Register for your free account! | Forgot your password?

You last visited: Today at 02:29

  • Please register to post and access all features, it's quick, easy and FREE!


Free site + protect www server

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Sep 2012
Posts: 2
Received Thanks: 2
Free site + protect www server

​I do not know if this is the right forum section
Warning!: The site is vulnerable to SQLi attacks - if someone wants to, he can rewrite the page as follows:
Code:
https://youtu.be/DXji_JiuTdo

Yes, I noticed after the video had been released, that the code I wrote had two errors.

I also recommend adding a captcha for registration, login and display of the full ranking. The site also has an advanced administrator system.

Website (one change - 99% of original files from BombWorkStudio):
Code:
​https://www23.zippyshare.com/v/eo4JElK4/file.html


Scan:
Code:
​https://www.virustotal.com/#/file-analysis/YzJjNDUyOGY0MzJlZGI5ZDgwMWFlYWVmMzBmYzE0OGY6MTUzMDQ2NDcwNQ==


Layout:
Code:
​https://www.mpcforum.pl/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/jySgsmk.jpg&key=6f9f51e6dc2b4695eef338e253b46d36f714e9f3ae3b035c720b15909e791c07


Web server protection against two idiots (Internet terror - DejmieN & Komar1911)

## CHECKING IP, WHICH MAKE THE BIGGEST ATTACKS ##
Code:
​cat /var/log/apache2/access.log |awk '{print $1}' |sort |uniq -c |sort -n


## CHECKING IPs WHICH MAKE THE BIGGEST ATTACKS AND BLOCKING THEIR ##
Code:
​FILE=/var/log/apache2/access.log; for ip in `cat $FILE |cut -d ' ' -f 1 |sort |uniq`; do { COUNT=`grep ^$ip $FILE |wc -l`; if [[ "$COUNT" -gt "500" ]]; then iptables -A INPUT -s $ip -j DROP; fi }; done

Where 500 - is responsible for the number of connections from one ip - after exceeding this number, the bot will be blocked.

## DISPLAYING ALL IP ADDRESSES AND NUMBER OF ATTACKS FROM ANY IP ##
Code:
​FILE=/var/log/apache2/access.log; for ip in `cat $FILE |cut -d ' ' -f 1 |sort |uniq`; do { COUNT=`grep ^$ip $FILE |wc -l`; if [[ "$COUNT" -gt "500" ]]; then echo "$COUNT : $ip"; fi }; done


## BLOCKING ENTRIES ON THE WEBSITE + CLOUDFLARE UNLOCKING ##
Code:
​iptables -A INPUT -s YOUR_IP_MACHINE_THAT_YOU_WILL_PROTECT -j DROP iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP


You enter the IP addresses one by one
Code:
​https://www.cloudflare.com/ips-v4

Code:
​iptables -I INPUT -p tcp -m multiport --dports http,https -s HERE_IPV4_ADRESS -j ACCEPT


Code:
​https://www.cloudflare.com/ips-v6

Code:
​iptables -I INPUT -p tcp -m multiport --dports http,https -s HERE_IPV6_ADRESS -j ACCEPT


## CONFIGURATION jail.local - FAIL2BAN ##
Code:
​
[apache]
enabled  = true
filter   = apache-auth
action   = iptables-multiport[name=auth, port="http,https"]
logpath  = /var/log/apache2/access.log
bantime  = 9600
maxretry = 1
ignoreip = 103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/12,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17


[apache-badbots]
enabled  = true
filter   = apache-badbots
action   = iptables-multiport[name=badbots, port="http,https"]
logpath  = /var/log/apache2/access.log
bantime  = 9600
maxretry = 1
ignoreip = 103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/12,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17

[apache-noscript]
enabled  = true
filter   = apache-noscript
action   = iptables-multiport[name=noscript, port="http,https"]
logpath  = /var/log/apache2/access.log
bantime  = 9600
maxretry = 1
ignoreip = 103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/12,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17

[apache-overflows]
enabled  = true
filter   = apache-overflows
action   = iptables-multiport[name=overflows, port="http,https"]
logpath  = /var/log/apache2/access.log
bantime  = 9600
maxretry = 1
ignoreip = 103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/12,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17

Where ignoreip is responsible for IP addresses CLOUDFLARE

## BLOCKING EMPTY GETS VIA .htaccess ##
Code:
​
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteRule ^ - [F]



Sheila^^ is offline  
Thanks
2 Users
Old 07/01/2018, 22:43   #2

 
elite*gold: 0
Join Date: Mar 2011
Posts: 713
Received Thanks: 1,652
Bild:


Lord Daemon is offline  
Old 07/08/2018, 12:11   #3
 
elite*gold: 0
Join Date: Jul 2013
Posts: 27
Received Thanks: 9
Is pretty. Thanks!
jma96 is offline  
Reply



« [Release]MT2GRAND CMS | Metin2 Newschool Homepage Design »

Similar Threads
[Selling] Jackpot Site | Site + Bot + SQL File + Setup Guide of Site + BOT Setup
08/29/2015 - Counter-Strike Trading - 0 Replies
Hello, who is willing to buy invite you to steam a private message : Steam Community :: NINJAGO. Drejku? Witam, kto jest chetny do kupienia zapraszam na steam wiadomosc prywatna: Steam Community :: NINJAGO. Drejku?
[Guid] How To Protect Your Web Site Prevent Sql Injection [Guid]
08/07/2012 - SRO PServer - Discussions / Questions - 97 Replies
hello epvp members this tutorial original by me and im going to show you how to protect your site from sql injection let's start question:What is Sql Injection !? answer:A SQL injection attack attempts to compromise your database by creating SQL commands that are executed instead of, or in addition to, the commands that you have built into your application. What Can Be Done to Prevent an SQL Injection !!
Protect in ein Protect rein setzten ?
10/08/2011 - Minecraft - 3 Replies
Moin, Ich hab meine ganze Stadt protectet mit worldguard und möchte dort kleine protects rein machen damit dort USER bauen können. Geht das oder wie könnte ich das machen?
Protect your site from TQ, New Disclaimer
03/06/2010 - CO2 PServer - Discussions / Questions - 45 Replies
Well since I stopped helping/making private servers I decided to release my disclaimer. It's not like uber good but I think others are to plain. (Credits go to me except for the image at top) **This is not an advertisement** Sample is at http://crunkco.tk Don't try to get into site, its screwed up :P (Link back to E*PvP and the Powered by Ucoz will be removed when you implent to your site) Images:



All times are GMT +1. The time now is 02:29.


Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2018 elitepvpers All Rights Reserved.