Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other
Author Message
technocrat
Life Cycles Becoming CPU Cycles


Joined: Jul 07, 2005
Posts: 511

PostPosted: Mon Apr 09, 2007 4:36 pm Reply with quote

I have tried a couple of different things and can't get it working so I am looking for some assistance.

I want to block any request that contains ?act=

Any help?

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
technocrat
PostPosted: Mon Apr 09, 2007 6:01 pm Reply with quote

This appears to be working
Code:
RewriteCond %{QUERY_STRING} ^act\=(.*)

RewriteRule ^.*$ http://127.0.0.1/ [R,L]


FYI-This will block the c99shell default access completely.
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Tue Apr 10, 2007 7:17 am Reply with quote

Looks good to me as well. Here are some other examples of things that I have done over the years as they have popped up:

Code:


#
# Tired of external attempts to access Forums admin
#
RewriteCond %{HTTP_REFERER} !^http://(.*)montegoscripts\.com/.*$ [NC]
RewriteCond %{REQUEST_URI} modules/Forums/admin
RewriteRule ^.*$ http://127.0.0.1 [R=301,L]
#
# Try to stop Add Links from external sources
#
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{QUERY_STRING} ^(.*)name=Web_Links(.*)
RewriteRule ^.*$ http://127.0.0.1 [R=301,L]
#
# Added by montego as hack script reports these
#
RewriteCond %{QUERY_STRING} ^(.*)www\.shinwhat\.com(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)leyctud_b0x(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)217\.20\.112\.211(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)sucomi\.com(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)GLOBALS(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)phentermine(.*)$ [NC,OR]
RewriteCond %{REQUEST_URI} ^(.*)register\.php(.*)$ [NC,OR]
RewriteCond %{REQUEST_URI} ^(.*)profile\.php(.*)$ [NC,OR]
RewriteRule ^.*$ http://127.0.0.1 [R=301,L]


I post these only as additional examples for folks in case they need the "pattern" to try.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Tue Apr 10, 2007 9:27 pm Reply with quote

A bunch of other ones that I use.

(Sometimes QUERY_STRING doesn't work for me, so these rules use THE_REQUEST to search the entire request data)

Code:


RewriteCond %{THE_REQUEST}  (YIIQegYGKwYBBQU)         [OR]
RewriteCond %{THE_REQUEST}  (absolute_path)             [OR]
RewriteCond %{THE_REQUEST}  (phpbb_root_path)           [OR]
RewriteCond %{THE_REQUEST}  (classified_path)           [OR]
RewriteCond %{THE_REQUEST}  (THEME_DIR)                 [OR]
RewriteCond %{THE_REQUEST}  (basepath)               [OR]
RewriteCond %{THE_REQUEST}  (BBCodeFile)            [OR]
RewriteCond %{THE_REQUEST}   (spaw_root)               [OR]
RewriteCond %{THE_REQUEST}   (path_red2)               [OR]
RewriteCond %{THE_REQUEST}   (phpc_root_path)         [OR]
RewriteCond %{THE_REQUEST}   (libpath)               [OR]
RewriteCond %{THE_REQUEST}   (includedir)            [OR]
RewriteCond %{THE_REQUEST}   (serverpath)            [OR]
RewriteCond %{THE_REQUEST}   (vwar_root)               [OR]
RewriteCond %{THE_REQUEST}   (dir\[inc\])            [OR]
RewriteCond %{THE_REQUEST}   (rootpath)               [OR]
RewriteCond %{THE_REQUEST}   (file=http:\/\/)         [OR]
RewriteCond %{THE_REQUEST}   (name=http:\/\/)         [OR]
RewriteCond %{THE_REQUEST}  (CPG_M_DIR)               

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
montego
PostPosted: Wed Apr 11, 2007 6:29 am Reply with quote

You know, that is right, I have seen some quirky behavior with QUERY_STRING. I got the above to work, but I like your ideas here. Thanks!
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Thu Apr 12, 2007 8:58 pm Reply with quote

TechonocratI see you were struck by the same module hack I was.
I'm not sure that adding
[code]if (!eregi('image/', get_mime_content_type($imageurl_name))) die(_SP_CONFBANN); [/b] is a complete solution but I'm certainly warming to your htaccess idea.
I do not think there is anything in nuke that uses ?act= but if there is, it always possible to use the less likely ones like;
?act=f
?act=ls
?act=img
 
View user's profile Send private message Send e-mail
technocrat
PostPosted: Fri Apr 13, 2007 7:22 am Reply with quote

My users are reporting that it will affect the arcade mod. So we might need to tweak it some more.

