GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Protecting sites using other than HTaccess (https://gfy.com/showthread.php?t=67810)

FreeNetPass Steve 07-13-2002 10:12 AM
Protecting sites using other than HTaccess
 
Is there an alternative way to htaccess to protect a members are of a site? I saw a script once and it used some other code. Maybe it was an .htaccess but used different code other than the mod rewrite.

Any ideas?

Terenzo 07-13-2002 10:17 AM
i dont know if this is a smart thing, but what we are doing is serving the shit out of a root dir, protecting with php-session-management.... whenever some fraud is done, we use a dynamic .htaccess file for blocking and redirecting the ip.... i really don't know, though.

i am interessed in other alternatives, too.


why dont you want to use .htaccess? aol problems?

pr0 07-13-2002 10:51 AM
this information & more will be available at http://www.pr0.net in the next few months, so be looking out for it :Graucho

zip 07-13-2002 11:14 AM
Try this, is a combo between htaccess and php


PHP Code:
<?php 
$leechpage ""

refferers urls ook toegestaan (zonder [url]http://[/url]) 
    $domein["0"] = "localhost"
    $domein["1"] = "127.0.0.1"

    $folder["0"] = "down/loads"

idl=mijnfolder&idf=filevoorjou.exe">file voor jou</a> 

// THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 
// WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 
// OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
// DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR 
// ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 
// USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 
// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 
// OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
// SUCH DAMAGE. 
// 

$versienumm = "<center style=\"font-family:arial\"><b>FW-ANTILEECH</b><br>Build:  1.32 "
<p><b>FILE REQUEST DENIED</b></p></center>"; 
    if (!isset($HTTP_REFERER)) { 
        if (!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_REFERER'])) { 
            $HTTP_REFERER = $HTTP_SERVER_VARS['HTTP_REFERER']; } } 
    if (!isset($idf)) { if (isset($HTTP_GET_VARS['idf'])) { $idf = $HTTP_GET_VARS['idf']; } } 

    if (isset($idf)) { $idf = stripslashes($idf); $idf = urldecode($idf); htmlentities($idf, ENT_QUOTES); 
        $idf = preg_replace('/([;\:,`\'\\\|"* !+=?~#%&<>^\/\(\)\[\]\{\}\$\n\r])/',"", $idf); $idf = ereg_replace('\.\.', '', $idf); }     
    if (!isset($idl)) { if (isset($HTTP_GET_VARS['idl'])) { $idl $HTTP_GET_VARS['idl']; } } 


    if (isset($idl)) { $idl stripslashes($idl); $idl urldecode($idl); htmlentities($idlENT_QUOTES); 
        $idl preg_replace('/([;\:,.`\'\\\|"* !+=?~#%&<>^\/\(\)\[\]\{\}\$\n\r])/',""$idl); $idl ereg_replace('\.\.'''$idl); } 
    if (!empty($domein) && isset($HTTP_REFERER) && isset($idf)) { 
        if (ereg("//",$HTTP_REFERER)) { list($begone1,$refoke) = split('//'$HTTP_REFERER2); } 
        else { $refoke $HTTP_REFERER; } 
        if (ereg("/",$domein[0])) { list($domain,$begone2) = split('/'$domein[0], 2); } 
        else { $domain $domein[0]; } 
        $a count($domein); 
        for ($i 0$i $a$i++) { 


            if (eregi($domein[$i],$refoke)) { 

                if (isset($idl) && isset($folder[$idl])) { 
                    if (ereg("//",$folder[$idl])) { 
                        list($begone3,$domwww) = split('//'$folder[$idl], 2); 
                        list($domain,$defolds) = split('/'$domwww2); $fileonweb $defolds."/".$idf; } 
                    else { $fileonweb $folder[$idl]."/".$idf; } } 
                else { $fileonweb $folder["0"]."/".$idf; } 
                $fileow "http://".$domain."/".$fileonweb
// open http on loop 
                $id_wi fsockopen($domain,80); 
                fputs($id_wi,"GET /$fileonweb HTTP/1.0\r\nHost: $domain\r\n\r\n");         
                $buff fgets($id_wi1024); 
                fclose($id_wi); 
// on file oke open file 
                if (ereg("HTTP/1.1 200 OK"$buff)) { 
                    $id_wi fopen($fileow"r"); 
                    if ($id_wi) { 


