Jump to content

Hacker check

phat_hip_prog

By phat_hip_prog
in PHP Coding Help

 Share

Recommended Posts

phat_hip_prog Member

phat_hip_prog

Posted
Posted

Further last nights post, http://www.phpfreaks.com/forums/index.php/topic,159377.0.html, I now have this function to be placed in front of sensitive areas. However i'm not in a position to check all of it's features, therefore could any of you? It basically checks that you've got the bare essential details and are not using a proxy... anyway...

function check()
{
$result = array();

//	CHECK VALID SESSION
session_start();	//	use if req!
$sid = session_id();
if(strcmp($sid, "") == 0)
{
	$result[] = "unset SESSION_ID";
}
else
{
	$test = eregi_replace("([0-9a-z]+)", "", $sid);
	if (!empty($test))
	{
		$result[] = "bad SESSION_ID";
	}
}


//	CHECK VALID AGENT
if(isset($_SERVER['HTTP_USER_AGENT']))
{
	//$agent = $_SERVER['HTTP_USER_AGENT'];
	if(strlen($_SERVER['HTTP_USER_AGENT']) <= 10)
	{
		$result[] = "short HTTP_USER_AGENT";
	}
}
else
{
	$result[] = "unset HTTP_USER_AGENT";
}


//	CHECK REQUEST_TIME
if(isset($_SERVER['REQUEST_TIME']))
{
	if($_SERVER['REQUEST_TIME'] == 0)
	{
		$result[] = "zero REQUEST_TIME";
	}
	elseif($_SERVER['REQUEST_TIME'] <= (time() - 90000) ) // is request over 25hrs old?
	{
		$result[] = "past REQUEST_TIME";
	}
	elseif($_SERVER['REQUEST_TIME'] >= (time() + 90000) ) // is request over 25hrs in future?
	{
		$result[] = "future REQUEST_TIME";
	}
}
else
{
	$result[] = "unset REQUEST_TIME";
}


//	CHECK ADDRESS
if(isset($_SERVER['REMOTE_ADDR']))
{
	if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) 
		|| (isset($_SERVER['HTTP_VIA'])) 
		|| (isset($_SERVER['HTTP_PROXY_CONNECTION'])) )
	{
		$result[] = "proxy REMOTE_ADDR";
	}
}
else
{
	$result[] = "unset REMOTE_ADDR";
}

return $result;
}

$res = check();
if(count($res)!=0)
{
print "Probably a hacker<br>";
foreach($res as $e)
{
	print $e."<br>";
}
}
else
{
print "PASSED<br>";
}

 

P.S. Remove the start session line if required...

Link to comment
Share on other sites
phat_hip_prog Member

phat_hip_prog

Posted
  • Author
Posted

I'm having trouble getting achilles to run under wine, so i'm stuck with wget to send fake session id's. Can anyone else suggest another app (for linux) which will allow me to do this?

 

Also how would someone be able to mess up the $_SERVER['REQUEST_TIME'] variable, because I thought this was from the server not something from the user, maybe i'm wrong.

 

*** Someone brute forced my cms $_SERVER['REQUEST_TIME'] = 0, ip = '', atotal of over 366000 hit's, but I did ask to be tested, so what can I say, other than thanks...

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.