My hacker trap solution

Bagi Zoltán · 01-20-2008, 01:34 PM

Hello everybody, i would like to share with you my hacker trap solution which provides the following fuctions:

validate the Googlebot, the msnbot and the Yahoo! Slurp so when someone proxify the the site it won't cause content duplication,
make possible to ban certain user agents, IPs as well,
inspect the requested URL string so when someone would like to manipulate the mysql database via injection method the trap will reward it with a very elegant IP ban (this function must be modify in accordance of the website and the needs) ,

Below you may see the core file which control the access to the site, called security.php

PHP Code:

   <?php

$ua = $_SERVER['HTTP_USER_AGENT'];

$webadress = $_SERVER['REQUEST_URI'];

$ip = $_SERVER['REMOTE_ADDR'];

$target = file(dirname(__FILE__)."/ip-logfile.txt");

$sqltarget = file(dirname(__FILE__)."/sql-injection.txt");

$ualist = file(dirname(__FILE__)."/banned-ua.txt");

$loc = dirname(__FILE__);

 
//if the visitor said to be a robot

if(strstr($ua, 'msnbot') || stristr($ua, 'Googlebot') || stristr($ua, 'Yahoo! Slurp')){

//we must validate it

require "$loc/security-proxy-checker.php";

}

else{

 
//visitors with banned user agents are not allowed to access

foreach($ualist as $item){

$item = trim($item);

if(stristr($ua, $item)){

require "$loc/message.php";

exit;}}

//visitors with banned IPs are not allowed to access

foreach($target as $item){

$item = trim($item);

if(stristr($ip, $item)){

require "$loc/message.php";

exit;

}}

 
//let's inspect the requested URL string

foreach($sqltarget as $sqlitem){

$sqlitem = trim($sqlitem);

if(stristr($webadress, $sqlitem)){

require "$loc/index.php";

exit;}}}

?>

As you may recognise the script uses txt file which stores the banned user agent / IP and typical string particulars which may be used during the sql injection attack.

Very important part of the solution is the index.php file with the following code

PHP Code:

   <?php

$ip = $_SERVER["REMOTE_ADDR"];

$webadress = $_SERVER['REQUEST_URI'];

$loc = dirname(__FILE__);

$logfile = "$loc/ip-logfile.txt";

$urllogfile = "$loc/requested-string.txt";

$time = date("F j, Y, g:i a"); 

require "$loc/message.php";

//Let's start the statistic module

//store the IP as first step

$fp = fopen($logfile, 'a');

fputs($fp, "$ip

");

fclose($fp);

$fpstring = fopen($urllogfile, 'a');

//Put the string and some very importent parameter into a control logfile so if somebody was banned without any reason we will have the chance to fix that

fputs($fpstring, "$ip requested this string $webadress this time $time

");

fclose($fpstring);

exit;

?>

My favourite part of the whole thing is the message.php which stores my greetings to the attackers.

Attaching you may find the whole archived folder (with Hungarian comments in the files). In order to implement the trap all you need to do is to upload the files into an optional folder let's name it core for instance and place this code to the very front of the files you would like to protect.

PHP Code:

   <?php require "/thisisthepathof/core/security.php"; ?>

And one more thing. Don't forget to restict the crawl of the optional core folder where the files are stored in the robots.txt file, this may catch some extra bad guy.

I warrant nothing but this works very well at my site.
Thanks

alemcherry · 02-24-2008, 05:25 PM

That is really nice, thanks!

kaeverak · 05-13-2008, 10:52 AM

Wow, looks good, I'll give it a run through on a few sites and see how it does.

02-24-2008, 05:25 PM	#2
alemcherry Senior Member Join Date: Mar 2007 Posts: 264	Re: My hacker trap solution That is really nice, thanks! __________________ Web Hosting Reviews - Dedicated Server Review - Bluehost Review

05-13-2008, 10:52 AM	#3
kaeverak Smurf Join Date: May 2008 Posts: 18	Re: My hacker trap solution Wow, looks good, I'll give it a run through on a few sites and see how it does.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Hacker.sc	hitachi	Domain Appraisals	6	03-16-2007 01:34 PM
Hacker.sc	hitachi	Domains for Sale	3	02-16-2007 03:12 PM
Total IT Solution Provider	kapilver	Web Development	3	10-03-2006 01:37 PM
Hallo, I need a solution	sanstors	Search Engine Optimization (SEO)	3	07-18-2006 10:15 AM
Expert solution	softmind82	Web Development	2	05-31-2006 01:39 AM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)