function protector_prepare() { // Preferences (for performance, I dare to use an irregular method) $conn = @mysql_connect(XOOPS_DB_HOST, XOOPS_DB_USER, XOOPS_DB_PASS); mysql_select_db(XOOPS_DB_NAME, $conn); // Protector class require_once XOOPS_ROOT_PATH . '/modules/protector/class/protector.php'; $protector =& Protector::getInstance($conn); $conf = $protector->getConf(); // petit-encrypt password for disabling bad_ips // I know this method is not a good way :-) if (substr($conf['passwd_disabling_bip'], 0, 3) != '*=*') { $encrypted_password4sql = addslashes('*=*' . md5($conf['passwd_disabling_bip'] . XOOPS_DB_PREFIX)); mysql_query("UPDATE " . XOOPS_DB_PREFIX . "_config SET conf_value='{$encrypted_password4sql}' WHERE conf_title='_MI_PROTECTOR_PASSWD_BIP' AND conf_name='passwd_disabling_bip'", $conn); } // global enabled or disabled if (!empty($conf['global_disabled'])) { return true; } // reliable ips $reliable_ips = unserialize($conf['reliable_ips']); $is_reliable = false; foreach ($reliable_ips as $reliable_ip) { if (!empty($reliable_ip) && preg_match('/' . $reliable_ip . '/', $_SERVER['REMOTE_ADDR'])) { $is_reliable = true; } } // force intval variables whose name is *id if (!empty($conf['id_forceintval'])) { $protector->intval_allrequestsendid(); } // eliminate '..' from requests looks like file specifications if (!$is_reliable && !empty($conf['file_dotdot'])) { $protector->eliminate_dotdot(); } // Check uploaded files if (!$is_reliable && !empty($_FILES) && !empty($conf['die_badext']) && !defined('PROTECTOR_SKIP_FILESCHECKER') && !$protector->check_uploaded_files()) { $protector->output_log($protector->last_error_type); $protector->purge(); } // Variables contamination if (!$protector->check_contami_systemglobals()) { if ($conf['contami_action'] & 4) { $protector->_should_be_banned = true; $_GET = $_POST = array(); } $protector->output_log($protector->last_error_type); if ($conf['contami_action'] & 2) { $protector->purge(); } } // prepare for DoS //if( ! $protector->check_dos_attack_prepare() ) { // $protector->output_log( $protector->last_error_type , 0 , true ) ; //} if (!empty($conf['patch_2092'])) { $protector->patch_2092(); } }
function injectionFound($sql) { $protector =& Protector::getInstance(); $protector->last_error_type = 'SQL Injection'; $protector->message .= $sql; $protector->output_log($protector->last_error_type); die('SQL Injection found'); }
function execute() { echo _MD_PROTECTOR_YOUAREBADIP; $protector =& Protector::getInstance(); if ($protector->ip_matched_info) { printf(_MD_PROTECTOR_FMT_JAILINFO, date(_MD_PROTECTOR_FMT_JAILTIME, $protector->ip_matched_info)); } exit; }
function execute() { echo _MD_PROTECTOR_YOUAREBADIP; $protector =& Protector::getInstance(); if ($protector->ip_matched_info) { printf(_MD_PROTECTOR_FMT_JAILINFO, date(_MD_PROTECTOR_FMT_JAILTIME, $protector->ip_matched_info)); } error_log('Protector: badip ' . @$_SERVER['REMOTE_ADDR'], 0); exit; }
/** * @static * * @param $args */ static function eventCoreClassDatabaseDatabasefactoryConnection($args) { // Protector class require_once dirname(__DIR__) . '/class/protector.php'; // Protector object $protector = Protector::getInstance(); $conf = $protector->getConf(); // "DB Layer Trapper" $force_override = strstr(@$_SERVER['REQUEST_URI'], 'protector/admin/index.php?page=advisory') ? true : false; //$force_override = true ; if ($force_override || !empty($conf['enable_dblayertrap'])) { @define('PROTECTOR_ENABLED_ANTI_SQL_INJECTION', 1); $protector->dblayertrap_init($force_override); } if (defined('XOOPS_DB_ALTERNATIVE') && class_exists(XOOPS_DB_ALTERNATIVE)) { $args[0] = XOOPS_DB_ALTERNATIVE; } }