I have some more changes and I will post them once I get to the office.
 
Guardian2003
PostPosted: Fri Apr 13, 2007 8:55 am Reply with quote

I sent you a PM, I understand the original author is working on the isuue now.
 
technocrat
PostPosted: Fri Apr 13, 2007 9:23 am Reply with quote

Code fixes:

First mime_content_type seems to not work very well, so I used this code from DJMaze and it works much better.
Code:
function get_mime_content_type($filename) {

    $mime = array(
            '.3dmf' => 'x-world/x-3dmf',
            '.a' => 'application/octet-stream',
            '.aab' => 'application/x-authorware-bin',
            '.aam' => 'application/x-authorware-map',
            '.aas' => 'application/x-authorware-seg',
            '.abc' => 'text/vnd.abc',
            '.acgi' => 'text/html',
            '.afl' => 'video/animaflex',
            '.ai' => 'application/postscript',
            '.aif' => 'audio/aiff',
            '.aif' => 'audio/x-aiff',
            '.aifc' => 'audio/aiff',
            '.aiff' => 'audio/aiff',
            '.aim' => 'application/x-aim',
            '.aip' => 'text/x-audiosoft-intra',
            '.ani' => 'application/x-navi-animation',
            '.aos' => 'application/x-nokia-9000-communicator-add-on-software',
            '.aps' => 'application/mime',
            '.arc' => 'application/octet-stream',
            '.arj' => 'application/arj',
            '.art' => 'image/x-jg',
            '.asf' => 'video/x-ms-asf',
            '.asm' => 'text/x-asm',
            '.asp' => 'text/asp',
            '.asx' => 'video/x-ms-asf',
            '.au' => 'audio/x-au',
            '.avi' => 'video/avi',
            '.avs' => 'video/avs-video',
            '.bcpio' => 'application/x-bcpio',
            '.bin' => 'application/x-binary',
            '.bm' => 'image/bmp',
            '.bmp' => 'image/bmp',
            '.boo' => 'application/book',
            '.book' => 'application/book',
            '.boz' => 'application/x-bzip2',
            '.bsh' => 'application/x-bsh',
            '.bz' => 'application/x-bzip',
            '.bz2' => 'application/x-bzip2',
            '.c' => 'text/plain',
            '.c++' => 'text/plain',
            '.cat' => 'application/vnd.ms-pki.seccat',
            '.cc' => 'text/plain',
            '.ccad' => 'application/clariscad',
            '.cco' => 'application/x-cocoa',
            '.cdf' => 'application/cdf',
            '.cer' => 'application/pkix-cert',
            '.cer' => 'application/x-x509-ca-cert',
            '.cha' => 'application/x-chat',
            '.chat' => 'application/x-chat',
            '.class' => 'application/java',
            '.com' => 'text/plain',
            '.conf' => 'text/plain',
            '.cpio' => 'application/x-cpio',
            '.cpp' => 'text/x-c',
            '.cpt' => 'application/x-cpt',
            '.crl' => 'application/pkix-crl',
            '.crt' => 'application/pkix-cert',
            '.crt' => 'application/x-x509-user-cert',
            '.csh' => 'application/x-csh',
            '.css' => 'text/css',
            '.cxx' => 'text/plain',
            '.dcr' => 'application/x-director',
            '.deepv' => 'application/x-deepv',
            '.def' => 'text/plain',
            '.der' => 'application/x-x509-ca-cert',
            '.dif' => 'video/x-dv',
            '.dir' => 'application/x-director',
            '.dl' => 'video/dl',
            '.doc' => 'application/msword',
            '.dot' => 'application/msword',
            '.dp' => 'application/commonground',
            '.drw' => 'application/drafting',
            '.dump' => 'application/octet-stream',
            '.dv' => 'video/x-dv',
            '.dvi' => 'application/x-dvi',
            '.dwf' => 'drawing/x-dwf',
            '.dwg' => 'image/x-dwg',
            '.dxf' => 'image/x-dwg',
            '.dxr' => 'application/x-director',
            '.el' => 'text/x-script.elisp',
            '.elc' => 'application/x-elc',
            '.env' => 'application/x-envoy',
            '.eps' => 'application/postscript',
            '.es' => 'application/x-esrehber',
            '.etx' => 'text/x-setext',
            '.evy' => 'application/envoy',
            '.exe' => 'application/octet-stream',
            '.f' => 'text/plain',
            '.f77' => 'text/x-fortran',
            '.f90' => 'text/x-fortran',
            '.fdf' => 'application/vnd.fdf',
            '.fif' => 'image/fif',
            '.fli' => 'video/fli',
            '.flo' => 'image/florian',
            '.flx' => 'text/vnd.fmi.flexstor',
            '.fmf' => 'video/x-atomic3d-feature',
            '.for' => 'text/x-fortran',
            '.fpx' => 'image/vnd.fpx',
            '.frl' => 'application/freeloader',
            '.funk' => 'audio/make',
            '.g' => 'text/plain',
            '.g3' => 'image/g3fax',
            '.gif' => 'image/gif',
            '.gl' => 'video/gl',
            '.gl' => 'video/x-gl',
            '.gsd' => 'audio/x-gsm',
            '.gsm' => 'audio/x-gsm',
            '.gsp' => 'application/x-gsp',
            '.gss' => 'application/x-gss',
            '.gtar' => 'application/x-gtar',
            '.gz' => 'application/x-gzip',
            '.gzip' => 'application/x-gzip',
            '.h' => 'text/plain',
            '.hdf' => 'application/x-hdf',
            '.help' => 'application/x-helpfile',
            '.hgl' => 'application/vnd.hp-hpgl',
            '.hh' => 'text/plain',
            '.hlb' => 'text/x-script',
            '.hlp' => 'application/hlp',
            '.hpg' => 'application/vnd.hp-hpgl',
            '.hpgl' => 'application/vnd.hp-hpgl',
            '.hqx' => 'application/binhex',
            '.hta' => 'application/hta',
            '.htc' => 'text/x-component',
            '.htm' => 'text/html',
            '.html' => 'text/html',
            '.htmls' => 'text/html',
            '.htt' => 'text/webviewhtml',
            '.htx' => 'text/html',
            '.ice' => 'x-conference/x-cooltalk',
            '.ico' => 'image/x-icon',
            '.idc' => 'text/plain',
            '.ief' => 'image/ief',
            '.iefs' => 'image/ief',
            '.iges' => 'application/iges',
            '.igs' => 'application/iges',
            '.ima' => 'application/x-ima',
            '.imap' => 'application/x-httpd-imap',
            '.inf' => 'application/inf',
            '.ins' => 'application/x-internett-signup',
            '.ip' => 'application/x-ip2',
            '.isu' => 'video/x-isvideo',
            '.it' => 'audio/it',
            '.iv' => 'application/x-inventor',
            '.ivr' => 'i-world/i-vrml',
            '.ivy' => 'application/x-livescreen',
            '.jam' => 'audio/x-jam',
            '.jav' => 'text/plain',
            '.java' => 'text/plain',
            '.jcm' => 'application/x-java-commerce',
            '.jfif' => 'image/jpeg',
            '.jfif-tbnl' => 'image/jpeg',
            '.jpe' => 'image/jpeg',
            '.jpeg' => 'image/jpeg',
            '.jpg' => 'image/jpeg',
            '.jps' => 'image/x-jps',
            '.js' => 'application/x-javascript',
            '.jut' => 'image/jutvision',
            '.kar' => 'audio/midi',
            '.ksh' => 'application/x-ksh',
            '.la' => 'audio/nspaudio',
            '.lam' => 'audio/x-liveaudio',
            '.latex' => 'application/x-latex',
            '.lha' => 'application/lha',
            '.lha' => 'application/x-lha',
            '.lhx' => 'application/octet-stream',
            '.list' => 'text/plain',
            '.lma' => 'audio/nspaudio',
            '.lma' => 'audio/x-nspaudio',
            '.log' => 'text/plain',
            '.lsp' => 'application/x-lisp',
            '.lsp' => 'text/x-script.lisp',
            '.lst' => 'text/plain',
            '.lsx' => 'text/x-la-asf',
            '.ltx' => 'application/x-latex',
            '.lzh' => 'application/x-lzh',
            '.lzx' => 'application/x-lzx',
            '.m' => 'text/plain',
            '.m1v' => 'video/mpeg',
            '.m2a' => 'audio/mpeg',
            '.m2v' => 'video/mpeg',
            '.m3u' => 'audio/x-mpequrl',
            '.man' => 'application/x-troff-man',
            '.map' => 'application/x-navimap',
            '.mar' => 'text/plain',
            '.mbd' => 'application/mbedlet',
