Guest User

PHP code for detecting vuln scans

a guest
Jun 1st, 2012
75
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. function startsWith($haystack, $needle)
  3. {
  4.     $length = strlen($needle);
  5.     return (substr($haystack, 0, $length) === $needle);
  6. }
  7. function startsWithBlocked($needle)
  8. {
  9.     $blockStarts = array(  
  10.         "wp-", "w00tw00t", "server-status", "cgi", "home", "docs", "xmlrpc", "admincp.php", "install.",
  11.         "web.conf", "_vti_i", "version", "pass", "~", "php-bin", "thumbs", "appConf.htm", "user",
  12.         "pma", "myadmin", "admin", "phpmyadmin", "php-my-admin", "webcalendar", "calendar", "dbadmin",
  13.         "mysql", "include", "public_calendar", "web-calendar", "webcalendar", "wcalendar"
  14.     );
  15.     foreach($blockStarts as $i => $value)
  16.     {
  17.         if(startsWith($needle, $value))
  18.         {
  19.             return true;
  20.         }
  21.     }
  22.     return false;
  23. }  
  24. function Sanitize($uri)
  25. {
  26.     $uri = strtolower($uri);
  27.     $uri = urldecode($uri);
  28.     while(startsWith($uri, "/") || startsWith($uri, "./"))
  29.     {
  30.         $length = strlen($uri);
  31.         if(startsWith($uri, "/"))   $uri = substr($uri, 1, $length - 1);
  32.         else if(startsWith($uri, "./")) $uri = substr($uri, 2, $length - 2);
  33.     }
  34.     return $uri;
  35. }
  36. function Block($needle)
  37. {
  38.     $needle = Sanitize($needle);
  39.     return (startsWithBlocked($needle));
  40. }
  41. if(Block($_SERVER['REQUEST_URI']))
  42. {
  43.         $ip = $_SERVER['REMOTE_ADDR'];
  44.         system("echo +$ip >> /proc/net/xt_recent/scandrop");
  45. }
  46. ?>
RAW Paste Data