Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- static $query_xss_char;
- static $found_word_xss=0;
- static $found_char=0;
- static $found_word_sqli;
- function firewall_xss_alarm($sanitizeit)//This Function checks for Blacklisted words and logs
- //the ip if possible attack is found
- {
- $sanitizeit= strtolower($sanitizeit);
- $blacklist_word_xss= array("src","javascript","alert","onload","onmouseover","onerror","onmouseout","prompt");
- foreach ($blacklist_word_xss as $blacklist_word_temp)
- {
- if (strpos($sanitizeit,$blacklist_word_temp)!==FALSE)
- {
- $GLOBALS['found_word_xss']=1;
- }
- if ($GLOBALS['found_word_xss']===1)
- {
- $logs=fopen("logs.txt","a");
- fwrite($logs,"Attacker IP=".$_SERVER['REMOTE_ADDR'].":::Possible Attack String:".$sanitizeit."\n") or die("Cannot Write into file");
- break;
- }
- if ($GLOBALS['found_word_xss']===1)
- {
- $ip=fopen("ip.txt","a");
- fwrite($ip,$_SERVER['REMOTE_ADDR']."::");
- }
- }
- }
- function firewall_charcheck_xss($sanitizeit)//This Fuction checks the input for blacklisted characters and words
- //,replace it with space if any illegal character or word is found and returns sanitized string
- {
- $sanitizeit=strtolower($sanitizeit);
- $array1=str_split($sanitizeit);//Splitting String into an array
- $blacklist_char=array("<",">","%","#","=","'",'"',"/",";","",",","&","onload","onmouseover","onerror","onmouseout","src");//Characters to block
- $GLOBALS['query_xss_char'] = str_replace($blacklist_char," ",$sanitizeit);
- return $GLOBALS['query_xss_char'];
- }
- ////Illegal Character Checking Fucntion ENDS Here
- ////////////////////////////////////////////////////////////
- ///////////////////////////////////////////////////
- //Illegal words Checking Function STARTS here
- function firewall_wordcheck_sqli($input)//this function checks for different sql injection words and logs the ip
- //if such word is found
- {
- $input= strtoupper($input);
- $blacklist_word=array("UNION","SELECT","DATABASE()","CONCAT","GROUP_CONCAT");
- foreach ($blacklist_word as $blacklist_word_temp)
- {
- if (strpos($input,$blacklist_word_temp)!==FALSE)
- {
- $GLOBALS['found_word_sqli']=1;
- }
- if ($GLOBALS['found_word_sqli']===1)
- {
- $logs=fopen("logs.txt", "a");
- fwrite($logs,"Attacker Ip:".$_SERVER['REMOTE_ADDR'].":::") or die("Cannot Write into file");
- fwrite($logs,"Attack String:".$input."\n");
- break;
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement