |
|
|
|
|
bones
|
| Posted:
Tue Mar 02, 2004 4:16 pm |
|
your welcome, i am just called you came up with that script. thanks again
bob |
| |
|
|
|
|
Rikk03
Worker
Joined: Feb 16, 2004
Posts: 164
|
| Posted:
Wed Mar 03, 2004 6:26 am |
|
I added the hacker script and several of the admin interfaces for Add Story DB Backup and Blocks control all disappear, - I did as instructed, - pasted the union code into mainfile.php.
If i remove that code then they show up again. Any ideas whats causing it?
Richard |
| |
|
|
|
|
Raven
|
| Posted:
Wed Mar 03, 2004 7:00 am |
|
Please post the first 25 lines or so in your mainfile.php script. |
| |
|
|
|
|
Rikk03
|
| Posted:
Wed Mar 03, 2004 7:03 am |
|
<?php
$phpver = phpversion();
if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
$do_gzip_compress = TRUE;
ob_start();
ob_implicit_flush(0);
//header('Content-Encoding: gzip');
}
}
}
$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}
if (!ini_get("register_globals")) {
import_request_variables('GPC');
}
foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
if (eregi("mainfile.php",$PHP_SELF)) {
Header("Location: index.php");
die();
}
if ($forum_admin == 1) {
require_once("../../../config.php");
require_once("../../../db/db.php");
} elseif ($inside_mod == 1) {
require_once("../../config.php");
require_once("../../db/db.php");
require_once("../../admin/modules/oscnuke/init.php");
} else {
require_once("config.php");
require_once("db/db.php");
require_once("includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
include_once("admin/modules/oscnuke/init.php");
}
$mainfile = 1;
$sql = "SELECT sitename, nukeurl, site_logo, slogan, startdate, adminmail, anonpost, Default_Theme, foot1, foot2, foot3, commentlimit, anonymous, minpass, pollcomm, articlecomm, broadcast_msg, my_headlines, top, storyhome, user_news, oldnum, ultramode, banners, backend_title, backend_language, language, locale, multilingual, useflags, notify, notify_email, notify_subject, notify_message, notify_from, footermsgtxt, email_send, attachmentdir, attachments, attachments_view, download_dir, defaultpopserver, singleaccount, singleaccountname, numaccounts, imgpath, filter_forward, moderate, admingraphic, httpref, httprefmax, CensorMode, CensorReplace, copyright, Version_Num, activate_ads, first_ad, next_ads, max_ads, random_ads, hide_ads FROM ".$prefix."_config";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$sitename = $row[sitename];
$nukeurl = $row[nukeurl];
$site_logo = $row[site_logo];
$slogan = $row[slogan];
$startdate = $row[startdate];
$adminmail = $row[adminmail]; |
| |
|
|
|
|
Rikk03
|
| Posted:
Wed Mar 03, 2004 7:04 am |
|
|
|
|
|
Raven
|
| Posted:
Wed Mar 03, 2004 7:09 am |
|
I need to see the code you are adding and where you added it, etc. |
| |
|
|
|
|
Rikk03
|
| Posted:
Wed Mar 03, 2004 7:16 am |
|
Code:<?php
if (stristr($_SERVER["QUERY_STRING"],'%20union%20')) header("Location: hackattempt.php/");
$phpver = phpversion();
if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
$do_gzip_compress = TRUE;
ob_start();
ob_implicit_flush(0);
//header('Content-Encoding: gzip');
}
}
}
$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}
if (!ini_get("register_globals")) {
import_request_variables('GPC');
}
foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
if (eregi("mainfile.php",$PHP_SELF)) {
Header("Location: index.php");
die();
}
if ($forum_admin == 1) {
require_once("../../../config.php");
require_once("../../../db/db.php");
} elseif ($inside_mod == 1) {
require_once("../../config.php");
require_once("../../db/db.php");
require_once("../../admin/modules/oscnuke/init.php");
} else {
require_once("config.php");
require_once("db/db.php");
require_once("includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
include_once("admin/modules/oscnuke/init.php");
}
|
|
| |
|
|
|
|
Rikk03
|
| Posted:
Wed Mar 03, 2004 7:20 am |
|
should i put that union code into the header instead maybe? |
| |
|
|
|
|
Rikk03
|
| Posted:
Wed Mar 03, 2004 7:22 am |
|
Ive got to go out - back in an hour or so |
| |
|
|
|
|
Raven
|
| Posted:
Wed Mar 03, 2004 7:24 am |
|
Look at your error logs (server and php) to see if there are any notes there. Also, remove the trailing /. You can try moving it but I don't know why that would matter. |
| |
|
|
|
|
Rikk03
|
| Posted:
Wed Mar 03, 2004 9:38 am |
|
Removing the trailing / worked!
Richard  |
| |
|
|
|
|
64bitguy
The Mouse Is Extension Of Arm
Joined: Mar 06, 2004
Posts: 1164
|
| Posted:
Fri Mar 12, 2004 10:58 pm |
|
Hi RavenFolk!
Just wanted to thank Raven for another d*** nice script!
(I hope that my saying the D word doesn't get me banned) 
Anyway.. I set this script up in my PHP-Nuke 7.0 (NukeCops 2.2 bundle) and just to let you know, I replaced their
Code:if (stristr($_SERVER["QUERY_STRING"],'%20union%20')) header("Location: index.php");
|
With your
Code:if (stristr($_SERVER["QUERY_STRING"],'%20union%20')) header("Location: hackattempt.php");
|
Please note that this differs from your instructions which show:
Code: if (stristr($_SERVER["QUERY_STRING"],'%20union%20')) header("Location: hackattempt.php/");
|
The TRAILING / HAD TO BE REMOVED in order for this solution to work and in order for the page to come up. Otherwise, I simply got an error and no email was created either.
You may want to update your readme to indicate this minor correction.
As another note, I was happy to see that the NukeCops bundle addressed the issue, but I AM concerned that no effort is made in their solution to notify me that an attempt has been made to comprimise my site. Anyway... this seems to totally fix that problem.
Thanks again! |
_________________
Steph Benoit
100% Section 508 and W3C HTML5 and CSS Compliant (Truly) Code, because I love compliance. |
|
|
|
|
Raven
|
| Posted:
Fri Mar 12, 2004 11:10 pm |
|
Actually, use this code instead:
if (stristr($_SERVER["QUERY_STRING"],'%20union%20')) {
$loc = $_SERVER['QUERY_STRING'];
header("Location: hackattempt.php?$loc");
die();
}
I have just updated the download and will announce it |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
