|
v7 Apsauga nuo proxy
|
| Nepster |
parašyta 2012-11-20 07:19
|
S.Administratorius
Reputacija:
0
Pranešimai: 670
Įstojo: 2007-01-02
|
Nereikia jau turbt ai?kinti kam naudojami proxy ir kam kartais juos u?blokuot reikia :)
U?blokuosime proxius registracijoje tai yra register.php faile.
Atsidarome register.php ir susirandam
 Codeif (iMEMBER || !$settings['enable_registration']) { redirect(\"index.php\"); }
ir ia terpiame:
 GeSHi: PHP// protection against anonymous proxy. Mod by Wanabo if (empty($_SERVER['REMOTE_ADDR'])) { die ("Sorry, no registration possible through an anonymous proxy!\n"); } //// block proxies. Mod by Wanabo if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { die ("Sorry, no registration possible through a proxy!\n"); } //// end proxy mod.
Parsed in 0.021 seconds, using GeSHi 1.0.8.10
Redagavo Nepster 2012-11-20 07:20 |
| |
|
|
| MariukasR |
parašyta 2012-11-20 16:08
|
Moderatorius
Reputacija:
0
Pranešimai: 435
Įstojo: 2010-11-12
|
Beje ia ir v6 ir v7 gali naudot ir netgi v8 gals naudot ? kod tai gali para?yt, kad kiti nesakytu perdarykite man :D
Op pirm kart matau tok lengv koduk, netgi nebiau pagalvojs kad taip lengvai galima apsisaugoti, metu savo tinklap ir testuoju :) Dkui.
Bet ?iaip geriau mesti maincore.php fail :)
Nelabai ir veikia ?is ma?as kodukas, sakau taip lengvai irgi neapsisaugosi..
Redagavo MariukasR 2012-11-20 16:22
moderator |
| |
|
|
| Nepster |
parašyta 2012-11-20 16:26
|
S.Administratorius
Reputacija:
0
Pranešimai: 670
Įstojo: 2007-01-02
|
Gerai kad atsiranda ka?kas kam tai domu...
Ten vis proxiu tikrai neu?blokuos kai kuriuos tikrai turi
Bet radau truputi rimtesni script :D gali isbandyt
Parser note: Code too big for GeSHi! Using code tag instead: function get_ip()
{
global $REMOTE_ADDR;
global $HTTP_X_FORWARDED_FOR, $HTTP_X_FORWARDED, $HTTP_FORWARDED_FOR, $HTTP_FORWARDED;
global $HTTP_VIA, $HTTP_X_COMING_FROM, $HTTP_COMING_FROM;
global $HTTP_SERVER_VARS, $HTTP_ENV_VARS;
// Get some server/environment variables values
if(empty($REMOTE_ADDR))
{
if(!empty($_SERVER)&&isset($_SERVER['REMOTE_ADDR']))
{
$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
}
elseif(!empty($_ENV)&&isset($_ENV['REMOTE_ADDR']))
{
$REMOTE_ADDR = $_ENV['REMOTE_ADDR'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['REMOTE_ADDR']))
{
$REMOTE_ADDR = $HTTP_SERVER_VARS['REMOTE_ADDR'];
}
elseif(!empty($HTTP_ENV_VARS)&&isset($HTTP_ENV_VARS['REMOTE_ADDR']))
{
$REMOTE_ADDR = $HTTP_ENV_VARS['REMOTE_ADDR'];
}
elseif(@getenv('REMOTE_ADDR'))
{
$REMOTE_ADDR = getenv('REMOTE_ADDR');
}
} // end if
if(empty($HTTP_X_FORWARDED_FOR))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$HTTP_X_FORWARDED_FOR = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED_FOR']))
{
$HTTP_X_FORWARDED_FOR = $_ENV['HTTP_X_FORWARDED_FOR'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']))
{
$HTTP_X_FORWARDED_FOR = $HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR']))
{
$HTTP_X_FORWARDED_FOR = $HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR'];
}
elseif(@getenv('HTTP_X_FORWARDED_FOR'))
{
$HTTP_X_FORWARDED_FOR = getenv('HTTP_X_FORWARDED_FOR');
}
} // end if
if(empty($HTTP_X_FORWARDED))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED']))
{
$HTTP_X_FORWARDED = $_SERVER['HTTP_X_FORWARDED'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED']))
{
$HTTP_X_FORWARDED = $_ENV['HTTP_X_FORWARDED'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED']))