/** * Maintenance Form * @return void */ public function getPrefIp($bad_ips4disp, $group1_ips4disp) { global $xoopsDB; $db = $xoopsDB; $protector = Protector::getInstance($db->conn); require_once dirname(__DIR__) . '/gtickets.php'; parent::__construct('', "form_prefip", "center.php", 'post', true); $bad_ips = new Xoops\Form\TextArea(_AM_TH_BADIPS, 'bad_ips', $bad_ips4disp, 3, 90); $bad_ips->setDescription('<br />' . htmlspecialchars($protector->get_filepath4badips())); $bad_ips->setClass('span3'); $this->addElement($bad_ips); $group1_ips = new Xoops\Form\TextArea(_AM_TH_GROUP1IPS, 'group1_ips', $group1_ips4disp, 3, 90); $group1_ips->setDescription('<br />' . htmlspecialchars($protector->get_filepath4group1ips())); $group1_ips->setClass('span3'); $this->addElement($group1_ips); $formTicket = new xoopsGTicket(); $this->addElement(new Xoops\Form\Hidden("action", "update_ips")); $ticket = $formTicket->getTicketXoopsForm(__LINE__, 1800, 'protector_admin'); $this->addElement($ticket); $this->addElement(new Xoops\Form\Button('', "submit_prefip", XoopsLocale::A_SUBMIT, "submit")); }
require_once dirname(dirname(__FILE__)) . '/class/gtickets.php'; //dirty trick to get navigation working with system menus if (isset($_GET['num'])) { $_SERVER['REQUEST_URI'] = 'admin/center.php?page=center'; } $myts =& MyTextSanitizer::getInstance(); $db =& XoopsDatabaseFactory::getDatabaseConnection(); // GET vars $pos = empty($_GET['pos']) ? 0 : intval($_GET['pos']); $num = empty($_GET['num']) ? 20 : intval($_GET['num']); // Table Name $log_table = $db->prefix($mydirname . "_log"); // Protector object require_once dirname(dirname(__FILE__)) . '/class/protector.php'; $db =& XoopsDatabaseFactory::getDatabaseConnection(); $protector =& Protector::getInstance($db->conn); $conf = $protector->getConf(); // // transaction stage // if (!empty($_POST['action'])) { // Ticket check if (!$xoopsGTicket->check(true, 'protector_admin')) { redirect_header(XOOPS_URL . '/', 3, $xoopsGTicket->getErrors()); } if ($_POST['action'] == 'update_ips') { $error_msg = ''; $lines = empty($_POST['bad_ips']) ? array() : explode("\n", trim($_POST['bad_ips'])); $bad_ips = array(); foreach ($lines as $line) { @(list($bad_ip, $jailed_time) = explode(':', $line, 2));
function get_group1_ips($with_info = false) { list($group1_ips_serialized) = @file(Protector::get_filepath4group1ips()); $group1_ips = empty($group1_ips_serialized) ? array() : @unserialize($group1_ips_serialized); if (!is_array($group1_ips)) { $group1_ips = array(); } if ($with_info) { $group1_ips = array_flip($group1_ips); } return $group1_ips; }
function protector_postcommon() { global $xoopsUser, $xoopsModule; // patch for 2.2.x from xoops.org (I know this is not so beautiful...) if (substr(@XOOPS_VERSION, 6, 3) > 2.0 && stristr(@$_SERVER['REQUEST_URI'], 'modules/system/admin.php?fct=preferences')) { $module_handler =& xoops_gethandler('module'); $module =& $module_handler->get(intval(@$_GET['mod'])); if (is_object($module)) { $module->getInfo(); } } // configs writable check if (@$_SERVER['REQUEST_URI'] == '/admin.php' && !is_writable(dirname(dirname(__FILE__)) . '/configs')) { trigger_error('You should turn the directory ' . dirname(dirname(__FILE__)) . '/configs writable', E_USER_WARNING); } // Protector object require_once dirname(dirname(__FILE__)) . '/class/protector.php'; $db =& Database::getInstance(); $protector =& Protector::getInstance(); $protector->setConn($db->conn); $protector->updateConfFromDb(); $conf = $protector->getConf(); if (empty($conf)) { return true; } // not installed yet // phpmailer