-
Help Me Please
I am writing a little hack logger. It is an index.php file that goes into all folders that people should not be accessing directly. When they go to it it records their ip into a mysql db. On the 3rd time their ip gets logged I want it to deny their ip from the site. I tried using the commands from the form source code from ":2082/frontend/x/denyip/add.html" but you need password access to get their.
I got a php working, but
<?php header("location: user@pass:http://www.mysite.com:2082/frontend/x/denyip/add.html?ip=VARIABLE"); won't work because it leaves the bad guy in the cpanel with access. Doh 
Any ideas?
-
You could create a cron job that runs a script as root, and checks the database every 5 mins or so... If someone is logged 3 times you could have the script add there IP to host_deny of your firewall.
Or you could probably do something with .htaccess to deny there IP.
Vince
-
Not bad
Those might work, I like that Idea. I don't have admin access to the server though, I don't think I can write scripts within the cron job, maybe I can. Never done it before. I just have a regular account with a host. I guess you could say I am an advanced user. Will that still work? Like how do I add their ip to the ipdeny manager from anywhere anyways? Sence I can't see the source of cpanel, I can't figure out where it goes into. Other than using the add.html, I know I don't have access to the host's firewall... Maybe the htaccess thing would be nice, but that is only for one directory isn't it... I ponder, there should be a good way of doing this. I will share this script if anyone can help me make it or figure out how to make it.
For those of you knew to this thing, I am making a hacklog index file for folders where people shouldn't be going. Once in an accident twice a coincidence, third time they are hacking. It loggs their i.p.'s and emails the webmaster, plus bans them automatically after the third attempt.
I can write 90% of the thing, just not the banning part.
-
Hi Again,
Here is how to deny someone by IP in a .htaccess file
In your htaccess file, add the following code--changing the IPs to suit your needs--each command on one line each:
order allow,deny
deny from 123.45.6.7
deny from 012.34.5.
allow from all
Assuming you would be using index.php you could have that script log to a database each attempt to access it or any other index.php in your public_html folder. If the database reports that the IP has been logged more than 3 times you could have it add that IP to the .htaccess file.
Of course the .htaccess file only covers one directory. Here is somewhat of a solution.
Your Database
Table IPS - Each listing should have the offending IP, and how many times it has tried to access an index.php in your public_html folder.
Table Directories - Have it list the exact path to every directory that you have a .htaccess file in (ie... Folders you want protected)
Then the code in the index.php would be something like this:
If VisitorsIP equals IPINDATABASE Then {
CHECKHOWMANYVISITS(VisitorsIP);
} else {
ADDVISTORSIP(VisitorsIP)
}
Function CHECKHOWMANYVISITS(VisitorsIP) {
Query Database for number of accesses
$NUMBEROFACCESS = $DBQUERY
If NUMBEROFACCESS > 3 THEN {
ADDIPTOHTACCESS(VisitorsIP);
} ELSE {
$NUMBEROFACCESS = $NUMBEROFACCESS + 1
Update database with new $NUMBEROFACCESS
}
}
Function ADDVISITORSIP {
Add code to log the first attempt here.
}
Function ADDIPTOHTACCESS {
Query Database to get the exact path of every protected directory.
For each EXACTPATH
Add offending IP code to .htaccess code goes here
}
Exact path would probably be in the form of:
/home/YOURUSERNAME/public_html/protected_directory/.htaccess
As you can see this is a basic example, you will have to write the code yourself but I know this will work for you. Maybe there is an easier way, maybe using the cpanel IP Deny Manager. I will look into it and let you know.
LinkBack URL
About LinkBacks
Reply With Quote