            '.mcd' => 'application/mcad',
            '.mcf' => 'image/vasa',
            '.mcp' => 'application/netmc',
            '.me' => 'application/x-troff-me',
            '.mht' => 'message/rfc822',
            '.mhtml' => 'message/rfc822',
            '.mid' => 'audio/midi',
            '.midi' => 'audio/midi',
            '.mif' => 'application/x-mif',
            '.mime' => 'www/mime',
            '.mjf' => 'audio/x-vnd.audioexplosion.mjuicemediafile',
            '.mjpg' => 'video/x-motion-jpeg',
            '.mm' => 'application/x-meme',
            '.mme' => 'application/b|ase64',
            '.mod' => 'audio/mod',
            '.moov' => 'video/quicktime',
            '.mov' => 'video/quicktime',
            '.movie' => 'video/x-sgi-movie',
            '.mp2' => 'video/mpeg',
            '.mp3' => 'audio/mpeg3',
            '.mpa' => 'video/mpeg',
            '.mpc' => 'application/x-project',
            '.mpe' => 'video/mpeg',
            '.mpeg' => 'video/mpeg',
            '.mpg' => 'video/mpeg',
            '.mpga' => 'audio/mpeg',
            '.mpp' => 'application/vnd.ms-project',
            '.mpt' => 'application/x-project',
            '.mpv' => 'application/x-project',
            '.mpx' => 'application/x-project',
            '.mrc' => 'application/marc',
            '.ms' => 'application/x-troff-ms',
            '.mv' => 'video/x-sgi-movie',
            '.my' => 'audio/make',
            '.mzz' => 'application/x-vnd.audioexplosion.mzz',
            '.nap' => 'image/naplps',
            '.naplps' => 'image/naplps',
            '.nc' => 'application/x-netcdf',
            '.ncm' => 'application/vnd.nokia.configuration-message',
            '.nif' => 'image/x-niff',
            '.niff' => 'image/x-niff',
            '.nix' => 'application/x-mix-transfer',
            '.nsc' => 'application/x-conference',
            '.nvd' => 'application/x-navidoc',
            '.o' => 'application/octet-stream',
            '.oda' => 'application/oda',
            '.omc' => 'application/x-omc',
            '.omcd' => 'application/x-omcdatamaker',
            '.omcr' => 'application/x-omcregerator',
            '.p' => 'text/x-pascal',
            '.p10' => 'application/x-pkcs10',
            '.p12' => 'application/x-pkcs12',
            '.p7a' => 'application/x-pkcs7-signature',
            '.p7c' => 'application/x-pkcs7-mime',
            '.p7m' => 'application/x-pkcs7-mime',
            '.p7r' => 'application/x-pkcs7-certreqresp',
            '.p7s' => 'application/pkcs7-signature',
            '.part' => 'application/pro',
            '.pas' => 'text/pascal',
            '.pbm' => 'image/x-portable-bitmap',
            '.pcl' => 'application/x-pcl',
            '.pct' => 'image/x-pict',
            '.pcx' => 'image/x-pcx',
            '.pdb' => 'chemical/x-pdb',
            '.pdf' => 'application/pdf',
            '.pfunk' => 'audio/make',
            '.pgm' => 'image/x-portable-graymap',
            '.pic' => 'image/pict',
            '.pict' => 'image/pict',
            '.pkg' => 'application/x-newton-compatible-pkg',
            '.pko' => 'application/vnd.ms-pki.pko',
            '.pl' => 'text/plain',
            '.plx' => 'application/x-pixclscript',
            '.pm' => 'image/x-xpixmap',
            '.pm4' => 'application/x-pagemaker',
            '.pm5' => 'application/x-pagemaker',
            '.png' => 'image/png',
            '.pnm' => 'application/x-portable-anymap',
            '.pnm' => 'image/x-portable-anymap',
            '.pot' => 'application/mspowerpoint',
            '.pot' => 'application/vnd.ms-powerpoint',
            '.pov' => 'model/x-pov',
            '.ppa' => 'application/vnd.ms-powerpoint',
            '.ppm' => 'image/x-portable-pixmap',
            '.pps' => 'application/mspowerpoint',
            '.ppt' => 'application/powerpoint',
            '.ppz' => 'application/mspowerpoint',
            '.pre' => 'application/x-freelance',
            '.prt' => 'application/pro',
            '.ps' => 'application/postscript',
            '.psd' => 'application/octet-stream',
            '.pvu' => 'paleovu/x-pv',
            '.pwz' => 'application/vnd.ms-powerpoint',