vulnerability // http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/ if (in_array(substr(XOOPS_VERSION, 0, 12), array('XOOPS 2.0.16', 'XOOPS 2.0.13', 'XOOPS 2.2.4'))) { $config_handler =& xoops_gethandler('config'); $xoopsMailerConfig =& $config_handler->getConfigsByCat(XOOPS_CONF_MAILER); if ($xoopsMailerConfig['mailmethod'] == 'sendmail' && md5_file(XOOPS_ROOT_PATH . '/class/mail/phpmailer/class.phpmailer.php') == 'ee1c09a8e579631f0511972f929fe36a') { echo '<strong>phpmailer security hole! Change the preferences of mail from "sendmail" to another, or upgrade the core right now! (message by protector)</strong>'; } } // global enabled or disabled if (!empty($conf['global_disabled'])) { return true; } // group1_ips (groupid=1) if (is_object($xoopsUser) && in_array(1, $xoopsUser->getGroups())) { $group1_ips = $protector->get_group1_ips(true); if (implode('', array_keys($group1_ips))) { $group1_allow = $protector->ip_match($group1_ips); if (empty($group1_allow)) { die('This account is disabled for your IP by Protector.<br />Clear cookie if you want to access this site as a guest.'); } } } // reliable ips $reliable_ips = @unserialize(@$conf['reliable_ips']); if (is_array($reliable_ips)) { foreach ($reliable_ips as $reliable_ip) { if (!empty($reliable_ip) && preg_match('/' . $reliable_ip . '/', $_SERVER['REMOTE_ADDR'])) { return true; } } } // user information (uid and can be banned) if (is_object(@$xoopsUser)) { $uid = $xoopsUser->getVar('uid'); $can_ban = count(@array_intersect($xoopsUser->getGroups(), @unserialize(@$conf['bip_except']))) ? false : true; } else { // login failed check if (!empty($_POST['uname']) && !empty($_POST['pass']) || !empty($_COOKIE['autologin_uname']) && !empty($_COOKIE['autologin_pass'])) { $protector->check_brute_force(); } $uid = 0; $can_ban = true; } // If precheck has already judged that he should be banned if ($can_ban && $protector->_should_be_banned) { $protector->register_bad_ips(); } else { if ($can_ban && $protector->_should_be_banned_time0) { $protector->register_bad_ips(time() + $protector->_conf['banip_time0']); } } // DOS/CRAWLER skipping based on 'dirname' or getcwd() $dos_skipping = false; $skip_dirnames = explode('|', @$conf['dos_skipmodules']); if (!is_array($skip_dirnames)) { $skip_dirnames = array(); } if (is_object(@$xoopsModule)) { if (in_array($xoopsModule->getVar('dirname'), $skip_dirnames)) { $dos_skipping = true; } } else { foreach ($skip_dirnames as $skip_dirname) { if ($skip_dirname && strstr(getcwd(), $skip_dirname)) { $dos_skipping = true; break; } } } // module can controll DoS skipping if (defined('PROTECTOR_SKIP_DOS_CHECK')) { $dos_skipping = true; } // DoS Attack if (empty($dos_skipping) && !$protector->check_dos_attack($uid, $can_ban)) { $protector->output_log($protector->last_error_type, $uid, true, 16); } // check session hi-jacking $ips = explode('.', @$_SESSION['protector_last_ip']); $protector_last_numip = @$ips[0] * 0x1000000 + @$ips[1] * 0x10000 + @$ips[2] * 0x100 + @$ips[3]; $ips = explode('.', $_SERVER['REMOTE_ADDR']); $remote_numip = @$ips[0] * 0x1000000 + @$ips[1] * 0x10000 + @$ips[2] * 0x100 + @$ips[3]; $shift = 32 - @$conf['session_fixed_topbit']; if ($shift < 32 && $shift >= 0 && !empty($_SESSION['protector_last_ip']) && $protector_last_numip >> $shift != $remote_numip >> $shift) { if (is_object($xoopsUser) && count(array_intersect($xoopsUser->getGroups(), unserialize($conf['groups_denyipmove'])))) { $protector->purge(true); } } $_SESSION['protector_last_ip'] = $_SERVER['REMOTE_ADDR']; // SQL Injection "Isolated /*" if (!