database of known hackers, spammers and bots

[rxbanditboy1112]

Does anyone know of any database that could contain a lot of that sort of information? Possibly one that is kept up to date?

 

I am looking to create a php class that will ban malicious people, organizations, programs and others from my website... Does anyone know about any tools that have already done this?

[discomatt]

I don't believe so. I'm not exactly sure what it would hold.... IP Addresses? Anyone that you should be worried about would use a proxy anyways.

[rxbanditboy1112]

Yes IP Addresses.

 

So should I be blocking proxies ( not exactly sure what they are, but ill read up on them )?

 

What are standard measures that people take? Or unstandard considering everyone has spam issues with email, commenting systems, and bots searching for email addresses.

[rxbanditboy1112]

I know captcha is a nice way of blocking out bots, but as an additional measure. I'd really just love to block them out completely. It is truely a pain in the ass. I may share code after I am done, no promises haha....

[drewbee]

A proxy is used to spoof ones ip address by redirecting requests through it. A person with the IP address of 111 will use a proxy changing his ip address to 222. You will never know where the original request came from, only that it came from the proxy.

 

Some of the more advanced proxies have rotating ip's, meaning one page load might show the user from the USA, and the next page load may show them from China, depending on the random IP pull from the proxy. IP Banning is really never a safe bet, because as stated above, the ones who you actually need to worry about will not be able to be blocked by there IP address due to proxies / spoofing.

[discomatt]

Plenty of legitimate viewers use proxies as well, and proxies are made/closed every second.

 

The best solution is solid, closed source code, basic CAPTCHA, obfuscated emails (i personally like to remove them from output completely), and a few good admins who can clear junk if it ever builds up.

 

Attempting to block by IP is kinda silly. These bots are designed to look like average users and be hidden. Good luck though.

[rxbanditboy1112]

Hmmmmm, I suppose if i were able to track a user via a cookie, and detected an IP change I would know they are a malicious bot correct?

 

Is there anyone else that would swap out IPs like that?

[rxbanditboy1112]

Well I suppose that would also depend on if they had cookies enabled? Maybe a session variable unless that depends on IP address....

[discomatt]

I know some dial-up users can have an IP change on a per-connection (page-view) basis.

[roopurt18]

I'd say it depends on what you're trying to accomplish.  I received a large amount of spam in the comments on my site.  99% of the spam followed a specific pattern so I just routed everything through a central script, checked if they were attempting to POST, and if the post matched the pattern.  If it matches I just redirect them elsewhere.

 

No captchas and no spam for weeks now.

[rxbanditboy1112]

Hmm well the goal is to stop harvesting, spam and other things like that.

 

Also i thought everything in php was basically open source? How can you make it closed source? Is it possible for people to download php files and just view them like that? Everytime i have tried that it always just gives me the output.

[roopurt18]

It can occasionally happen that PHP breaks and Apache serves up the raw PHP source instead of sending the scripts through the PHP interpretor.  This is one more reason why it's generally advised to keep your PHP code outside of public_html or www.

 

If your scripts follow faulty security practices then it's also possible for individuals to upload PHP scripts that act as web interfaces to your server's command line.  Basically a root kit.  If they manage that there's no telling what they can accomplish.

[rxbanditboy1112]

OOo i didn't know that. Should I be accessing php files with my IP address and then go to the correct directory.

 

By faulty security practices do you mean not checking for file extensions via some sort of upload form?

 

Should there be anything else to be concerned with in the security department? How about with payment processing going through something like paypal?

 

Anywhere I can find more info about keeping stuff secure online/php?

 

[roopurt18]

  Quote

Should I be accessing php files with my IP address and then go to the correct directory.

Say what?

 

Just put the bare minimum of files into public_html so if things break the most someone sees is:

<?php
  include('path/to/application/that/is/outside/public_html/index.php');
?>

 

as opposed to

<?php
  $dbuser = 'user';
  $dbpass = 'pass';

  // other vital info
?>

 

  Quote

By faulty security practices do you mean not checking for file extensions via some sort of upload form?

 

Should there be anything else to be concerned with in the security department? How about with payment processing going through something like paypal?

Any and all user input should be validated.  Verify that images are in fact images (instead of scripts) and clean anything before it goes into the database.  If you want to learn more about PHP security, then google it or buy some books off amazon.com.  It's a BIG topic.

[rxbanditboy1112]

Thanks! I read some info about it, and it seemed like I already use some of those practices. Just gotta refine some things.

 

One more question. I have a folder to upload files to via a script on my server. This script is secure; however, the folder itself is world-writable.

Is this folder in danger?

 

I have a shared hosting account.

 

I was thinking about using a function that changes chmod; however, I think if multiple people are uploading at the same time it will interfere.

 

[rxbanditboy1112]

oh, i prevent people from seeing the apache index stuff on all folders...

[roopurt18]

  Quote

One more question. I have a folder to upload files to via a script on my server. This script is secure; however, the folder itself is world-writable.

Is this folder in danger?

TBH I'm not sure.  Just curious, what do people upload into this folder?

[rxbanditboy1112]

They can only upload png, gif, jpg, jpeg or bmp under a certain size.

[roopurt18]

How do you make sure they are only uploading png, gif, etc?

[rxbanditboy1112]

I just use a script when they upload it checks:

 

$known_photo_types = array( 
					'image/pjpeg' => 'jpg',
					'image/jpeg' => 'jpg',
					'image/gif' => 'gif',
					'image/bmp' => 'bmp',
					'image/x-png' => 'png'
				);

// GD Function List
$gd_function_suffix = array( 
					'image/pjpeg' => 'JPEG',
					'image/jpeg' => 'JPEG',
					'image/gif' => 'GIF',
					'image/bmp' => 'WBMP',
					'image/x-png' => 'PNG'
				);

// Fetch the photo array sent by preupload.php
$photos_uploaded = $_FILES['photo_filename'];

// Fetch the photo caption array
$photo_caption = $_POST['photo_caption'];

while( $counter <= count($photos_uploaded) )
{
	if($photos_uploaded['size'][$counter] > 0)
	{
		if(!array_key_exists($photos_uploaded['type'][$counter], $known_photo_types))
		{
			$result_final .= "File ".($counter+1)." is not a photo<br />";
		}

....etc

[roopurt18]

So you're checking the mime/type provided by the browser?  You realize that is not secure?  You should be using either finfo (fileinfo) or trying to manipulate the image with one of the built in PHP GD functions and verify that it is an actual image file.

[rxbanditboy1112]

ahh! i see. I didn't know that.

Thanks for the help!