Small script to prevent hacking in PHP Scripts
December 30th, 2005
Hi All.
FIRSTLY THERE IS NO KNOWN SECURITY HOLE IN JOOMLA TODAY - What I am saying here is JUST BECAUSE I want to be over cautious
Today my site was subject to some guy trying to use urls to gain access to my site and scripts.
The guy was using a well know method of accessing badly written scripts using a hacking script embedded in a fack image. You can see if you have been targeted by looking in your web logs for requests that include gif&cmd= and txt&cmd=
I am not going to post te exact method or how to use that to exploit unsecure scripts - (Joomla IS SECURE)
However we all have other scripts, including 3rd party Components, Modules and mambots that may have not been written to the great standard Joomla is. Therefore this patch is still extreamly helpful.
The following code can be inserted in any PHP script. However for Joomla I have inserted it in index.php and index2.php as those arethe files the hackers have been attempting to gain access through.
if (
ereg('gif\?cmd',$_SERVER['REQUEST_URI']) ||
ereg(’gif&cmd’,$_SERVER['REQUEST_URI']) ||
ereg(’jpg\?cmd’,$_SERVER['REQUEST_URI']) ||
ereg(’jpg&cmd’,$_SERVER['REQUEST_URI']) ||
ereg(’txt?cmd’,$_SERVER['REQUEST_URI']) ||
ereg(’txt&cmd’,$_SERVER['REQUEST_URI'])
)
{
// following line can be used to block IP Addresses if you use APF on a linus server
// passthru(’apf -d ‘.$_SERVER['REMOTE_ADDR']);
$msg = “There was an hacking attempt by “.$_SERVER['REMOTE_ADDR'].” trying to load “.$_SERVER['REQUEST_URI'];
mail(’hacking@phil-taylor.com’,'HACKING ATTEMPT at ‘.$_SERVER['REQUEST_URI'],$msg);
die(’Stop hacking!’);
}
Im not saying this is perfect or even complete - however it suits my needs and I thought I would share it.
