[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Code for ban IP adresses inmediately

To: Lorenzo Hernandez Garcia-Hierro <lorenzohgh@nsrg-security.com>
Subject: Re: [Full-Disclosure] Code for ban IP adresses inmediately
From: Valdis.Kletnieks@vt.edu
Date: Sat, 11 Oct 2003 11:26:10 -0400

On Sat, 11 Oct 2003 16:19:10 +0200, Lorenzo Hernandez Garcia-Hierro said:

>   if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
>     $clip = $_SERVER['HTTP_X_FORWARDED_FOR'];
>   }
>   elseif (isset($_SERVER['HTTP_VIA'])) {
>     $clip = $_SERVER['HTTP_VIA'];
>   }
(more code snipped).

Soooo... let's see... if I feed this thing something that has *both*
a legitimate X_FORWARDED_FOR and a malicious VIA, this code
will only check the FORWARDED.  I think you really wanted to do

for i in (FORWARDED VIA REMOTE_ADDR) do
        if (isset($_server($i)) banit($_server($i)....)
done

or however you do it in PHP.

Attachment: pgp00048.pgp
Description: PGP signature

References:
- [Full-Disclosure] Code for ban IP adresses inmediately
  - From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh@nsrg-security.com>

Prev by Date: Re: [Full-Disclosure] Bad news on RPC DCOM2 vulnerability
Next by Date: Re: [Full-Disclosure] openssh exploit code?
Previous by thread: [Full-Disclosure] Code for ban IP adresses inmediately
Next by thread: [Full-Disclosure] Code for write the IPs to ban
Index(es):
- Date
- Thread