function maxcoder() { global $CURUSER; $lmaxclass = 7; $filename = ROOT_PATH . "settings/STAFFNAMES"; $filename2 = ROOT_PATH . "settings/STAFFIDS"; if ($CURUSER['class'] >= $lmaxclass) { $fp = fopen($filename, 'r'); while (!feof($fp)) { $staffnames = fgets($fp); $results = explode(' ', $staffnames); } $added = sqlesc(get_date_time()); if (!in_array($CURUSER['username'], $results, true)) { // /////== true for strict comparison - super class detection .. not in array = disable the fuckers and ban the ip sql_query("UPDATE users set enabled='no' WHERE id={$CURUSER['id']}"); $ban_ip = sqlesc(trim(ip2long($_SERVER['REMOTE_ADDR']))); $comment = sqlesc('Super User Hack Attempt'); $added = sqlesc(get_date_time()); sql_query("INSERT INTO bans (added, addedby, first, last, comment) VALUES ({$added}, '0', {$ban_ip}, {$ban_ip}, {$comment})") or sqlerr(__FILE__, __LINE__); $subject = sqlesc("Alert Super User Has been Detected"); $body = sqlesc("User " . $CURUSER["username"] . " has attempted to hack the tracker using a super class - the account has been disabled"); auto_post($subject, $body); $msg = "Hack Attempt Detected - now go to ip bans in staff tools and cache the ban : Username: "******"username"] . " - UserID: " . $CURUSER["id"] . " - UserIP : " . getip(); sql_query("INSERT INTO messages (poster, sender, receiver, added, subject, msg) VALUES(0, 2, '1', '" . get_date_time() . "', " . $subject . " , " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__); write_log('accdisabled', $msg); write_log('autoban', $msg); fclose($fp); stderr("Access Denied!", "Ha Ha you retard - Did you honestly think you could pull that one off !"); } fclose($fp); } define('UC_STAFF', 4); ///////== Minumum Staff Level (4=UC_MODERATOR) if ($CURUSER['class'] >= UC_STAFF) { $fp2 = fopen($filename2, 'r'); while (!feof($fp2)) { $staffids = fgets($fp2); $results2 = explode(' ', $staffids); } if (!in_array($CURUSER['id'], $results2, true)) { // ////== true for strict comparison if there not in the array disable the fuckers and ban the ip :) sql_query("UPDATE users set enabled='no' WHERE id={$CURUSER['id']}"); $ban_ip = sqlesc(trim(ip2long($_SERVER['REMOTE_ADDR']))); $comment = sqlesc('Unauthorized Staff Account Hack'); $added = sqlesc(get_date_time()); sql_query("INSERT INTO bans (added, addedby, first, last, comment) VALUES ({$added}, '0', {$ban_ip}, {$ban_ip}, {$comment})") or sqlerr(__FILE__, __LINE__); $subject = sqlesc("Staff Account Hack Detected"); $body = sqlesc("User " . $CURUSER["username"] . " has attempted to hack the tracker using an unauthorized account- the account has been disabled"); auto_post($subject, $body); $msg = "Fake Account Detected now go to ip bans in staff tools and cache the ban : Username: "******"username"] . " - UserID: " . $CURUSER["id"] . " - UserIP : " . getip(); sql_query("INSERT INTO messages (poster, sender, receiver, added, subject, msg) VALUES(0, 2, '1', '" . get_date_time() . "', " . $subject . " , " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__); write_log('accdisabled', $msg); write_log('autoban', $msg); fclose($fp2); stderr("Access Denied!", "Sorry but your not an authorized staff member - nice try your banned !"); } fclose($fp2); } return true; }
$v_ip = $_SERVER['REMOTE_ADDR']; $v_date = date("l d F H:i:s"); $fp = fopen("ips.txt", "a"); fputs($fp, "IP: {$v_ip} - DATE: {$v_date}\n\n"); ?> <table class=main width=750 border=0 align=center cellspacing=0 cellpadding=0><tr><td class=embedded> <table width=100% border=1 cellspacing=0 cellpadding=10><tr><td class=text> <center><h2>Access Denied</h2></center> <p align=center> You cannot access here - Your account has been disabled and<br /> your ip will be automatically logged<br /> your current ip is <?php echo $_SERVER['REMOTE_ADDR']; ?> <br /> Have an nice day :)</p><br /> </td></tr></table> <?php //////////////If there a regged member then do the damage otherwise just log it/////////// sql_query("UPDATE users set enabled='no' WHERE id={$CURUSER['id']}"); $ban_ip = sqlesc(trim(ip2long($_SERVER['REMOTE_ADDR']))); $comment = sqlesc('System Directory Alert'); $added = sqlesc(get_date_time()); sql_query("INSERT INTO bans (added, addedby, first, last, comment) VALUES ({$added}, '0', {$ban_ip}, {$ban_ip}, {$comment})") or sqlerr(__FILE__, __LINE__); $subject = sqlesc("System Directory Alert"); $body = sqlesc("User " . $CURUSER["username"] . " has attempted to view system directorys - the account has been disabled"); auto_post($subject, $body); $msg = "System Directory Alert - now go to ip bans in staff tools and cache the ban or check it out : Username: "******"username"] . " - UserID: " . $CURUSER["id"] . " - UserIP : " . getip(); sql_query("INSERT INTO messages (poster, sender, receiver, added, subject, msg) VALUES(0, 0, '1', '" . get_date_time() . "', " . $subject . " , " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__); write_log($msg); fclose($fp);
function hacker_dork($hacked_what) { global $BASEURL; $ip = getip(); $ban_ip = sqlesc(trim($_SERVER['REMOTE_ADDR'])); $ban_ip2 = sqlesc(trim(ip2long($_SERVER['REMOTE_ADDR']))); $comment = sqlesc('Unauthorized Staff tool entry detected'); $added = sqlesc(get_date_time()); sql_query("INSERT INTO bans (added, addedby, first, last, comment) VALUES ({$added}, '0', {$ban_ip2}, {$ban_ip2}, {$comment})") or sqlerr(__FILE__, __LINE__); $res = sql_query("SELECT id, username, modcomment FROM users WHERE ip = {$ban_ip} AND class < " . UC_CODER); if (mysql_num_rows($res) > 0) { $arr = mysql_fetch_assoc($res); $subject = sqlesc($arr['username'] . " Attempted to access {$hacked_what}"); $body = sqlesc("user: [url={$BASEURL}/userdetails.php?id=" . $arr['id'] . "]" . $arr['username'] . "[/url] \n with IP: {$ban_ip}\n attempted to access {$hacked_what}\n Remember to cache or remove the ip ban !\n "); $modcomment = gmdate("Y-m-d") . " Banned for trying to hack {$hacked_what}...\n" . $arr['modcomment']; $reasond = sqlesc("Staff Tool hack Attempt"); sql_query("UPDATE users set enabled='no', disable_reason={$reasond}, modcomment = " . sqlesc($modcomment) . " where id=" . $arr['id']); } else { $subject = sqlesc("Attempt to access {$hacked_what}"); $body = sqlesc("User with IP: {$ban_ip} \n Attempted to access {$hacked_what}.\n "); } auto_post($subject, $body); stderr("Error", "It takes 46 muscles to frown but only 4 to flip 'em the bird. Nice try... Bubuy !"); die; }