                        if (eregi(".htm"$idf)) { $welktype "text/html"; } 
                        else if (eregi(".html"$idf)) { $welktype "text/html"; } 
                        else if (eregi(".txt"$idf)) { $welktype "text/plain"; } 
                        else if (eregi(".jpg"$idf)) { $welktype "image/jpg"; } 
                        else if (eregi(".gif"$idf)) { $welktype "image/gif"; } 
                        else if (eregi(".mpeg"$idf)) { $welktype "audio/mpeg"; } 
                        else if (eregi(".mp3"$idf)) { $welktype "audio/mpeg"; } 
                        else if (eregi(".doc"$idf)) { $welktype "application/msword"; } 
                        else if (eregi(".rtf"$idf)) { $welktype "application/msword"; } 
                        else if (eregi(".zip"$idf)) { $welktype "application/x-zip-compressed"; } 
                        else if (eregi(".exe"$idf)) { $welktype "application/x-msdownload"; } 
                        else if (eregi(".pdf"$idf)) { $welktype "application/pdf"; } 
                        else { $welktype "application/octet-stream"; } 
                        Header("Content-Type: $welktype"); 
                        Header("Accept-Ranges: bytes"); 
                        Header("Content-Disposition: ; Filename=$idf"); 
                       readfile($fileow); 
                        fclose($id_wi); 
                        exit; 
                    } 
                } break; 
            } 
        } 
        if ($leechpage != "") { header("Location: $leechpage"); exit; } 
        echo "$versienumm"; exit; } 
// geen referer url - exit of naar antileech.html 
    else { if ($leechpage != "") { header("Location: $leechpage"); } } 
    echo "$versienumm"; exit; 
?> 

-------------------- 
htaccess file in dir. 
-------------------- 
ErrorDocument 403 /down/leech.html 
order deny,allow 
deny from all 
allow from 127.0.0.1 
allow from .localhost 
<Files .htaccess> 
order allow,deny 
deny from all 
</Files> 
IndexIgnore *

Paolo 07-13-2002 12:09 PM
Here is the big problem with protecting you site.
Most programs give a 403 to the ip that brute forcing you password file.

They love to use ip's that AOL has, because AOL's system is a pile of shit and is easy to abuse

So 403's are fine in most cases except that AOL stores these 403's on there servers and prevents aol users sharing the same ip from visiting your site.

So now come the complaints from an AOL subscriber that he can not get in your membership area because his ip is blocked and he did nothing wrong " Except for using AOL in the first place" : )

What we did is give the brute forcer a 202 ok and redirect to a fake url.
That really seemed to help out

I hate those brute force programs they are a pain in the ass for everyone and any idiot can use them.

Hope that helps a little

mike503 07-13-2002 01:22 PM
simply put, you don't need htaccess at all. you can do a variety of other methods, either using normal HTTP authentication or using cookie-based authentication. if you have questions, hit me up on icq.

Naughty 07-13-2002 04:09 PM
Interesting stuff.

I'll be reading your stuff soon pr0:thumbsup

BadBoyBill4281 07-13-2002 04:42 PM
goto hotscripts and search in php only you'll find everything you need complete programs to add, change, mod, any password for any of your sites that you wish very easy to understand if you know php and mySQL

Terenzo 07-14-2002 12:16 PM
Quote:
Originally posted by Paolo
Here is the big problem with protecting you site.
Most programs give a 403 to the ip that brute forcing you password file.

They love to use ip's that AOL has, because AOL's system is a pile of shit and is easy to abuse

So 403's are fine in most cases except that AOL stores these 403's on there servers and prevents aol users sharing the same ip from visiting your site.

So now come the complaints from an AOL subscriber that he can not get in your membership area because his ip is blocked and he did nothing wrong " Except for using AOL in the first place" : )

What we did is give the brute forcer a 202 ok and redirect to a fake url.
That really seemed to help out

I hate those brute force programs they are a pain in the ass for everyone and any idiot can use them.

Hope that helps a little

Great info, we will change this!! thanx paolo!

Terenzo 07-14-2002 12:18 PM
Quote:
Originally posted by pr0
this information & more will be available at http://www.pr0.net in the next few months, so be looking out for it :Graucho


... next few months... ;)) get it done sooner!!!!

Sleepy 07-14-2002 01:18 PM
http://www.danubetech.com/news/07_12_02.htm
( ProxyPass )

The software blocks open proxies and shared passwords. Its written in C just like Iprotect and features a realtime admin. I had it installed and that was the end of the bullshit with those proxy hackers.

Iprotect/Pennywize/StopThatHacker - just dont work.
Lets say you have Pennywize set to block a user after 5 bad auths. These hackers use 1000's of proxies to attack you and get 5 guesses on each one. If the hacker has 8000 proxies to use, he gets 40,000 guesses all total. Whats the point in even blocking ?

foe 07-14-2002 01:44 PM
yeh PHP can protect your site nicely :)

FreeNetPass Steve 07-15-2002 01:51 PM
Thanks for all the tips and links!


All times are GMT -7. The time now is 10:25 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123