Code:
<?php
##########################################################################################################
# fredIDS 1.2 Intrusion Detection System
# ---------------------------------------
#
# Description:
#
# Include this file in your php files like
#
# require_once(ids.php);
#
#
# It helps to detect and logs some webattacks:
# XSS,JS Injection,RCE,SQL Injection,File Inclusion
# by using a badlist
#
# Version 1.2 contains my modified logging database
#
# Options:
#
# * You can add or remove your own words
# to the forbidden array
# * You can disable or enable the logging option
# * You can choose between database and textfile
# * You can choose the max_filesize (against dos)
# * You can use the backup-function
#
#.......................................................
#
# Please check the configuration
# If you need help for something > contact me
#
#---------------------------------------------------
# (C) powered by fred777 [fred777.5x.to]
##########################################################################################################
#~~~~~~~~~~~~~~~~~ Configuration ~~~~~~~~~~~~~~~~~~~~~#
$logging = 1; # enables logging [1 or 0]
$dat_logg = 1; # enables logging with databases [1 or 0]
$log_dir = 'logs/'; # logfile directory, ONLY for logfiles [dir/ ]
$logfile_t = "attack.txt"; # logfile for normal logging mode [*.txt ]
$database = 'database.html'; # database file [*.html]
$txt_size = 900; # max size of text logfile [bytes ]
$dat_size = 1200; # max size of database [bytes ]
$max_txt = 4; # max number of text backup files [>0 ]
$max_dat = 4; # max number of database backups [>0 ]
$forbidden = array("insert","delete","update","select","union","from","if","case","mid","where","join","limit",
"like","regexp","and","or","into","file","sleep","benchmark","having","set","procedure",
"script","onload","onclick","onabort","onblur","onchange","ondblclick","onerror","onfocus",
"onkeydown","onkeypress","onkeyup","onmousedown","onmouseup","onmousemove","onmouseout",
"onmouseover","onreset","onselect","onsubmit","onunload",
"\.\.\/","system","exec","chmod","chown","wget","fopen","proc_open",
"\&\&","'","--","\|\|","0x","\(","\)",">","<",",","%",";","\"");
$message = "<center><pre>Hack detected by fredIDS 1.2</pre></center>";
#~~~~~~~~~~~~~~~~~~~~~~ Vars ~~~~~~~~~~~~~~~~~~~~~~~~#
$ip = $_SERVER['REMOTE_ADDR'];
$host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$useragent = $_SERVER['HTTP_USER_AGENT'];
$date = date("d.m.Y H:i:s");
$script = $_SERVER['SCRIPT_NAME'];
$logtext = $date." -- ".$ip." -- ".$host." -- ".$useragent." -- ".$script;
#~~~~~~~~~~~~~~~~~~~~Logging ~~~~~~~~~~~~~~~~~~~~~~~#
function dat_logging($database,$text,$count,$max_file_size) {
$_ext = '.html';
$_path = 'http://peterlustig.pytalhost.com/gfx/fredlog.jpg';
$_name = substr($database,0,-5);
$_arr = preg_split(":--:",$text);
$_head = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>FredLOG System</title>
</head>
<body STYLE="font-size: 10pt; font-family: Tahoma" bgcolor="#0A0A0A" text="grey" size="5">
<table style="border-color: #51514F" border="1" cellpadding="0" cellspacing="0" align="center" bgcolor="#1E1E1E" width="1000">
<tr>
<td colspan="5" width="1000" height="100" background="'.$_path.'"></td>
</tr>
<tr style="color: #8D8D8D">
<td style="padding-left: 10px; padding-top: 2px; padding-bottom: 4px" width="135">Datum</td>
<td style="padding-left: 10px; padding-top: 2px; padding-bottom: 4px" width="100">IP-Adresse</td>
<td style="padding-left: 10px; padding-top: 2px; padding-bottom: 4px" width="180">Hostname</td>
<td style="padding-left: 10px; padding-top: 2px; padding-bottom: 4px" width="240">Useragent</td>
<td style="padding-left: 10px; padding-top: 2px; padding-bottom: 4px" width="150">Querystring</td>
</tr> ';
$_log = '<tr>
<td style="padding-left: 10px; padding-right: 10px" width="135">'.htmlentities($_arr[0]).'</td>
<td style="padding-left: 10px; padding-right: 10px" width="100">'.htmlentities($_arr[1]).'</td>
<td style="padding-left: 10px; padding-right: 10px" width="180">'.htmlentities($_arr[2]).'</td>
<td style="padding-left: 10px; padding-right: 10px" width="240">'.htmlentities($_arr[3]).'</td>
<td style="padding-left: 10px; padding-right: 10px" width="150">'.htmlentities($_arr[4]).'</td>
</tr>';
$fp = fopen($database,"a");
$size = filesize($database);
if($count<1)
$count = 1;
if(!$size)
fwrite($fp,$_head);
elseif($size >= $max_file_size) {
fclose($fp);
rename($database,$_name."_old_".rand(1,$count).$_ext);
$fp = fopen($database,"a");
fwrite($fp,$_head);
}
fwrite($fp,$_log);
fclose($fp);
}
function txt_logging($logfile,$text,$count,$max_file_size) {
$_ext = '.txt';
$_name = substr($logfile,0,-4);
$fp = fopen($logfile,"a");
$size = filesize($logfile);
if($count<1)
$count = 1;
if($size >= $max_file_size) {
fclose($fp);
rename($logfile,$_name."_old_".rand(1,$count).$_ext);
$fp = fopen($logfile,"a");
}
fwrite($fp,$text);
fclose($fp);
}
#~~~~~~~~~~~~~~~~~~ Hard-core ~~~~~~~~~~~~~~~~~~~~~#
foreach ($_REQUEST as $var => $con) {
foreach($forbidden as $bad) {
if(@preg_match('/'.$bad.'/i',$con)) {
if ($logging && !$dat_logg) {
echo $message;
$text = "Attack: ".$logtext."?".$var."=".$con."\n";
txt_logging($log_dir.$logfile_t,$text,$max_txt,$txt_size);
}
elseif($logging && $database) {
echo $message;
$text = $logtext."?".$var."=".$con."\n";
dat_logging($log_dir.$database,$text,$max_dat,$dat_size);
}
else
echo $message;
exit;
}
}
}
?>