$protector->check_sql_isolatedcommentin(@$conf['isocom_action'] & 1)) { if ($conf['isocom_action'] & 8 && $can_ban) { $protector->register_bad_ips(); } else { if ($conf['isocom_action'] & 4 && $can_ban) { $protector->register_bad_ips(time() + $protector->_conf['banip_time0']); } } $protector->output_log('ISOCOM', $uid, true, 32); if ($conf['isocom_action'] & 2) { $protector->purge(); } } // SQL Injection "UNION" if (!$protector->check_sql_union(@$conf['union_action'] & 1)) { if ($conf['union_action'] & 8 && $can_ban) { $protector->register_bad_ips(); } else { if ($conf['union_action'] & 4 && $can_ban) { $protector->register_bad_ips(time() + $protector->_conf['banip_time0']); } } $protector->output_log('UNION', $uid, true, 32); if ($conf['union_action'] & 2) { $protector->purge(); } } if (!empty($_POST)) { // SPAM Check if (is_object($xoopsUser)) { if (!$xoopsUser->isAdmin() && $conf['spamcount_uri4user']) { $protector->spam_check(intval($conf['spamcount_uri4user']), $xoopsUser->getVar('uid')); } } else { if ($conf['spamcount_uri4guest']) { $protector->spam_check(intval($conf['spamcount_uri4guest']), 0); } } // filter plugins for POST on postcommon stage $protector->call_filter('postcommon_post'); } // register.php Protection if ($_SERVER['SCRIPT_FILENAME'] == XOOPS_ROOT_PATH . '/register.php') { $protector->call_filter('postcommon_register'); } }
function ProtectorFilterHandler() { $this->protector = Protector::getInstance(); $this->filters_base = dirname(__DIR__) . '/filters_enabled'; }
/** * @return null|boolean */ function protector_precheck() { // check the access is from install/index.php if (defined('_INSTALL_CHARSET') && !is_writable(\XoopsBaseConfig::get('root-path') . '/mainfile.php')) { die('To use installer, remove protector\'s lines from mainfile.php first.'); } // Protector class require_once dirname(__DIR__) . '/class/protector.php'; // Protector object $protector = Protector::getInstance(); $conf = $protector->getConf(); // bandwidth limitation if (@$conf['bwlimit_count'] >= 10) { $bwexpire = $protector->get_bwlimit(); if ($bwexpire > time()) { header('HTTP/1.0 503 Service unavailable'); $protector->call_filter('precommon_bwlimit', 'This site is very crowed now. try later.'); } } // bad_ips $bad_ips = $protector->get_bad_ips(true); $bad_ip_match = $protector->ip_match($bad_ips); if ($bad_ip_match) { $protector->call_filter('precommon_badip', 'You are registered as BAD_IP by Protector.'); } // global enabled or disabled if (!empty($conf['global_disabled'])) { return true; } // reliable ips $reliable_ips = @unserialize(@$conf['reliable_ips']); if (!is_array($reliable_ips)) { // for the environment of (buggy core version && magic_quotes_gpc) $reliable_ips = @unserialize(stripslashes(@$conf['reliable_ips'])); if (!is_array($reliable_ips)) { $reliable_ips = array(); } } $is_reliable = false; foreach ($reliable_ips as $reliable_ip) { if (!empty($reliable_ip) && preg_match('/' . $reliable_ip . '/', $_SERVER['REMOTE_ADDR'])) { $is_reliable = true; } } // "Big Umbrella" subset version if (!empty($conf['enable_bigumbrella'])) { @define('PROTECTOR_ENABLED_ANTI_XSS', 1); $protector->bigumbrella_init(); } // force intval variables whose name is *id if (!empty($conf['id_forceintval'])) { $protector->intval_allrequestsendid(); } // eliminate '..' from requests looks like file specifications if (!$is_reliable && !empty($conf['file_dotdot'])) { $protector->eliminate_dotdot(); } // Check uploaded files if (!$is_reliable && !empty($_FILES) && !empty($conf['die_badext']) && !defined('PROTECTOR_SKIP_FILESCHECKER') && !$protector->check_uploaded_files()) { $protector->output_log($protector->last_error_type); $protector->purge(); } // Variables contamination if (!