            '.py' => 'text/x-script.phyton',
            '.pyc' => 'applicaiton/x-bytecode.python',
            '.qcp' => 'audio/vnd.qcelp',
            '.qd3' => 'x-world/x-3dmf',
            '.qd3d' => 'x-world/x-3dmf',
            '.qif' => 'image/x-quicktime',
            '.qt' => 'video/quicktime',
            '.qtc' => 'video/x-qtc',
            '.qti' => 'image/x-quicktime',
            '.qtif' => 'image/x-quicktime',
            '.ra' => 'audio/x-realaudio',
            '.ram' => 'audio/x-pn-realaudio',
            '.rar' => 'application/rar',
            '.ras' => 'image/cmu-raster',
            '.rast' => 'image/cmu-raster',
            '.rexx' => 'text/x-script.rexx',
            '.rf' => 'image/vnd.rn-realflash',
            '.rgb' => 'image/x-rgb',
            '.rm' => 'audio/x-pn-realaudio',
            '.rmi' => 'audio/mid',
            '.rmm' => 'audio/x-pn-realaudio',
            '.rmp' => 'audio/x-pn-realaudio',
            '.rng' => 'application/ringing-tones',
            '.rnx' => 'application/vnd.rn-realplayer',
            '.roff' => 'application/x-troff',
            '.rp' => 'image/vnd.rn-realpix',
            '.rpm' => 'audio/x-pn-realaudio-plugin',
            '.rt' => 'text/richtext',
            '.rtf' => 'application/rtf',
            '.rtx' => 'application/rtf',
            '.rv' => 'video/vnd.rn-realvideo',
            '.s' => 'text/x-asm',
            '.s3m' => 'audio/s3m',
            '.saveme' => 'application/octet-stream',
            '.sbk' => 'application/x-tbook',
            '.scm' => 'video/x-scm',
            '.sdml' => 'text/plain',
            '.sdp' => 'application/sdp',
            '.sdr' => 'application/sounder',
            '.sea' => 'application/sea',
            '.set' => 'application/set',
            '.sgm' => 'text/sgml',
            '.sgml' => 'text/sgml',
            '.sh' => 'application/x-sh',
            '.shar' => 'application/x-shar',
            '.shtml' => 'text/html',
            '.shtml' => 'text/x-server-parsed-html',
            '.sid' => 'audio/x-psid',
            '.sit' => 'application/x-sit',
            '.sit' => 'application/x-stuffit',
            '.skd' => 'application/x-koan',
            '.skm' => 'application/x-koan',
            '.skp' => 'application/x-koan',
            '.skt' => 'application/x-koan',
            '.sl' => 'application/x-seelogo',
            '.smi' => 'application/smil',
            '.smil' => 'application/smil',
            '.snd' => 'audio/basic',
            '.snd' => 'audio/x-adpcm',
            '.sol' => 'application/solids',
            '.spc' => 'text/x-speech',
            '.spl' => 'application/futuresplash',
            '.spr' => 'application/x-sprite',
            '.sprite' => 'application/x-sprite',
            '.src' => 'application/x-wais-source',
            '.ssi' => 'text/x-server-parsed-html',
            '.ssm' => 'application/streamingmedia',
            '.sst' => 'application/vnd.ms-pki.certstore',
            '.step' => 'application/step',
            '.stl' => 'application/sla',
            '.stp' => 'application/step',
            '.sv4cpio' => 'application/x-sv4cpio',
            '.sv4crc' => 'application/x-sv4crc',
            '.svf' => 'image/x-dwg',
            '.swf' => 'application/x-shockwave-flash',
            '.t' => 'application/x-troff',
            '.talk' => 'text/x-speech',
            '.tar' => 'application/x-tar',
            '.tbk' => 'application/x-tbook',
            '.tcl' => 'application/x-tcl',
            '.tcsh' => 'text/x-script.tcsh',
            '.tex' => 'application/x-tex',
            '.texi' => 'application/x-texinfo',
            '.texinfo' => 'application/x-texinfo',
            '.text' => 'text/plain',
            '.tgz' => 'application/tgz',
            '.tif' => 'image/tiff',
            '.tiff' => 'image/tiff',
            '.tr' => 'application/x-troff',
            '.tsi' => 'audio/tsp-audio',
            '.tsp' => 'application/dsptype',
            '.tsv' => 'text/tab-separated-values',
            '.turbot' => 'image/florian',
            '.txt' => 'text/plain',
            '.uil' => 'text/x-uil',
            '.uni' => 'text/uri-list',
            '.unis' => 'text/uri-list',
            '.unv' => 'application/i-deas',
            '.uri' => 'text/uri-list',
            '.uris' => 'text/uri-list',
            '.ustar' => 'application/x-ustar',
            '.uu' => 'application/octet-stream',
            '.uue' => 'text/x-uuencode',
            '.vcd' => 'application/x-cdlink',
            '.vcs' => 'text/x-vcalendar',
            '.vda' => 'application/vda',
            '.vdo' => 'video/vdo',
            '.vew' => 'application/groupwise',
            '.viv' => 'video/vivo',
            '.vivo' => 'video/vivo',
            '.vmd' => 'application/vocaltec-media-desc',
            '.vmf' => 'application/vocaltec-media-file',
            '.voc' => 'audio/voc',
            '.vos' => 'video/vosaic',
            '.vox' => 'audio/voxware',
            '.vqe' => 'audio/x-twinvq-plugin',
            '.vqf' => 'audio/x-twinvq',
            '.vql' => 'audio/x-twinvq-plugin',
            '.vrml' => 'application/x-vrml',
            '.vrt' => 'x-world/x-vrt',
            '.vsd' => 'application/x-visio',
            '.vst' => 'application/x-visio',
            '.vsw' => 'application/x-visio',
            '.w60' => 'application/wordperfect6.0',
            '.w61' => 'application/wordperfect6.1',
            '.w6w' => 'application/msword',
            '.wav' => 'audio/wav',
            '.wb1' => 'application/x-qpro',
            '.wbmp' => 'image/vnd.wap.wbmp',
            '.web' => 'application/vnd.xara',
            '.wiz' => 'application/msword',
            '.wk1' => 'application/x-123',
            '.wmf' => 'windows/metafile',
            '.wml' => 'text/vnd.wap.wml',
            '.wmlc' => 'application/vnd.wap.wmlc',
            '.wmls' => 'text/vnd.wap.wmlscript',
            '.wmlsc' => 'application/vnd.wap.wmlscriptc',
            '.word' => 'application/msword',
            '.wp' => 'application/wordperfect',
            '.wp5' => 'application/wordperfect',
            '.wp6' => 'application/wordperfect',
            '.wpd' => 'application/wordperfect',
            '.wq1' => 'application/x-lotus',
            '.wri' => 'application/x-wri',
            '.wrl' => 'application/x-world',
            '.wrz' => 'model/vrml',
            '.wsc' => 'text/scriplet',
            '.wsrc' => 'application/x-wais-source',
            '.wtk' => 'application/x-wintalk',
            '.xbm' => 'image/xbm',
            '.xdr' => 'video/x-amt-demorun',
            '.xgz' => 'xgl/drawing',
            '.xif' => 'image/vnd.xiff',
            '.xl' => 'application/excel',
            '.xla' => 'application/excel',
            '.xlb' => 'application/excel',
            '.xlc' => 'application/excel',
            '.xld' => 'application/excel',
            '.xlk' => 'application/excel',
            '.xll' => 'application/excel',
            '.xlm' => 'application/excel',
            '.xls' => 'application/excel',
            '.xlt' => 'application/excel',
            '.xlv' => 'application/excel',
            '.xlw' => 'application/excel',
            '.xm' => 'audio/xm',
            '.xml' => 'text/xml',
            '.xmz' => 'xgl/movie',
            '.xpix' => 'application/x-vnd.ls-xpix',
            '.xpm' => 'image/x-xpixmap',
            '.xpm' => 'image/xpm',
            '.x-png' => 'image/png',
            '.xsr' => 'video/x-amt-showrun',
            '.xwd' => 'image/x-xwd',
            '.xyz' => 'chemical/x-pdb',
            '.z' => 'application/x-compressed',
            '.zip' => 'application/x-zip-compressed',
            '.zoo' => 'application/octet-stream',
            '.zsh' => 'text/x-script.zsh',
        );
        $ext = strtolower(strrchr($filename, '.'));
        if(isset($mime[$ext]))
        {
            $type = $mime[$ext];
            global $browser;
            if ($browser == 'ie' || $browser == 'opera') {  //You will need your own browser detector
                $type = str_replace('application/octet-stream', 'application/octetstream', $type);
            }
            return $type;
        }
        else
        {
            return "text/plain";
        }
}


In SPSubmitSave.php

Find:
Code:
$imageurl_name = $_FILES['site_image']['name'];


After add:
Code:
if (!eregi('image/', get_mime_content_type($imageurl_name))) die(_SP_CONFBANN);


That will stop bad image types

Then find:
Code:
if(move_uploaded_file($imageurl_temp, "modules/$module_name/images/supporters/$oid$ext")) {


After add:
Code:
      list($width, $height, $type, $attr) = @getimagesize("modules/$module_name/images/supporters/$oid$ext");

      if (empty($width) || empty($height)) {
          unlink("modules/$module_name/images/supporters/$oid$ext");
          include_once(NUKE_BASE_DIR.'header.php');
         title(_SP_CONFBANN);
          OpenTable();
          echo "<center><strong>"._SP_NOUPLOAD."</strong></center><br />\n";
          echo "<center>"._GOBACK."</center>";
          CloseTable();
          include_once(NUKE_BASE_DIR.'footer.php');
          exit;
      }

This will stop invalid images
 
technocrat
PostPosted: Wed Apr 18, 2007 12:58 pm Reply with quote

Update:

Added a .htaccess file to the modules/Supporters/images folder with:
Code:
Order allow,deny

allow from all

<FilesMatch "\.php$">
  deny from all
</FilesMatch>


Using evaders99 suggestions I changed the main .htaccess to be:
Code:
RewriteCond %{THE_REQUEST} (\?act\=) [NC,OR]

RewriteCond %{THE_REQUEST} (sql_login) [NC]
RewriteRule ^.*$ http://127.0.0.1/ [R=301,L]
 
Steptoe
Involved
Involved


Joined: Oct 09, 2004
Posts: 293

PostPosted: Tue Apr 24, 2007 1:26 am Reply with quote

Hi guys, havnt been around for a while..
thu thats your fault, the support and stuff nothing goes wrong lol.
Anyway this .htasess thing..
I did get hacked the other day from Turkey, nothing serious, 8 mins and was up again...
This is what I have..
1/ my server is next to me, Apachie on MS
2/ I access it from this machine on the LAN
3/I figured out banning TR ips...well most of them, just got a list of TR isps and TR telecom ranges and banned them in htaccess.

This is what I would like to do...(tried differnt stuff but either doesnt work or the sever becomes inaccessable lol)
1/ I see how to ban access to file types...we need access to .php,
how does one do that yet ban just one file...eg admin.php
Yet allow access to it from 1 ip or ip range? ...eg LAN

2/I use ip_tracking one can see what modules are been visited, but it doesnt list admin.php.....is it possible to have this in the drop down menu?

Cheers Steps
Oh PS, I became a Grandfather the other day...9lb boy

_________________
My Spelling is NOT incorrect, it's Creative 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©