[Guide] [How To]Protect ur Hotel && Little Patche`s and loggers[Read now]

[Habblet]

Hello, Ragezone`rs!

Here`s a little protection for ur Hotel(s)
First the credits:
- Habblet (Marco AKA Strato)


SQLInjection logger #,1
Notice! You need to be a good programmer for devlo this.

Code:

// SQL INJECTION LOG
if(isset($_GET['accept'])){
        $news_id = $_GET['accept'];
$bestand = fopen('SQLINJECTION-SITE.log','a+'); 
$regels = file('SQLINJECTION-SITE.log'); 
$ip = "IP:".$_SERVER[REMOTE_ADDR]."\nURL:".$news_id."\n";
      fwrite($bestand,"$ip"); 
      fclose($bestand); 
}

Anti Proxy or vps/dedi ect #,2
EDIT: noobfriendly
It blocks machines that have a open port (80,8080)
put this in ur global or core whatever

Code:

function Protectshit($ip) {
$fp = @fsockopen($ip, 80, $errstr, $errno, 1);
if ($fp){ exit('<!-- Start JMSecurity - That`s what websites love -->Acces denied!<br>Security by JMSecurity<!-- End JMSecurity - That`s what websites love -->'); }
$fp = @fsockopen($ip, 8080, $errstr, $errno, 1);
if ($fp){ exit('<!-- Start JMSecurity - That`s what websites love -->Acces denied!<br>Security by JMSecurity<!-- End JMSecurity - That`s what websites love -->'); }
}

and now put this in index.php

Code:

$proxydedivpsw = $_SERVER[REMOTE_ADDR];
if($proxydedivpsw != "127.0.0.1"){
Protectshit($proxydedivpsw);
}

News?id= patch (ANTISQL) #,3
Notice! Pase this underneed $_GET['id'] (This will only accept 123456789+ Not []/;'%&abcdefghij ect)
if you dont have a line with: $news_id = $_GET['id'];
than replace it or make that line.

Code:

if(preg_match('%[^0-9]%', $news_id))
	exit('<!-- Start JMSecurity - That`s what websites love -->Hacking attempted!<br>Security by JMSecurity<!-- End JMSecurity - That`s what websites love -->');

PHP secure tips! (php.ini) #,4
Notice! Do not change shomething else, if you dont know what it means!
(go to URDIC:\xampp\php\php.ini)
First look for:

Code:

magic_quotes_gpc = On

Change this to

Code:

magic_quotes_gpc = Off

Now look for

Code:

file_uploads = On

change this to

Code:

file_uploads = Off

If ur hotel is under attack or hacked by a exploit or whatever, please PM me, ill check if there is a patche for it.

- Sorry for my bad english, im dutch, Cya! - Habblet AKA Marco (Strato)
U like it? Please hit thanks.

[Zak©]

this legit.

[Makarov]

Great
GREAT fucking tutorial
five fucking stars
★★★★★

[scottstamp851]

#1 isn't being called by any scripts.
#2 blocks access from anyone not connecting through the VPS or dedicated server (why the hell would you do that?).
#3 seems useful, though I wasn't aware of this exploit.
#4 disables some functionality, and if someone wants to upload a shell, they wouldn't use HTTP Upload.

Summary: What the fuck?

[Habblet]

#1 isn't being called by any scripts.
#2 blocks access from anyone not connecting through the VPS or dedicated server (why the hell would you do that?).
#3 seems useful, though I wasn't aware of this exploit.
#4 disables some functionality, and if someone wants to upload a shell, they wouldn't use HTTP Upload.

Summary: What the fuck?

#1 not noobfriendly
#2 it blocks machines that have 80 port open and 8080
#4 You don`t know the new exploit?

and thanks guys (above)

[scottstamp851]

Hm, my mistake;
#1 is a simplified logger, that can't be used by anyone who isn't well versed in PHP, and anyone who is doesn't need it anyways.
#2 will block anyone running an Apache or Tomcat (or anything that uses the same ports) server. It'll be nothing but a deterrant to people visiting the site. And it won't work if they're behind any form of router. It also won't block a Slowloris attack under any circumstances.
#4 no, I don't.

[andrei07]

where should i put this? :) i really need this ;)

[wy479]

A Problem With This Is...
Now People Will Find A Hacking Way Through This Keep Up The Good Work!

[MerijnZ]

Nice marco, now will noobs with exploits never try it again :p

[hibbohotel]

Nice marco :d