sawade Posted September 7, 2009 Author Share Posted September 7, 2009 Added some more into the robot file. Link to comment Share on other sites More sharing options...
darkfreaks Posted September 7, 2009 Share Posted September 7, 2009 what did you add ? still is vunerable Link to comment Share on other sites More sharing options...
sawade Posted September 9, 2009 Author Share Posted September 9, 2009 disallowed certain files... did some more today to the htaccess file. Boss said it's done. How many attacks is it at now??? Thanks. Link to comment Share on other sites More sharing options...
darkfreaks Posted September 9, 2009 Share Posted September 9, 2009 one attack: Affected Items: /secureforms/forms/demo/hipaaprivacy.php (POST lname=&fname=&mname=&ssn=987-65-4329&dobmon=&dobday=&dobyr=&sign=&email=sample%40email%2Etst&papercopy=Yes&verify=&submit=Send%20to%20Doctor) Link to comment Share on other sites More sharing options...
sawade Posted September 10, 2009 Author Share Posted September 10, 2009 Hmm I wonder why that form is vunerable. It is coded the same way as all the others. Hmmm. Link to comment Share on other sites More sharing options...
darkfreaks Posted September 10, 2009 Share Posted September 10, 2009 in the robots.txt file do you have User-agent: * Disallow: /secureforms/forms/demo/hipaaprivacy.php User-agent: * Disallow: secureforms/forms/demo/hipaaprivacy.php User-agent: * Disallow: /forms/demo/hipaaprivacy.php User-agent: * Disallow: forms/demo/hipaaprivacy.php User-agent: * Disallow:/demo/hipaaprivacy.php User-agent: * Disallow: demo/hipaaprivacy.php User-agent: * Disallow: demo/hipaaprivacy.php User-agent: * Disallow: hipaaprivacy.php one of these is bound to work Link to comment Share on other sites More sharing options...
sawade Posted September 10, 2009 Author Share Posted September 10, 2009 Disallow: /secureforms/forms/demo/hipaaprivacy.php I do it like this. As well as each folder by hierarchy. As well as list each form. I changed it so that each folder is under a new User-agent: * Link to comment Share on other sites More sharing options...
darkfreaks Posted September 10, 2009 Share Posted September 10, 2009 To exclude all robots from the server: User-agent: * Disallow: / try this Link to comment Share on other sites More sharing options...
sawade Posted September 10, 2009 Author Share Posted September 10, 2009 Have it. Link to comment Share on other sites More sharing options...
darkfreaks Posted September 10, 2009 Share Posted September 10, 2009 Appearantly it is recognizing that there is a hole in the email input on the form. Link to comment Share on other sites More sharing options...
sawade Posted September 10, 2009 Author Share Posted September 10, 2009 OKay... email input field.... lets see... maxlength - variable used strip_tags() - variable passes thru validation - no email addresses on page - .htaccess protects email constants - directories password protected - Can't think of anything else. Link to comment Share on other sites More sharing options...
darkfreaks Posted September 10, 2009 Share Posted September 10, 2009 validation? like this? <?php function is_valid_email($email) { return preg_match('#^[a-z0-9.!\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\s]+\.+[a-z]{2,6}))$#si', $email); } if (!is_valid_email($email)) { echo 'Sorry, invalid email'; exit; } ?> Link to comment Share on other sites More sharing options...
sawade Posted September 10, 2009 Author Share Posted September 10, 2009 <?php class EmailAddressValidator { public function check_email_address($strEmailAddress) { // Control characters are not allowed if (preg_match('/[\x00-\x1F\x7F-\xFF]/', $strEmailAddress)) { return false; } // Check email length - min 3 (a@a), max 256 if (!$this->check_text_length($strEmailAddress, 3, 256)) { return false; } // Split it into sections using last instance of "@" $intAtSymbol = strrpos($strEmailAddress, '@'); if ($intAtSymbol === false) { // No "@" symbol in email. return false; } $arrEmailAddress[0] = substr($strEmailAddress, 0, $intAtSymbol); $arrEmailAddress[1] = substr($strEmailAddress, $intAtSymbol + 1); $arrTempAddress[0] = preg_replace('/\./' ,'' ,$arrEmailAddress[0]); $arrTempAddress[0] = preg_replace('/"[^"]+"/' ,'' ,$arrTempAddress[0]); $arrTempAddress[1] = $arrEmailAddress[1]; $strTempAddress = $arrTempAddress[0] . $arrTempAddress[1]; // Then check - should be no "@" symbols. if (strrpos($strTempAddress, '@') !== false) { // "@" symbol found return false; } // Check local portion if (!$this->check_local_portion($arrEmailAddress[0])) { return false; } // Check domain portion if (!$this->check_domain_portion($arrEmailAddress[1])) { return false; } // If we're still here, all checks above passed. Email is valid. return true; } protected function check_local_portion($strLocalPortion) { if (!$this->check_text_length($strLocalPortion, 1, 64)) { return false; } $arrLocalPortion = explode('.', $strLocalPortion); for ($i = 0, $max = sizeof($arrLocalPortion); $i < $max; $i++) { if (!preg_match('.^(' . '([A-Za-z0-9!#$%&\'*+/=?^_`{|}~-]' . '[A-Za-z0-9!#$%&\'*+/=?^_`{|}~-]{0,63})' .'|' . '("[^\\\"]{0,62}")' .')$.' ,$arrLocalPortion[$i])) { return false; } } return true; } protected function check_domain_portion($strDomainPortion) { // Total domain can only be from 1 to 255 characters, inclusive if (!$this->check_text_length($strDomainPortion, 1, 255)) { return false; } // Check if domain is IP, possibly enclosed in square brackets. if (preg_match('/^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])' .'(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}$/' ,$strDomainPortion) || preg_match('/^\[(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])' .'(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}\]$/' ,$strDomainPortion)) { return true; } else { $arrDomainPortion = explode('.', $strDomainPortion); if (sizeof($arrDomainPortion) < 2) { return false; // Not enough parts to domain } for ($i = 0, $max = sizeof($arrDomainPortion); $i < $max; $i++) { // Each portion must be between 1 and 63 characters, inclusive if (!$this->check_text_length($arrDomainPortion[$i], 1, 63)) { return false; } if (!preg_match('/^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|' .'([A-Za-z0-9]+))$/', $arrDomainPortion[$i])) { return false; } if ($i == $max - 1) { // TLD cannot be only numbers if (strlen(preg_replace('/[0-9]/', '', $arrDomainPortion[$i])) <= 0) { return false; } } } } return true; } protected function check_text_length($strText, $intMinimum, $intMaximum) { // Minimum and maximum are both inclusive $intTextLength = strlen($strText); if (($intTextLength < $intMinimum) || ($intTextLength > $intMaximum)) { return false; } else { return true; } } } ?> Link to comment Share on other sites More sharing options...
sawade Posted September 10, 2009 Author Share Posted September 10, 2009 Grr darn it... <?php class EmailAddressValidator { public function check_email_address($strEmailAddress) { // Control characters are not allowed if (preg_match('/[\x00-\x1F\x7F-\xFF]/', $strEmailAddress)) { return false; } // Check email length - min 3 (a@a), max 256 if (!$this->check_text_length($strEmailAddress, 3, 256)) { return false; } // Split it into sections using last instance of "@" $intAtSymbol = strrpos($strEmailAddress, '@'); if ($intAtSymbol === false) { // No "@" symbol in email. return false; } $arrEmailAddress[0] = substr($strEmailAddress, 0, $intAtSymbol); $arrEmailAddress[1] = substr($strEmailAddress, $intAtSymbol + 1); $arrTempAddress[0] = preg_replace('/\./' ,'' ,$arrEmailAddress[0]); $arrTempAddress[0] = preg_replace('/"[^"]+"/' ,'' ,$arrTempAddress[0]); $arrTempAddress[1] = $arrEmailAddress[1]; $strTempAddress = $arrTempAddress[0] . $arrTempAddress[1]; // Then check - should be no "@" symbols. if (strrpos($strTempAddress, '@') !== false) { // "@" symbol found return false; } // Check local portion if (!$this->check_local_portion($arrEmailAddress[0])) { return false; } // Check domain portion if (!$this->check_domain_portion($arrEmailAddress[1])) { return false; } // If we're still here, all checks above passed. Email is valid. return true; } protected function check_local_portion($strLocalPortion) { if (!$this->check_text_length($strLocalPortion, 1, 64)) { return false; } $arrLocalPortion = explode('.', $strLocalPortion); for ($i = 0, $max = sizeof($arrLocalPortion); $i < $max; $i++) { if (!preg_match('.^(' . '([A-Za-z0-9!#$%&\'*+/=?^_`{|}~-]' . '[A-Za-z0-9!#$%&\'*+/=?^_`{|}~-]{0,63})' .'|' . '("[^\\\"]{0,62}")' .')$.' ,$arrLocalPortion[$i])) { return false; } } return true; } protected function check_domain_portion($strDomainPortion) { // Total domain can only be from 1 to 255 characters, inclusive if (!$this->check_text_length($strDomainPortion, 1, 255)) { return false; } // Check if domain is IP, possibly enclosed in square brackets. if (preg_match('/^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])' .'(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}$/' ,$strDomainPortion) || preg_match('/^\[(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])' .'(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}\]$/' ,$strDomainPortion)) { return true; } else { $arrDomainPortion = explode('.', $strDomainPortion); if (sizeof($arrDomainPortion) < 2) { return false; // Not enough parts to domain } for ($i = 0, $max = sizeof($arrDomainPortion); $i < $max; $i++) { // Each portion must be between 1 and 63 characters, inclusive if (!$this->check_text_length($arrDomainPortion[$i], 1, 63)) { return false; } if (!preg_match('/^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|' .'([A-Za-z0-9]+))$/', $arrDomainPortion[$i])) { return false; } if ($i == $max - 1) { // TLD cannot be only numbers if (strlen(preg_replace('/[0-9]/', '', $arrDomainPortion[$i])) <= 0) { return false; } } } } return true; } protected function check_text_length($strText, $intMinimum, $intMaximum) { // Minimum and maximum are both inclusive $intTextLength = strlen($strText); if (($intTextLength < $intMinimum) || ($intTextLength > $intMaximum)) { return false; } else { return true; } } } ?> Link to comment Share on other sites More sharing options...
darkfreaks Posted September 10, 2009 Share Posted September 10, 2009 i dont think its that either. what it is doing is putting email=test@site.com in the URL. so it passes validation but still registers as spam Link to comment Share on other sites More sharing options...
sawade Posted September 10, 2009 Author Share Posted September 10, 2009 Interesting. I don't think I need to worry about it, in the future these forms will be moved into a login area, that along with the captcha should remove any threats from spam. Wouldn't you think? Link to comment Share on other sites More sharing options...
darkfreaks Posted September 10, 2009 Share Posted September 10, 2009 appearantly i was wrong it is the validation look email= %sample40email%2Ets Link to comment Share on other sites More sharing options...
sawade Posted September 10, 2009 Author Share Posted September 10, 2009 My thing is why is it only attacking this form? All the forms use this validation. Link to comment Share on other sites More sharing options...