$protector->check_contami_systemglobals()) { if (@$conf['contami_action'] & 4) { if (@$conf['contami_action'] & 8) { $protector->_should_be_banned = true; } else { $protector->_should_be_banned_time0 = true; } $_GET = $_POST = array(); } $protector->output_log($protector->last_error_type); if (@$conf['contami_action'] & 2) { $protector->purge(); } } // prepare for DoS //if( ! $protector->check_dos_attack_prepare() ) { // $protector->output_log( $protector->last_error_type , 0 , true ) ; //} if (!empty($conf['disable_features'])) { $protector->disable_features(); } return true; }
function protector_postcommon() { global $xoopsUser, $xoopsDB, $xoopsModule; // Protector class require_once XOOPS_ROOT_PATH . '/modules/protector/class/protector.php'; $protector =& Protector::getInstance($xoopsDB->conn); $conf = $protector->getConf(); // global enabled or disabled if (!empty($conf['global_disabled'])) { return true; } // reliable ips $reliable_ips = unserialize($conf['reliable_ips']); foreach ($reliable_ips as $reliable_ip) { if (!empty($reliable_ip) && preg_match('/' . $reliable_ip . '/', $_SERVER['REMOTE_ADDR'])) { return true; } } // user information (uid and can be banned) if (is_object(@$xoopsUser)) { $uid = $xoopsUser->getVar('uid'); $can_ban = count(array_intersect($xoopsUser->getGroups(), unserialize($conf['bip_except']))) ? false : true; } else { // login failed check if (!empty($_POST['uname']) && !empty($_POST['pass']) || !empty($_COOKIE['autologin_uname']) && !empty($_COOKIE['autologin_pass'])) { $protector->check_brute_force(); } $uid = 0; $can_ban = true; } // If precheck has already judged that he should be banned if ($can_ban && $protector->_should_be_banned) { $protector->register_bad_ips(); } // DOS/CRAWLER skipping based on 'dirname' $skip_dirnames = explode('|', $conf['dos_skipmodules']); if (!is_array($skip_dirnames)) { $skip_dirnames = array(); } if (is_object(@$xoopsModule) && in_array($xoopsModule->getVar('dirname'), $skip_dirnames)) { $dos_skipping = true; } // DoS Attack if (empty($dos_skipping) && !$protector->check_dos_attack($uid, $can_ban)) { $protector->output_log($protector->last_error_type, $uid, true, 16); } // check session hi-jacking if (!empty($_SESSION['protector_last_ip']) && $_SESSION['protector_last_ip'] != $_SERVER['REMOTE_ADDR']) { if (is_object($xoopsUser) && count(array_intersect($xoopsUser->getGroups(), unserialize($conf['groups_denyipmove'])))) { $protector->purge(true); } } $_SESSION['protector_last_ip'] = $_SERVER['REMOTE_ADDR']; // SQL Injection "Isolated /*" if (!$protector->check_sql_isolatedcommentin($conf['isocom_action'] & 1)) { if ($conf['isocom_action'] & 4 && $can_ban) { $protector->register_bad_ips(); } $protector->output_log('ISOCOM', $uid, 64); if ($conf['isocom_action'] & 2) { $protector->purge(); } } // SQL Injection "UNION" if (!$protector->check_sql_union($conf['union_action'] & 1)) { if ($conf['union_action'] & 4 && $can_ban) { $protector->register_bad_ips(); } $protector->output_log('UNION', $uid, 64); if ($conf['union_action'] & 2) { $protector->purge(); } } }
function ProtectorFilterHandler() { $this->protector =& Protector::getInstance(); $this->filters_base = dirname(dirname(__FILE__)) . '/filters_enabled'; $this->filters_byconfig = dirname(dirname(__FILE__)) . '/filters_byconfig'; }
public function __constructor($post) { parent::__construct($post); }
/** * ProtectorFilterHandler constructor. */ protected function __construct() { $this->protector = Protector::getInstance(); $this->filters_base = dirname(__DIR__) . '/filters_enabled'; }