Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other
Author Message
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Fri Apr 06, 2007 11:18 am Reply with quote

You know, I've been thinking about this, what do you all think about allowing useragents only, Like get a standard list of user agents, like explorer, firefox and what not as well as search engines.

Then using .htaccess, only allowing standard users-agents and search engines?

Reason I say this, In my time away, I've had to research a LOT of security issues with web based applications. One thing I remember reading from a lot of different sources is that hackers will use a program, ussually a legit one, like Acunetix Web vulnerability scanner, These tools can scan the entire directory of a website and after testing a few, Acunetix seems to be the most aggresively accurate one, but also seems to disregard anything other then .htaccess which simply kills it in its tracks. So to recap, only allowing legitimate user agents and search engine agents we want, could help prevent the intrusion of hackers against legitimate web applications that could be used to harm a site or entire system.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Fri Apr 06, 2007 11:38 am Reply with quote

One problem with that approach - really more of a limiting factor - is that user agents can be spoofed.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
kguske
PostPosted: Fri Apr 06, 2007 11:39 am Reply with quote

But...a honeypot approach could make it effective...
 
gregexp
PostPosted: Fri Apr 06, 2007 2:44 pm Reply with quote

honeypot?
hmmm.

I was thinking that limiting yes, and it would need to probably be continually updated, which could be a security threat in itself.

I guess this idea isnt a bad one, but could use some more insight.
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Fri Apr 06, 2007 2:51 pm Reply with quote

The idea of honeypots is basically a link in robots.txt which a bot is told to ignore. When it tries to access the link its referer data is recorded.
The same could be ised within a directory structure where an extra file is added inside the directory which is not linked to anything. If the link is found, someone will try to access it......
 
View user's profile Send private message Send e-mail
gregexp
PostPosted: Fri Apr 06, 2007 3:05 pm Reply with quote

nice, they call that honeypot?

Well I suppose it works, but if this were people we'd call it entrapment!!

:evil laugh:
I may not be able to do it to a real person but common bots, Imma get you!! lol

sounds like a workable idea.
Thanks for the input.
 
Guardian2003
PostPosted: Fri Apr 06, 2007 4:41 pm Reply with quote

A very simple thing I did last year because of new bots was to place a link in robots.txt i.e. disallow: /theurlhere.html
The link was actually an a known exploit path that would trip Sentinel haha.
 
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Fri Apr 06, 2007 5:33 pm Reply with quote

lol...thats sneaky guardian... killing me
 
View user's profile Send private message
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Fri Apr 06, 2007 6:04 pm Reply with quote

Darklord nice idea but generally that doesn´t work because every idiot can change the user agent.htaccess is power and I´m sure you can use there easily rules for search engines, Ips etc.. I added one user agent into the nuke sentinel blocker, because thats a user agent which was often used by turkish hackers.
And that did the trick. Of course I don´t tell anyone whats the name of this UA.
 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Sat Apr 07, 2007 8:40 am Reply with quote

Guardian2003 wrote:
A very simple thing I did last year because of new bots was to place a link in robots.txt i.e. disallow: /theurlhere.html
The link was actually an a known exploit path that would trip Sentinel haha.


Just a side note, it is funny that I have this in place, and no bot has ever gotten banned. If you are finding this banning bots on your site, then I must not have it right.. Sad

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©