ddany24 Posted May 3, 2007 Share Posted May 3, 2007 Am facut acest cod php. Este folosit ca si un cod de geotargeting. De exemplu un user viziteaza siteul meu, ii este verificat ip’ul. Am o baza de date cu toate ip’urile din lume. In functie de IP, codul stabileste tara de unde provine userul dupa care il poate redirectiona oriunde. De exemplu il poate redirectiona daca e englez pe o pagina a siteului meu scrisa in engleza, iar daca e francez pe una in franceza. Problema cea mare este. Am folosit hosting de la dwhs.com. Si am avut codul in pagina de index. Deci indexul era php. Am fost hacuit foarte usor si am gasit in pagina de index, in josul ei, un script java (troieni). Acum stiu ca am gresit punand indexul o pagina php. Dar sunt sigur ca si codul php folosit de mine nu e securizat. Asa ca va rog, pe oricine se pricepe sa ma ajute sa il securizez. Mie mi se pare extrem de folositor acest cod. Ce ar fi superb, e sa il modific incat sa recunoasca daca userul care imi viziteaza siteul foloseste proxy si sa ii identifice ip’ul real. Si abia dupa ce ii recunoaste IP’ul real sa faca redirectionarea dupa tara. Sper sa ma poata ajuta cineva. Multumesc. <? $DatabaseServer = ""; $Username = ""; $Password = ""; $DatabaseName = ""; $link = mysql_connect($DatabaseServer, $Username, $Password) or die('Could not connect: ' . mysql_error()); mysql_select_db($DatabaseName) or die('Could not select database'); $IP = $_SERVER["REMOTE_ADDR"]; //Get the IP address $res = mysql_query("SELECT country_code2,country_name FROM csv WHERE IP_FROM<=inet_aton('$IP') AND IP_TO>=inet_aton('$IP')");//look up IP address $Codes = mysql_fetch_array($res); //get result $CountryCode = $Codes['country_code2']; //two-letter country code $CountryName = $Codes['country_name']; //full country name if($CountryCode == "UK" && !$IP == "ipul tau") { header (deschide pagina care o vreau); } else { echo hey; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/49902-geotargeting-code-pls-help-improve-security/ Share on other sites More sharing options...
clown[NOR] Posted May 3, 2007 Share Posted May 3, 2007 Wow... I cant understand anthing of what you've written there... I suggest you enter your question in english, that way you will get help much faster Quote Link to comment https://forums.phpfreaks.com/topic/49902-geotargeting-code-pls-help-improve-security/#findComment-244787 Share on other sites More sharing options...
john010117 Posted May 3, 2007 Share Posted May 3, 2007 Hello, ddany24. As you might have realized, we only speak English here. Either post your question in english, or look for other website(s) that speak your language. Quote Link to comment https://forums.phpfreaks.com/topic/49902-geotargeting-code-pls-help-improve-security/#findComment-244806 Share on other sites More sharing options...
ddany24 Posted May 3, 2007 Author Share Posted May 3, 2007 I was posting this question in a Romanian forum:) and i got things messed up. Basicly here is the problem. I've made a geotargeting code. Basicly it gests the user IP, then checks it in my database. The database contains all the ip classes in the world and the countries they are from. It gets the user country, and then the code decides what page that user should visit. For example if the code determins that the user is french it reddirects him to a french page of my website. The problem is this: i got hacked using this code. I had hosting at dwhs at that time. I kept the code on my index page, and yes my index page was php. So i think this is one of the reasons that i got hacked. A hacker exploited my code, and inserted a java script in the bottom of my page. So basicly i would be happy if you could pls check this code for php security issues. One more thing, i would like to improve it. Mabe make it in a way so it can detects a surfers real ip even if he uses a proxy. After he detectsc the user real ip, then it reddirects him to the page i want him to. Basicly i use this code to keep some countries out of my website. TY. the code is: <? $DatabaseServer = ""; $Username = ""; $Password = ""; $DatabaseName = ""; $link = mysql_connect($DatabaseServer, $Username, $Password) or die('Could not connect: ' . mysql_error()); mysql_select_db($DatabaseName) or die('Could not select database'); $IP = $_SERVER["REMOTE_ADDR"]; //Get the IP address $res = mysql_query("SELECT country_code2,country_name FROM csv WHERE IP_FROM<=inet_aton('$IP') AND IP_TO>=inet_aton('$IP')");//look up IP address $Codes = mysql_fetch_array($res); //get result $CountryCode = $Codes['country_code2']; //two-letter country code $CountryName = $Codes['country_name']; //full country name if($CountryCode == "UK" && !$IP == "ipul tau") { header (deschide pagina care o vreau); } else { echo hey; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/49902-geotargeting-code-pls-help-improve-security/#findComment-244815 Share on other sites More sharing options...
clown[NOR] Posted May 3, 2007 Share Posted May 3, 2007 I find it hard to belive that the person used that code to hack you... but you could try using mysql_real_escape_string or something... i don't really know... just throwing some suggestions out in the open Quote Link to comment https://forums.phpfreaks.com/topic/49902-geotargeting-code-pls-help-improve-security/#findComment-244819 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.