guyfromfl Posted February 27, 2011 Share Posted February 27, 2011 I have an old db class that I created a while ago, and might switch to PDO. I just don't want to recode the whole site. The class was working really well to protect my db but they (spammers) have found a way around all my security and are posting links to porn, pills and russian. What I have is in the db class, there is a query function. Every query is sent to this function where it is sanitized and checks a table of blocked ips. I belive they are somehow bipassing this and going directly to the data base, becasue I am getting attacks from the same IP that should be blocked. The function looks something like this: function query($sql) { if ($this->checkIp($_SERVER['REMOTE_ADDR'])) { $sql = $this->sanitize($sql); $result = mysql_query($sql); return $result; } else { die("<h1>You are banned for abuse!</h1>"); } } Does anybody have any suggestions? Link to comment https://forums.phpfreaks.com/topic/229037-php-securityi-have-a-hole-somewhere/ Share on other sites More sharing options...
ronnie3148 Posted February 27, 2011 Share Posted February 27, 2011 ban the ip or ip range in your cpanel in the IP deny manager, it should shut them out completely, that is if you have cpanel... Link to comment https://forums.phpfreaks.com/topic/229037-php-securityi-have-a-hole-somewhere/#findComment-1180385 Share on other sites More sharing options...
guyfromfl Posted February 27, 2011 Author Share Posted February 27, 2011 No C-panel... I'm running an open linux box, thats it. The checkIp function should be doing the same thing, and database is only granted to localhost... Link to comment https://forums.phpfreaks.com/topic/229037-php-securityi-have-a-hole-somewhere/#findComment-1180386 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.