Hello

Just another Idea i was thinking about, if protector could Has a file lets Call it scanner.php , this file job to search for any exploit command , and ban or log the ip for who tried to exploit the page . Exp when someone call a page like this http://xoops/modules/news/index.php?cmd=

as CMD is explot sql injection .

Now after we created the Scanner.php we need to include it in the mainfile then , we need to create a list of well known exploit character strings used for remote execution exploits.

and here some ..

chr(
chr=
chr%20
%20chr
wget%20
%20wget
wget(
cmd=
%20cmd
cmd%20
rush=
%20rush
rush%20
union%20
%20union
union(
union=
echr(
%20echr
echr%20
echr=
esystem(
esystem%20
cp%20
%20cp
cp(
mdir%20
%20mdir
mdir(
mcd%20
mrd%20
rm%20
%20mcd
%20mrd
%20rm
mcd(
mrd(
rm(
mcd=
mrd=
mv%20
rmdir%20
mv(
rmdir(
chmod(
chmod%20
%20chmod
chmod(
chmod=
chown%20
chgrp%20
chown(
chgrp(
locate%20
grep%20
locate(
grep(
diff%20
kill%20
kill(
killall
passwd%20
%20passwd
passwd(
telnet%20
vi(
vi%20
insert%20into
select%20
nigga(
%20nigga
nigga%20
fopen
fwrite
%20like
like%20
_REQUEST
_GET
$REQUEST
$GET
.system
HTTP_PHP
&aim
%20getenv
getenv%20
new_password
&icq
/etc/password
/etc/shadow
/etc/groups
/etc/gshadow
HTTP_USER_AGENT
HTTP_HOST
/bin/ps
wget%20
uname\x20-a
/usr/bin/id
/bin/echo
/bin/kill
/bin/
/sbin/
/usr/sbin
/chgrp
/chown
/usr/bin
g\+\+
bin/python
bin/tclsh
bin/nasm
perl%20
traceroute%20
ping%20
.pl
/usr/X11R6/bin/xterm
lsof%20
/bin/mail
.conf
motd%20
HTTP/1.
.inc.php
config.php
cgi-
.eml
file\://
file://
window.open
javascript\://
ijava script://
mg src
img%20src
.jsp
ftp.exe
xp_enumdsn
xp_availablemedia
xp_filelist
xp_cmdshell
nc.exe
.htpasswd
servlet
/etc/passwd
wwwacl
~root
~ftp
.js
.jsp
admin_
.history
bash_history
.bash_history
~nobody
server-info
server-status
reboot%20
halt%20
powerdown%20
/home/ftp
/home/www
secure_site, ok
chunked
org.apache
/servlet/con
<script
/robot.txt
/robots.txt
/perl
mod_gzip_status
db_mysql.inc
.inc
select%20from
select from
drop%20
.system
getenv
http_
_php
php_
phpinfo()
<?php
?>
sql=
%2527
<br
cc:
bcc:
\r
\n
admin'--
'%20or%200=0%20--
"%20or%200=0%20--
or%200=0%20--
'%20or%200=0%20#
"%20or%200=0%20#
or%200=0%20#
'%20or%20'x'='x
"%20or%20"x"="x
')%20or%20('x'='x
'%20or%201=1--
"%20or%201=1--
or%201=1--
'%20or%20a=a--
"%20or%20"a"="a
')%20or%20('a'='a
")%20or%20("a"="a
hi"%20or%20"a"="a
hi"%20or%201=1%20--
hi'%20or%201=1%20--
hi'%20or%20'a'='a
hi')%20or%20('a'='a
hi")%20or%20("a"="a
c99shell
r57shell
crystalshell
phpshell
dtool
fetch%20
curl%20
lynx%20
ls%20-
/var/tmp
cd%20
_SERVER
$SERVER
_POST
$POST
rundll32
PHP_SELF
<iframe
<script
<a href
<javascript
alert(
<img
<embed
<object
%20src
%3b
%2f
%3f
%3a
%40
%3d
%26
%3c
%3e
%22
%23
%7b
%7d
%7c
%5c
%5e
%7e
%5b
%5d
%60
%25
%27
\x3b
\x2f
\x3f
\x3a
\x40
\x3d
\x26
\x3c
\x3e
\x22
\x23
\x7b
\x7d
\x7c
\x5c
\x5e
\x7e
\x5b
\x5d
\x60
\x25
\x27


Just another idea..