Jump to content

ddany24

New Members
  • Posts

    2
  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

ddany24's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. I was posting this question in a Romanian forum:) and i got things messed up. Basicly here is the problem. I've made a geotargeting code. Basicly it gests the user IP, then checks it in my database. The database contains all the ip classes in the world and the countries they are from. It gets the user country, and then the code decides what page that user should visit. For example if the code determins that the user is french it reddirects him to a french page of my website. The problem is this: i got hacked using this code. I had hosting at dwhs at that time. I kept the code on my index page, and yes my index page was php. So i think this is one of the reasons that i got hacked. A hacker exploited my code, and inserted a java script in the bottom of my page. So basicly i would be happy if you could pls check this code for php security issues. One more thing, i would like to improve it. Mabe make it in a way so it can detects a surfers real ip even if he uses a proxy. After he detectsc the user real ip, then it reddirects him to the page i want him to. Basicly i use this code to keep some countries out of my website. TY. the code is: <? $DatabaseServer = ""; $Username = ""; $Password = ""; $DatabaseName = ""; $link = mysql_connect($DatabaseServer, $Username, $Password) or die('Could not connect: ' . mysql_error()); mysql_select_db($DatabaseName) or die('Could not select database'); $IP = $_SERVER["REMOTE_ADDR"]; //Get the IP address $res = mysql_query("SELECT country_code2,country_name FROM csv WHERE IP_FROM<=inet_aton('$IP') AND IP_TO>=inet_aton('$IP')");//look up IP address $Codes = mysql_fetch_array($res); //get result $CountryCode = $Codes['country_code2']; //two-letter country code $CountryName = $Codes['country_name']; //full country name if($CountryCode == "UK" && !$IP == "ipul tau") { header (deschide pagina care o vreau); } else { echo hey; } ?>
  2. Am facut acest cod php. Este folosit ca si un cod de geotargeting. De exemplu un user viziteaza siteul meu, ii este verificat ip’ul. Am o baza de date cu toate ip’urile din lume. In functie de IP, codul stabileste tara de unde provine userul dupa care il poate redirectiona oriunde. De exemplu il poate redirectiona daca e englez pe o pagina a siteului meu scrisa in engleza, iar daca e francez pe una in franceza. Problema cea mare este. Am folosit hosting de la dwhs.com. Si am avut codul in pagina de index. Deci indexul era php. Am fost hacuit foarte usor si am gasit in pagina de index, in josul ei, un script java (troieni). Acum stiu ca am gresit punand indexul o pagina php. Dar sunt sigur ca si codul php folosit de mine nu e securizat. Asa ca va rog, pe oricine se pricepe sa ma ajute sa il securizez. Mie mi se pare extrem de folositor acest cod. Ce ar fi superb, e sa il modific incat sa recunoasca daca userul care imi viziteaza siteul foloseste proxy si sa ii identifice ip’ul real. Si abia dupa ce ii recunoaste IP’ul real sa faca redirectionarea dupa tara. Sper sa ma poata ajuta cineva. Multumesc. <? $DatabaseServer = ""; $Username = ""; $Password = ""; $DatabaseName = ""; $link = mysql_connect($DatabaseServer, $Username, $Password) or die('Could not connect: ' . mysql_error()); mysql_select_db($DatabaseName) or die('Could not select database'); $IP = $_SERVER["REMOTE_ADDR"]; //Get the IP address $res = mysql_query("SELECT country_code2,country_name FROM csv WHERE IP_FROM<=inet_aton('$IP') AND IP_TO>=inet_aton('$IP')");//look up IP address $Codes = mysql_fetch_array($res); //get result $CountryCode = $Codes['country_code2']; //two-letter country code $CountryName = $Codes['country_name']; //full country name if($CountryCode == "UK" && !$IP == "ipul tau") { header (deschide pagina care o vreau); } else { echo hey; } ?>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.