{
$HTTP_X_FORWARDED = $HTTP_SERVER_VARS['HTTP_X_FORWARDED'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_X_FORWARDED']))
{
$HTTP_X_FORWARDED = $HTTP_ENV_VARS['HTTP_X_FORWARDED'];
}
elseif(@getenv('HTTP_X_FORWARDED'))
{
$HTTP_X_FORWARDED = getenv('HTTP_X_FORWARDED');
}
} // end if
if(empty($HTTP_FORWARDED_FOR))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED_FOR']))
{
$HTTP_FORWARDED_FOR = $_SERVER['HTTP_FORWARDED_FOR'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_FORWARDED_FOR']))
{
$HTTP_FORWARDED_FOR = $_ENV['HTTP_FORWARDED_FOR'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_FORWARDED_FOR']))
{
$HTTP_FORWARDED_FOR = $HTTP_SERVER_VARS['HTTP_FORWARDED_FOR'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_FORWARDED_FOR']))
{
$HTTP_FORWARDED_FOR = $HTTP_ENV_VARS['HTTP_FORWARDED_FOR'];
}
elseif(@getenv('HTTP_FORWARDED_FOR'))
{
$HTTP_FORWARDED_FOR = getenv('HTTP_FORWARDED_FOR');
}
} // end if
if(empty($HTTP_FORWARDED))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED']))
{
$HTTP_FORWARDED = $_SERVER['HTTP_FORWARDED'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_FORWARDED']))
{
$HTTP_FORWARDED = $_ENV['HTTP_FORWARDED'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_FORWARDED']))
{
$HTTP_FORWARDED = $HTTP_SERVER_VARS['HTTP_FORWARDED'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_FORWARDED']))
{
$HTTP_FORWARDED = $HTTP_ENV_VARS['HTTP_FORWARDED'];
}
elseif(@getenv('HTTP_FORWARDED'))
{
$HTTP_FORWARDED = getenv('HTTP_FORWARDED');
}
} // end if
if(empty($HTTP_VIA))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_VIA']))
{
$HTTP_VIA = $_SERVER['HTTP_VIA'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_VIA']))
{
$HTTP_VIA = $_ENV['HTTP_VIA'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_VIA']))
{
$HTTP_VIA = $HTTP_SERVER_VARS['HTTP_VIA'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_VIA']))
{
$HTTP_VIA = $HTTP_ENV_VARS['HTTP_VIA'];
}
elseif(@getenv('HTTP_VIA'))
{
$HTTP_VIA = getenv('HTTP_VIA');
}
} // end if
if(empty($HTTP_X_COMING_FROM))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_X_COMING_FROM']))
{
$HTTP_X_COMING_FROM = $_SERVER['HTTP_X_COMING_FROM'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_X_COMING_FROM']))
{
$HTTP_X_COMING_FROM = $_ENV['HTTP_X_COMING_FROM'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_X_COMING_FROM']))
{
$HTTP_X_COMING_FROM = $HTTP_SERVER_VARS['HTTP_X_COMING_FROM'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_X_COMING_FROM']))
{
$HTTP_X_COMING_FROM = $HTTP_ENV_VARS['HTTP_X_COMING_FROM'];
}
elseif(@getenv('HTTP_X_COMING_FROM'))
{
$HTTP_X_COMING_FROM = getenv('HTTP_X_COMING_FROM');
}
} // end if
if(empty($HTTP_COMING_FROM))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_COMING_FROM']))
{
$HTTP_COMING_FROM = $_SERVER['HTTP_COMING_FROM'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_COMING_FROM']))
{
$HTTP_COMING_FROM = $_ENV['HTTP_COMING_FROM'];
}
elseif(!empty($HTTP_COMING_FROM) && isset($HTTP_SERVER_VARS['HTTP_COMING_FROM']))
{
$HTTP_COMING_FROM = $HTTP_SERVER_VARS['HTTP_COMING_FROM'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_COMING_FROM']))
{
$HTTP_COMING_FROM = $HTTP_ENV_VARS['HTTP_COMING_FROM'];
}
elseif(@getenv('HTTP_COMING_FROM'))
{
$HTTP_COMING_FROM = getenv('HTTP_COMING_FROM');
}
} // end if
// Gets the default ip sent by the user
if(!empty($REMOTE_ADDR))
