phat_hip_prog Posted September 14, 2007 Share Posted September 14, 2007 Further last nights post, http://www.phpfreaks.com/forums/index.php/topic,159377.0.html, I now have this function to be placed in front of sensitive areas. However i'm not in a position to check all of it's features, therefore could any of you? It basically checks that you've got the bare essential details and are not using a proxy... anyway... function check() { $result = array(); // CHECK VALID SESSION session_start(); // use if req! $sid = session_id(); if(strcmp($sid, "") == 0) { $result[] = "unset SESSION_ID"; } else { $test = eregi_replace("([0-9a-z]+)", "", $sid); if (!empty($test)) { $result[] = "bad SESSION_ID"; } } // CHECK VALID AGENT if(isset($_SERVER['HTTP_USER_AGENT'])) { //$agent = $_SERVER['HTTP_USER_AGENT']; if(strlen($_SERVER['HTTP_USER_AGENT']) <= 10) { $result[] = "short HTTP_USER_AGENT"; } } else { $result[] = "unset HTTP_USER_AGENT"; } // CHECK REQUEST_TIME if(isset($_SERVER['REQUEST_TIME'])) { if($_SERVER['REQUEST_TIME'] == 0) { $result[] = "zero REQUEST_TIME"; } elseif($_SERVER['REQUEST_TIME'] <= (time() - 90000) ) // is request over 25hrs old? { $result[] = "past REQUEST_TIME"; } elseif($_SERVER['REQUEST_TIME'] >= (time() + 90000) ) // is request over 25hrs in future? { $result[] = "future REQUEST_TIME"; } } else { $result[] = "unset REQUEST_TIME"; } // CHECK ADDRESS if(isset($_SERVER['REMOTE_ADDR'])) { if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) || (isset($_SERVER['HTTP_VIA'])) || (isset($_SERVER['HTTP_PROXY_CONNECTION'])) ) { $result[] = "proxy REMOTE_ADDR"; } } else { $result[] = "unset REMOTE_ADDR"; } return $result; } $res = check(); if(count($res)!=0) { print "Probably a hacker<br>"; foreach($res as $e) { print $e."<br>"; } } else { print "PASSED<br>"; } P.S. Remove the start session line if required... Link to comment https://forums.phpfreaks.com/topic/69306-hacker-check/ Share on other sites More sharing options...
phat_hip_prog Posted September 14, 2007 Author Share Posted September 14, 2007 I'm having trouble getting achilles to run under wine, so i'm stuck with wget to send fake session id's. Can anyone else suggest another app (for linux) which will allow me to do this? Also how would someone be able to mess up the $_SERVER['REQUEST_TIME'] variable, because I thought this was from the server not something from the user, maybe i'm wrong. *** Someone brute forced my cms $_SERVER['REQUEST_TIME'] = 0, ip = '', atotal of over 366000 hit's, but I did ask to be tested, so what can I say, other than thanks... Link to comment https://forums.phpfreaks.com/topic/69306-hacker-check/#findComment-348481 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.