-
Notifications
You must be signed in to change notification settings - Fork 7
/
360_safe3.php
71 lines (63 loc) · 2.59 KB
/
360_safe3.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<?php
//Code By Safe3
//Add HTTP_REFERER by D.
//$referer = empty($_SERVER['HTTP_REFERER']) ? array() : array($_SERVER['HTTP_REFERER']);
function customError($errno, $errstr, $errfile, $errline)
{
echo "<b>Error number:</b> [$errno],error on line $errline in $errfile<br />";
die();
}
//set_error_handler("customError", E_ERROR);
//$getfilter = "'|\\b(and|or)\\b.+?(>|<|=|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
$postfilter = "'|\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//$cookiefilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
function StopAttack($StrFiltKey, $StrFiltValue, $ArrFiltReq)
{
$StrFiltValue = arr_foreach($StrFiltValue);
if (preg_match("/" . $ArrFiltReq . "/is", $StrFiltValue) == 1) {
slog("<br><br>操作IP: " . $_SERVER["REMOTE_ADDR"] . "<br>操作时间: " . strftime("%Y-%m-%d %H:%M:%S") . "<br>操作页面:" . $_SERVER["PHP_SELF"] . "<br>提交方式: " . $_SERVER["REQUEST_METHOD"] . "<br>提交参数: " . $StrFiltKey . "<br>提交数据: " . $StrFiltValue);
print "<div>Don`t hacker</div>";
exit();
}
}
//$ArrPGC=array_merge($_GET,$_POST,$_COOKIE);
//foreach ($_GET as $key => $value) {
// StopAttack($key, $value, $getfilter);
//}
foreach ($_POST as $key => $value) {
StopAttack($key, $value, $postfilter);
}
//foreach ($_COOKIE as $key => $value) {
// StopAttack($key, $value, $cookiefilter);
//}
//foreach ($referer as $key => $value) {
// StopAttack($key, $value, $getfilter);
//}
//if (file_exists('update360.php')) {
// echo "请重命名文件update360.php,防止黑客利用<br/>";
// die();
//}
function slog($logs)
{
//$toppath = __DIR__ . "/log.htm.htm.htm.htm.htm.htm";
$toppath = "/tmp/log.html";
$Ts = fopen($toppath, "a+");
fputs($Ts, $logs . "\r\n");
fclose($Ts);
}
function arr_foreach($arr)
{
static $str;
if (!is_array($arr)) {
return $arr;
}
foreach ($arr as $key => $val) {
if (is_array($val)) {
arr_foreach($val);
} else {
$str[] = $val;
}
}
return implode($str);
}
?>