Bottyz Posted July 20, 2010 Share Posted July 20, 2010 Hi all, I've recently been seeing a lot of hack attempts in my server logs. I've thought it may be a good idea to use my 404.php to record the requested urls and the users ip address etc into a mysql db. I'm having some trouble getting the mysql to execute. I can load the page using any invalid url fine, and most of the variables echo onto the 404 page itself (bar the HTTP_REFERER, which is another issue). Its not returning any mysql or other errors, it just doesn't seem to want to update the mysql... Code is as below: <?php session_start(); //connect to db include('dbconnect/lh2.php'); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <head> <title>ERROR: 404 Not Found</title> </head> <body> <div class="wrapper"> <!-- Start Navigation Menu --> <!-- End Navigation Menu, Start Main Content --> <div id="main"> <div id="maincontent"> <br><br> <p><img src="images/oops.png" alt="Oops!"></p> <br><br> <p style="font-size: 1.2em;">We have recently updated our website and the URL you requested doesn't exist. If it is a bookmark, please use the menu above to navigate to the required page and then update your bookmarks.</p> <br> <p>If you have typed the URL directly, please check for mistakes in the url you entered or use the menu above to navigate to the required page.</p> <br> <p>Alternatively, if this is a link you have clicked via our website please report the broken link to us using our <a href="#"><b>contact us form</b></a> and we'll do our best to rectify the issue as soon as possible.</p> <br><br> <p style="font-size: 0.8em;"><b>Your Browser:</b> <?php echo $_SERVER['HTTP_USER_AGENT'];?> <br><b>Your IP Address:</b> <?php echo $_SERVER['REMOTE_ADDR'];?> <br><b>Referring Page:</b> <?php echo htmlspecialchars(mysql_real_escape_string($_SERVER['HTTP_REFERER']));?> <br><b>Page Requested:</b> <?php echo htmlspecialchars(mysql_real_escape_string($_SERVER['REQUEST_URI']));?> </p> <?php //Hack - logging script date_default_timezone_set('GMT'); $serverdate = date("d M Y h:i:s a"); $requestedaddress = htmlspecialchars(mysql_real_escape_string($_SERVER['REQUEST_URI'])); $ipaddy = $_SERVER['REMOTE_ADDR']; $referpage = htmlspecialchars(mysql_real_escape_string($_SERVER['HTTP_REFERER'])); //Insert the log entry into logs db $insert = "INSERT INTO 404s (id, ipaddy, whenreq, referpage, pagereq) VALUES (NULL, '$ipaddy', '$serverdate', '$referpage', '$requestedaddress')"; $add_404log = mysql_query($insert) or die(mysql_error()); ?> <br><br> </div> </div> </div> </body> </html> Any ideas? Quote Link to comment https://forums.phpfreaks.com/topic/208300-recording-hacks-from-404php-with-mysql/ Share on other sites More sharing options...
Jessica Posted July 20, 2010 Share Posted July 20, 2010 My first thought is can you have a table start with a number? Try surrounding the table with tick marks. INSERT INTO `404s` Quote Link to comment https://forums.phpfreaks.com/topic/208300-recording-hacks-from-404php-with-mysql/#findComment-1088633 Share on other sites More sharing options...
Bottyz Posted July 21, 2010 Author Share Posted July 21, 2010 I've tried that and it hasn't made any difference... Is there a better way to accomplish what I want to do? Quote Link to comment https://forums.phpfreaks.com/topic/208300-recording-hacks-from-404php-with-mysql/#findComment-1089010 Share on other sites More sharing options...
Wolphie Posted July 21, 2010 Share Posted July 21, 2010 This isn't related to the question, however... when storing users IP addresses you MUST state in your privacy policy that you store their IP addresses, and explain why/what they're used for. Regarding the question... Try: $insert = sprintf("INSERT INTO 404s ( id, ipaddy, whenreq, referpage, pagereq ) VALUES ( NULL, '%s', '%s', '%s', '%s' )", $ipaddy, $serverdate, $referpage, $requestedaddress); Quote Link to comment https://forums.phpfreaks.com/topic/208300-recording-hacks-from-404php-with-mysql/#findComment-1089016 Share on other sites More sharing options...
Bottyz Posted July 21, 2010 Author Share Posted July 21, 2010 thanks for the reply. Users are informed about the storing of information in our privacy policy already, but thanks for the suggestion. The code you stated works the same as my code... It doesn't record the 404 error unless you type the 404.php page in directly... so if a user types an invalid url and gets the 404 page it doesn't record in the mysql. Any ideas? I'm still getting a blank HTTP_REFERER variable as well. Quote Link to comment https://forums.phpfreaks.com/topic/208300-recording-hacks-from-404php-with-mysql/#findComment-1089050 Share on other sites More sharing options...
Bottyz Posted July 21, 2010 Author Share Posted July 21, 2010 I've just figured out why it wasn't recording from 404 errors but does when it is typed direct.... i still had my 404 page set to 404.shtml! lol. Schoolboy error! Thanks to those who helped though Quote Link to comment https://forums.phpfreaks.com/topic/208300-recording-hacks-from-404php-with-mysql/#findComment-1089059 Share on other sites More sharing options...
Jessica Posted July 22, 2010 Share Posted July 22, 2010 I've just figured out why it wasn't recording from 404 errors but does when it is typed direct.... i still had my 404 page set to 404.shtml! lol. Schoolboy error! Thanks to those who helped though Haha don't you hate when that happens? Glad you got it Quote Link to comment https://forums.phpfreaks.com/topic/208300-recording-hacks-from-404php-with-mysql/#findComment-1089601 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.