The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help Me Please

Discussion in 'General Discussion' started by O-Side, Apr 3, 2004.

  1. O-Side

    O-Side Registered

    Joined:
    Apr 3, 2004
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    California
    I am writing a little hack logger. It is an index.php file that goes into all folders that people should not be accessing directly. When they go to it it records their ip into a mysql db. On the 3rd time their ip gets logged I want it to deny their ip from the site. I tried using the commands from the form source code from ":2082/frontend/x/denyip/add.html" but you need password access to get their.

    I got a php working, but
    <?php header("location: user@pass:http://www.mysite.com:2082/frontend/x/denyip/add.html?ip=VARIABLE"); won't work because it leaves the bad guy in the cpanel with access. Doh :(

    Any ideas?
     
  2. vwiley1

    vwiley1 Well-Known Member

    Joined:
    Oct 4, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    You could create a cron job that runs a script as root, and checks the database every 5 mins or so... If someone is logged 3 times you could have the script add there IP to host_deny of your firewall.

    Or you could probably do something with .htaccess to deny there IP.

    Vince
     
  3. O-Side

    O-Side Registered

    Joined:
    Apr 3, 2004
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    California
    Not bad

    Those might work, I like that Idea. I don't have admin access to the server though, I don't think I can write scripts within the cron job, maybe I can. Never done it before. I just have a regular account with a host. I guess you could say I am an advanced user. Will that still work? Like how do I add their ip to the ipdeny manager from anywhere anyways? Sence I can't see the source of cpanel, I can't figure out where it goes into. Other than using the add.html, I know I don't have access to the host's firewall... Maybe the htaccess thing would be nice, but that is only for one directory isn't it... I ponder, there should be a good way of doing this. I will share this script if anyone can help me make it or figure out how to make it.

    For those of you knew to this thing, I am making a hacklog index file for folders where people shouldn't be going. Once in an accident twice a coincidence, third time they are hacking. It loggs their i.p.'s and emails the webmaster, plus bans them automatically after the third attempt.

    I can write 90% of the thing, just not the banning part.
     
  4. vwiley1

    vwiley1 Well-Known Member

    Joined:
    Oct 4, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Hi Again,

    Here is how to deny someone by IP in a .htaccess file

    In your htaccess file, add the following code--changing the IPs to suit your needs--each command on one line each:

    order allow,deny
    deny from 123.45.6.7
    deny from 012.34.5.
    allow from all


    Assuming you would be using index.php you could have that script log to a database each attempt to access it or any other index.php in your public_html folder. If the database reports that the IP has been logged more than 3 times you could have it add that IP to the .htaccess file.

    Of course the .htaccess file only covers one directory. Here is somewhat of a solution.

    Your Database
    Table IPS - Each listing should have the offending IP, and how many times it has tried to access an index.php in your public_html folder.

    Table Directories - Have it list the exact path to every directory that you have a .htaccess file in (ie... Folders you want protected)

    Then the code in the index.php would be something like this:
    If VisitorsIP equals IPINDATABASE Then {
    CHECKHOWMANYVISITS(VisitorsIP);
    } else {
    ADDVISTORSIP(VisitorsIP)
    }

    Function CHECKHOWMANYVISITS(VisitorsIP) {
    Query Database for number of accesses
    $NUMBEROFACCESS = $DBQUERY
    If NUMBEROFACCESS > 3 THEN {
    ADDIPTOHTACCESS(VisitorsIP);
    } ELSE {
    $NUMBEROFACCESS = $NUMBEROFACCESS + 1
    Update database with new $NUMBEROFACCESS
    }
    }

    Function ADDVISITORSIP {
    Add code to log the first attempt here.
    }

    Function ADDIPTOHTACCESS {
    Query Database to get the exact path of every protected directory.

    For each EXACTPATH
    Add offending IP code to .htaccess code goes here
    }


    Exact path would probably be in the form of:
    /home/YOURUSERNAME/public_html/protected_directory/.htaccess


    As you can see this is a basic example, you will have to write the code yourself but I know this will work for you. Maybe there is an easier way, maybe using the cpanel IP Deny Manager. I will look into it and let you know.
     
Loading...

Share This Page