Register for your free account! | Forgot your password?

You last visited: Today at 05:38

  • Please register to post and access all features, it's quick, easy and FREE!


Free site + protect www server

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Sep 2012
Posts: 2
Received Thanks: 2
Free site + protect www server

​I do not know if this is the right forum section
Warning!: The site is vulnerable to SQLi attacks - if someone wants to, he can rewrite the page as follows:
Code:
https://youtu.be/DXji_JiuTdo

Yes, I noticed after the video had been released, that the code I wrote had two errors.

I also recommend adding a captcha for registration, login and display of the full ranking. The site also has an advanced administrator system.

Website (one change - 99% of original files from BombWorkStudio):
Code:
​https://www23.zippyshare.com/v/eo4JElK4/file.html


Scan:
Code:
​https://www.virustotal.com/#/file-analysis/YzJjNDUyOGY0MzJlZGI5ZDgwMWFlYWVmMzBmYzE0OGY6MTUzMDQ2NDcwNQ==


Layout:
Code:
​https://www.mpcforum.pl/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/jySgsmk.jpg&key=6f9f51e6dc2b4695eef338e253b46d36f714e9f3ae3b035c720b15909e791c07


Web server protection against two idiots (Internet terror - DejmieN & Komar1911)

## CHECKING IP, WHICH MAKE THE BIGGEST ATTACKS ##
Code:
​cat /var/log/apache2/access.log |awk '{print $1}' |sort |uniq -c |sort -n


## CHECKING IPs WHICH MAKE THE BIGGEST ATTACKS AND BLOCKING THEIR ##
Code:
​FILE=/var/log/apache2/access.log; for ip in `cat $FILE |cut -d ' ' -f 1 |sort |uniq`; do { COUNT=`grep ^$ip $FILE |wc -l`; if [[ "$COUNT" -gt "500" ]]; then iptables -A INPUT -s $ip -j DROP; fi }; done

Where 500 - is responsible for the number of connections from one ip - after exceeding this number, the bot will be blocked.

## DISPLAYING ALL IP ADDRESSES AND NUMBER OF ATTACKS FROM ANY IP ##
Code:
​FILE=/var/log/apache2/access.log; for ip in `cat $FILE |cut -d ' ' -f 1 |sort |uniq`; do { COUNT=`grep ^$ip $FILE |wc -l`; if [[ "$COUNT" -gt "500" ]]; then echo "$COUNT : $ip"; fi }; done


## BLOCKING ENTRIES ON THE WEBSITE + CLOUDFLARE UNLOCKING ##
Code:
​iptables -A INPUT -s YOUR_IP_MACHINE_THAT_YOU_WILL_PROTECT -j DROP iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP


You enter the IP addresses one by one
Code:
​https://www.cloudflare.com/ips-v4

Code:
​iptables -I INPUT -p tcp -m multiport --dports http,https -s HERE_IPV4_ADRESS -j ACCEPT


Code:
​https://www.cloudflare.com/ips-v6

Code:
​iptables -I INPUT -p tcp -m multiport --dports http,https -s HERE_IPV6_ADRESS -j ACCEPT


## CONFIGURATION jail.local - FAIL2BAN ##
Code:
​
[apache]
enabled  = true
filter   = apache-auth
action   = iptables-multiport[name=auth, port="http,https"]
logpath  = /var/log/apache2/access.log
bantime  = 9600
maxretry = 1
ignoreip = 103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/12,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17


[apache-badbots]
enabled  = true
filter   = apache-badbots
action   = iptables-multiport[name=badbots, port="http,https"]
logpath  = /var/log/apache2/access.log
bantime  = 9600
maxretry = 1
ignoreip = 103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/12,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17

[apache-noscript]
enabled  = true
filter   = apache-noscript
action   = iptables-multiport[name=noscript, port="http,https"]
logpath  = /var/log/apache2/access.log
bantime  = 9600
maxretry = 1
ignoreip = 103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/12,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17

[apache-overflows]
enabled  = true
filter   = apache-overflows
action   = iptables-multiport[name=overflows, port="http,https"]
logpath  = /var/log/apache2/access.log
bantime  = 9600
maxretry = 1
ignoreip = 103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/12,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17

Where ignoreip is responsible for IP addresses CLOUDFLARE

## BLOCKING EMPTY GETS VIA .htaccess ##
Code:
​
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteRule ^ - [F]



Sheila^^ is offline  
Thanks
2 Users
Old 07/01/2018, 22:43   #2

 
elite*gold: 0
Join Date: Mar 2011
Posts: 712
Received Thanks: 1,651
Bild:


Lord Daemon is offline  
Old 07/08/2018, 12:11   #3
 
elite*gold: 0
Join Date: Jul 2013
Posts: 24
Received Thanks: 8
Is pretty. Thanks!
jma96 is offline  
Reply



« [Release]MT2GRAND CMS | Metin2 Newschool Homepage Design »

Similar Threads
[Selling] Jackpot Site | Site + Bot + SQL File + Setup Guide of Site + BOT Setup
Hello, who is willing to buy invite you to steam a private message : Steam Community :: NINJAGO. Drejku? Witam, kto jest chetny do kupienia...
0 Replies - Counter-Strike Trading
[Guid] How To Protect Your Web Site Prevent Sql Injection [Guid]
hello epvp members this tutorial original by me and im going to show you how to protect your site from sql injection let's start question:What is...
97 Replies - SRO PServer - Discussions / Questions
Protect in ein Protect rein setzten ?
Moin, Ich hab meine ganze Stadt protectet mit worldguard und möchte dort kleine protects rein machen damit dort USER bauen können. Geht das oder...
3 Replies - Minecraft
Protect your site from TQ, New Disclaimer
Well since I stopped helping/making private servers I decided to release my disclaimer. It's not like uber good but I think others are to plain. ...
45 Replies - CO2 PServer - Discussions / Questions



All times are GMT +2. The time now is 05:38.


Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2018 elitepvpers All Rights Reserved.