{
$direct_ip = $REMOTE_ADDR;
}
// Gets the proxy ip sent by the user
$proxy_ip='';
if(!empty($HTTP_X_FORWARDED_FOR))$proxy_ip = $HTTP_X_FORWARDED_FOR;
elseif(!empty($HTTP_X_FORWARDED))$proxy_ip = $HTTP_X_FORWARDED;
elseif(!empty($HTTP_FORWARDED_FOR))$proxy_ip = $HTTP_FORWARDED_FOR;
elseif(!empty($HTTP_FORWARDED))$proxy_ip = $HTTP_FORWARDED;
elseif(!empty($HTTP_VIA))$proxy_ip = $HTTP_VIA;
elseif(!empty($HTTP_X_COMING_FROM))$proxy_ip = $HTTP_X_COMING_FROM;
elseif(!empty($HTTP_COMING_FROM))$proxy_ip = $HTTP_COMING_FROM;
// Returns the true IP if it has been found, else FALSE
if (empty($proxy_ip))
{
// True IP without proxy
return $direct_ip;
}
else
{
$is_ip = ereg('^([0-9]{1,3}\.){3,3}[0-9]{1,3}', $proxy_ip, $regs);
if($is_ip && (count($regs) > 0))
{
// True IP behind a proxy
return $regs[0];
}
else
{
// Can't define IP: there is a proxy but we don't have
// information about the true IP
return FALSE;
}
} // end if... else...
}
Redagavo Nepster 2012-11-20 16:26 |
| |
|
|
| MariukasR |
parašyta 2012-11-20 16:36
|
Moderatorius
Reputacija:
0
Pranešimai: 435
Įstojo: 2010-11-12
|
Tuoj i?meginsiu, dar jauiu pamokel imesiu kaip prisitaikyt ? script, nes daugelis nemoks funkcijos panaudot :)
Radau, manau tok paprast script, bet jis pana?us ?iauriai nepster pirm, ne?inau kodl man jis neveik.. :S, beje dar geriau veikia negu tas ilgas. Netgi tikr IP i?gauna ir dar per opera turbo pasijungs per manoip.lt rodo proxy IP o per ? scriptuk rodo kai u?viksuoja IP tikr, tai manau galima netgi pasidaryt su report sisteml, kas naudoja proxy i? ?io scriptuko ir stebti narius ir dar galima ban sistem pasiredaguot eis su proxy i?trauks js tikr IP adres ir ?e tau rodo kad banintas esi :) Nereikia joki sudting sistem viskas paprastai padaroma, netgi pats nustebau.
Taigi ia kodukas maincore.php gale prie? include INCLUDES."system_images.php";
GeSHi: PHP function get_ip() { if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet { $ip=$_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy { $ip=$_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip=$_SERVER['REMOTE_ADDR']; } return $ip; }
Parsed in 0.024 seconds, using GeSHi 1.0.8.10
O ?it kod dkit kaip ir nepsteris sak prie? ? kod register.php faile:
if (iMEMBER || !$settings['enable_registration']) { redirect("index.php"); }
?tai kodukas kur reikia panaudoti register.php :)
GeSHi: PHP if ((get_ip ()) !== $_SERVER['REMOTE_ADDR']) { die ("<center><strong>Junk lauk proxy, nes tavo tikras IP yra <font color='red'><u>".get_ip ()."</u></font></strong></center>"); }
Parsed in 0.024 seconds, using GeSHi 1.0.8.10
Papildyta:
Kam domu kas kaip veikia.. Ogi paprasta ia viskas pasidomjau labiau ir kilo neblog dj. Dkui nepsteriui kad u?vedei ant ?ito :D
Dabar proxy nenustato keli dalykli, ai?ku kaip koks proxy ir vat lengvai fiksuoj visk, paprasta labai, bet naudinga dar labiau, su ?iuo kodu galima taip pasidaryt, kad retai kas tok dalyk turs ir manau nereiktu dalintis tokiais dalykais, jeigu kas pasidaryt, nes po to galimi visokie apjimai ir t.t. Geriau jei pasidarot turkit pas save ir naudokit. O kokiu skydeliu visi galit dalintis, negi GAILA ? :)
Dar beje padariau test puslap kas norit galit pratestint registracij su proxy :)
www.coding.wu.lt
Redagavo MariukasR 2012-11-20 18:10
moderator |
| |
|
jo buvo laikai.. Senukai jau mes. Bega laikas greiciau nei noretusi. Smagu matyti kad uzsuka seni nariai, ne as vienas 
