You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 64 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - ptap version 1.0 released [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

ptap version 1.0 released
 
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view Nuke Cops Forum Index » Protector
View previous topic Log in to check your private messages View next topic
Author Message
steven111
Lieutenant
Lieutenant


Joined: Dec 30, 2003
Posts: 283
PostPosted: Mon Mar 29, 2004 1:46 pm Reply with quoteBack to top
Based on the discussion here: http://www.nukecops.com/postlite25918-api.html I have released ptap version 1.0.

What is ptap? ptap (Protector Tap) is a standard function to be used by authors of security patches. Once they trap an intrusion, they call ptap function which automatically bans the offending ip.

Do I need Protector? ptap writes the IP number into Protector. If Protector does not exist, then the information is emailed to admin.

Can I employ ptap in my existing code? Yes, find the existing security patches, e.g. "intvar[$_Get...]" and modify them to use the function. The next post will have an example of use.

_________________
ezClassifieds|Forums:Auto,Mac,Job,Win,HW
Find all posts by steven111View user's profileSend private messageVisit poster's website
steven111
Lieutenant
Lieutenant


Joined: Dec 30, 2003
Posts: 283
PostPosted: Mon Mar 29, 2004 1:58 pm Reply with quoteBack to top
To implement ptap, open mainfile.php [edited]

Locate the last line:
Code:
?>


Before it, insert:

Code:
function ptap($comments, $severity_level) {
   //protector tap, intercepts hack attempts and writes them to Protector tables, and/or emails admin
   //Version 1.0  March 29, 2004
   //By: steven11
   //input: $comments: add comments to make clear what the problem is
   //$severity_level:  B (for Ban), W (for warning, don't ban, just send warning to admin)
   global $db, $prefix, $userdata;
   
   $send_always = 1; //<< set this to one, to always send a message to admin
   
   //does Protector exist
   $protector= file_exists("banned.gif");  //database independ. way of doing things...
   $severity_level = strtoupper($severity_level); //prevent input case problem
   
   $info = "blocked by ptap<br>" . $_SERVER['PHP_SELF'] . "?" . $_SERVER['REQUEST_URI'];
   $ip = $_SERVER['REMOTE_ADDR'];   
   $user = "ptap";
   
   if ($protector && $severity_level == "B") {
      $f_info = addslashes($info);
      ($severity_level == 'B') ? $slevel =1 : $slevel =0;
      $sql = "insert into {$prefix}_blocked (ip, date, info, user, banned) values
         ('$ip', now(), '$f_info', '$user', $slevel)";
      $db->sql_query($sql);
   }
   
   //if protector not installed, or $send_always, send a message to admin
   if (!$protector || $send_always) {
      $sql = "select email from {$prefix}_authors where name='God'";
      $result = $db->sql_query($sql);
        $row = $db->sql_fetchrow($result);
        $admin_email = $row[0];
        $subject = "Hack attempt detected, severity: $severity_level";
        $message = "Detected hack attempt:\r\n" .
                 "comments: $comments\r\n" .
                 "IP: $ip\r\n" . 
                 "url: " . $_SERVER['PHP_SELF'] . "?" . $_SERVER['REQUEST_URI'];
      if (strlen($message) > 255) $message = substr($message, 0, 252) . "..";
        mail($admin_email, $subject, $message, "From: <$admin_email>\r\n");
   }
   
   echo "<br>Hack attemp detected.  IP Banned";
   exit;
}



---------------------
How to call the function:

I will give an example in viewtopics.php

Locate:
Code:
$topic_id = intval($HTTP_GET_VARS[POST_TOPIC_URL]);


Before it insert:
Code:
if (intval($HTTP_GET_VARS[POST_TOPIC_URL]).'' != $HTTP_GET_VARS[POST_TOPIC_URL])
               ptap("hack attemp here", "B");


Note: to make the "not equate" above work, note the (.'') !!

How to test? Just view a topic, and then manipulate the 't' parameters in the URL: make it non-numeric e.g. t=12aabb instead of t=123
this will result in the offending IP being banned. If you do it from your own pc, you can still get into admin, at which place you can simply delete the entry (via Protector).

Very Happy steven

_________________
ezClassifieds|Forums:Auto,Mac,Job,Win,HW
Find all posts by steven111View user's profileSend private messageVisit poster's website
EscortCossie
Lieutenant
Lieutenant


Joined: Feb 21, 2004
Posts: 235

Location: Stavanger, Norway
PostPosted: Thu Apr 01, 2004 11:57 pm Reply with quoteBack to top
Thanks steven, this sounds great!

But I already use Raven's Hack Attempt script.. Can I add ptap on top and have both scripts installed?

_________________
Image
Visit the Ford Escort Portal >> EscortPower.net!
Find all posts by EscortCossieView user's profileSend private messageVisit poster's website
steven111
Lieutenant
Lieutenant


Joined: Dec 30, 2003
Posts: 283
PostPosted: Fri Apr 02, 2004 12:18 am Reply with quoteBack to top
Hi EscortCossie,
Glad you see this as having value. Just use the code before you use Raven's (I have not looked at Raven's but this should work), and comment out the "exit" (one before the last line). Then the code would put the offending IP into Protector, and simply come back to you.
(note: you can also comment out email(....) if you wish, not to get duplicate emails).

steve

_________________
ezClassifieds|Forums:Auto,Mac,Job,Win,HW
Find all posts by steven111View user's profileSend private messageVisit poster's website
EscortCossie
Lieutenant
Lieutenant


Joined: Feb 21, 2004
Posts: 235

Location: Stavanger, Norway
PostPosted: Fri Apr 02, 2004 12:22 am Reply with quoteBack to top
Thanks. Will give it a try Wink

_________________
Image
Visit the Ford Escort Portal >> EscortPower.net!
Find all posts by EscortCossieView user's profileSend private messageVisit poster's website
Display posts from previous:      
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view Nuke Cops Forum Index » Protector
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by · TOGETHER TEAM srl ITALY http://www.togetherteam.it · DONDELEO E-COMMERCE http://www.DonDeLeo.com
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.329 Seconds - 202 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::