darkfreaks Posted September 10, 2009 Share Posted September 10, 2009 i got this from phpclasses anti spambot class: <?php /** +------------------------------------------------------------------------- +---------------------->> In The Name Of Allah <<------------------------- +------------------------------------------------------------------------- | Class AntiIFLSpamBotEmail version 0.0.1 (for php 5++) | Security Email Print 100% Protected For Spam Bot | Anti Span Bot Email by ASCII | Author Behrouz Pooladrag (IFLashLord) <Me [at] IFLashLord [dot] Com> | Email bugs/suggestions to Me [at] iflashlord.com | Copyright (c) 2008 By Behrouz Pooladrag ,IFLashLord Co. +------------------------------------------------------------------------- | This script has been created and released under | the GNU GPL and is free to use and redistribute | only if this copyright statement is not removed +------------------------------------------------------------------------- +--------------| Contact 2 Behrouz Pooladrag |---------------------------- | Email : Me [ at ] IFLashLord [dot] Com | WebSite : http://www.IFLashLord.Com | Yahoo : BehrouzPC [at] yahoo.Com | G-Mail : FLashLordX [at] gmail.Com | Mobile : +98 913 12 777 14 +------------------------------------------------------------------------- | (Zakate Elame Nasher Aan Ast ) +------------------------------------------------------------------------- **/ /* +--------------| arguments |---------------------------------------------- |*new AntiIFLSpamBotEmail (string [Email Address for AntiSpam]); |||||||||||||||||||||||||||||||||||||||||||||||||||||||| |*AntiIFLSpamBotEmail->antispambot([integer Number]); | Number 0 ---> For Show Email text Print | Number 1 ---> For Set Email to Link (mailto:..) | Number 2 ---> Return Randomly Part Of Eamil in Hexadecimal +------------------------------------------------------------------------- */ /* Full Exampel of This Class $antiSpambotBehrouzpc=new AntiIFLSpamBotEmail("behrouzpc@yahoo.com"); //start class $EmailForShow=$antiSpambotBehrouzpc->antispambot(0); // for show mode return $EmailForLink=$antiSpambotBehrouzpc->antispambot(1); // for link mode return print "<a href='mailto:".$EmailForLink."'>".$EmailForShow."</a>"; //and Print */ /* Result is this Type <a href='mailto:behr%6f%75zpc@ya%68oo%2ec%6f%6d'> behrouzpc@yahoo.com</a> */ ///////////////////////////////////////////////////// //Start Class class AntiIFLSpamBotEmail { const VERSION = '0.0.1'; public $emailaddy; //construct function __construct ($emailaddy) { $this->emailaddy=$emailaddy; }//end function construct //function to add leading zeros when necessary public function zeroise($number,$threshold) { return sprintf('%0'.$threshold.'s', $number); }//end function //function to change words To ASCII Random public function antispambot($mailto=0) { $emailNOSPAMaddy = ''; srand ((float) microtime() * 1000000); for ($i = 0; $i < strlen($this->emailaddy); $i = $i + 1) { $j = floor(rand(0, 1+$mailto)); if ($j==0) { $emailNOSPAMaddy .= '&#'.ord(substr($this->emailaddy,$i,1)).';'; } elseif ($j==1) { $emailNOSPAMaddy .= substr($this->emailaddy,$i,1); } elseif ($j==2) { $emailNOSPAMaddy .= '%'.$this->zeroise(dechex(ord(substr($this->emailaddy, $i, 1))), 2); } } $emailNOSPAMaddy = str_replace('@','@',$emailNOSPAMaddy); return $emailNOSPAMaddy; }//end function }//end Class ?> example: <?php include_once("antiSpamEmail-IFLashLord-php5.php"); //include_once("antiSpamEmail-IFLashLord-php4.php"); //Start Example $antiSpambotBehrouzpc=new AntiIFLSpamBotEmail("behrouzpc@yahoo.com"); //start class $EmailForShow=$antiSpambotBehrouzpc->antispambot(0); // for show mode return $EmailForLink=$antiSpambotBehrouzpc->antispambot(1); // for link mode return print "<a href='mailto:".$EmailForLink."'>".$EmailForShow."</a>"; //and Print ?> Link to comment Share on other sites More sharing options...
sawade Posted September 10, 2009 Author Share Posted September 10, 2009 We will be creating something like this in the future. Is why we IP log everything on the site. Link to comment Share on other sites More sharing options...
darkfreaks Posted September 10, 2009 Share Posted September 10, 2009 ahok feel free to use it Link to comment Share on other sites More sharing options...
sawade Posted September 10, 2009 Author Share Posted September 10, 2009 I appreciate the help. You've been great. Link to comment Share on other sites More sharing options...
sawade Posted September 10, 2009 Author Share Posted September 10, 2009 To allow Google... User-agent: Google Disallow: Link to comment Share on other sites More sharing options...
sawade Posted September 10, 2009 Author Share Posted September 10, 2009 Wrong place. LOL. Disregard previous post. Link to comment Share on other sites More sharing options...
Recommended Posts