PEAK XOOPS - New Protector is testing now in englishin japanese

Archive | RSS |
Site News
Site News : New Protector is testing now
Poster : GIJOE on 2004-12-14 18:48:58 (9637 reads)

XoopsProtector 2.2 will be released soon.
I'm now testing the module in this site.

The features of the next version...

- welcomed major search engines.
- protect against bad-mannered crawlers
- PHP5 friendly (perhaps...)
- rescue mode

and so on...

Printer friendly page Send this story to a friend

Comments list

GIJOE  Posted on 2004/12/29 13:08
This is auto-translated English of MEMO.
I don't know this is useful or not.

Quote:
●The entire flow

(front-end).php
mainfile.php
modules/protector/include/precheck.inc.php (Only mysql_*() : can use. )
include/common.php (The user session is put for the first time here. )
header.php
modules/protector/blocks/protector_block. As much as possible, use.

The patch to mainfile.php is indispensable.
The IP refusal each group is in fact impossible if there is not all displays of the Protector block either.


●Processing flow of Anti-DoS

・precheck.inc.php

Call of $protector->check_dos_attack_prepare()

Contents:
High frequency access from record addition and the same IP to Gabecore protector_access table of protector_access table to same URI(F5 Attack)
> Even if it is the lowest, the same IP record in protector_access is previously extended for five minutes The processing specified with preferences is done and false is returned Because banIP alone is not treatable here, the should_be_banned flag is hoisted At banIP so as not to pass header.php, only sleep is done Only exit is exit;Log record before it does
USER_AGENT check
It is assumed OK without processing anything in case of USER_AGENT which should welcome > Measures against malicious bot which misrepresents USER_AGENT are problems when the future.
The high frequency access (Mead collection Bot etc.) from same IP to various URI The processing specified with preferences is done and false is returned Because banIP alone is not treatable here, the should_be_banned flag is hoisted At banIP so as not to pass header.php, only sleep is done Only exit is exit;It does not correspond the log record sooner or later before it does and OK.

If the return value is false, it records the log.
Here, purge() is not processed.

・protector_block.php

The should_be_banned flag stands, and bad_ip is registered and ban possible group is purge() The call of $protector->check_dos_attack().

Contents:, Hardly, same, differ, respect, enumeration, already, check, return, immediate, register.(Of course, only for ban possible group. )

If the return value is false, it records the log.
Here, purge() is not processed.

・Processing which can be specified with preferences

The opposition treatment of none anything is not taken. It registers in bad_ips of banip xoopsConfig which does exit to immediate exit which sleep()s it only second corresponding to the sleep access frequency in which only the log record is done number.


●Illegal file up-loading measures

It turns it on by default.

$_FILES is scanned.
When there is an agreeing file name in/(\.php|\.phtml|\.phtm|\.php3|\.php4|\.cgi|\.pl|\.asp) $/pattern, purge in immediate. ()

This check is done only with precheck.inc.php.
Because it is meaningless even if you process it in the block.

In the usage in which the php file is appended as the self-made software is opened to the public with B-Wiki, it might not be turning off this function another.


●System variable pollution measures

In default, both exit and BanIP are turned on.

$_POST, $_GET, and $_COOKIE are scanned.

'_SESSION'
'HTTP_SESSION_VARS''_GET''HTTP_GET_VARS''_COOKIE''HTTP_COOKIE_VARS''_REQUEST''_SERVER''_ENV''_FILES''xoopsDB''xoopsUser''xoopsUserId''xoopsUserGroups''xoopsUserIsAdmin''xoopsConfig''xoopsOption''xoopsModule''xoopsModuleConfig'

It drinks and it is examined whether there is the index.

Purge() immediately when found by precheck.
It does not hang to the setting of preferences, and bad_ip is not registered. (Because there is a possibility that the manager steps with CSRF. )

When the patch is not worn to mainfile.php, it is found in the block.
In this case, because the group flag can be confirmed, the bad_ip registration is done depending on the setting of preferences. (Naturally, purge() is done. )


●XSS of ID for module and SQL Injection measures

It turns it off in default.

$_POST, $_GET, and $_COOKIE are scanned, and intval() is put about the variable which ends by 'Id' the index, and is not the array.

It does by both precheck and the block.


●Two patterns of SQL Injection measures

$_POST, $_GET, and $_COOKIE are recurrently scanned, and it is checked whether there is in contents UNION or isolated /*.

(/* isolated /* which is not pairing */. In SQL Injection, it is used frequently. )

Actions when found are three patterns respectively.

・The compulsion correction (Turn it on by default) */ is given with UNI-ON at the end if it decomposes in case of UNION.

・End(Turn it off by default. )
Isolated /* will be usual, writing be unexpectedly good, and a pure-white screen as soon as contributing be surprised by the bulletin board etc. for a moment a certain pattern.

・Bad_ip registration(Turn it off by default. )
To be surprised, does even the end indeed do this too much?

Check_sql_*() is precheck, and block commonness.
It drinks, and in precheck, banIP and purge() it is time when only sanitize and the log record passes by put header.php.


●Rescue plan when having recorded in refusal IP list

XOOPS_URL/modules/protector/admin/rescue.php
If and the password set beforehand are input, the IP refusal is interrupted.

However, it is necessary to set this password beforehand.
This rescue plan becomes invalid for initial.


●Prohibition of doubtful file specification

The directory is prevented inadvertently forgetting checking when the file name is specified directly with GET etc. and going back.

Because the file passing demands considerable strictness, the pattern can be unexpectedly squeezed.

From trim()

?^[0-9a-z_./-]*\.\./[0-9a-z_./-]+$?i

The array that only the request which is the hit to this replaces' with ''is excluded.
*/
irmtfan  Posted on 2004/12/29 1:37
hi folks
i want to translate this great module to persian but i dont understand the module now.
is there any documentation for this module
FutureSpy  Posted on 2004/12/21 22:53 | Last modified
Oh... Probably caused by Yahoo! adses...
Well, as I don't send you anything written in Japanese except the subject next time I'll send from Gmail as it doesn't include any ads.
GIJOE  Posted on 2004/12/21 7:28
hi Yuji.

It was caught as SPAM.
I've just rescued it.
FutureSpy  Posted on 2004/12/21 7:14
Oh yeah, and I sent both Brazilian Portuguese and Spanish language files to your e-mail this morning, in case you haven't checked it yet.
GIJOE  Posted on 2004/12/20 6:40 | Last modified
hi Yuji.

If a wrapping module which accepts filename via GET exists, there is a possiblity that a vulnerablity exits like this:

http://(your site)/modules/badmodule/?page=../../mainfile.php

This can display the content of manfile.php
(Of course, this is just a sample.)

So, protector inhibits '../' patterns which looks like file specifications.
FutureSpy  Posted on 2004/12/18 7:34 | Last modified
I'm about to update both language files with the 2 new variables, but I couldn't understand what [ファイルを指定していると判断できるリクエスト文字列から、".." というパターンを取り除きます] means.

It removes the pattern ".." from what files? ^^"

-Yuji
GIJOE  Posted on 2004/12/18 5:47 | Last modified
hi Yuji.

Thank you for the spanish language files.

I think Protector is the "MUST" module.
There are too many vulnerablities in the core and modules...

Although it is regrettable, this is the FACT.

many Spanish users will be protected by your effort
tl  Posted on 2004/12/17 1:59
GIJOE, Yes I what meant was if the count is per minute or per hour. You have explained very clearly. Thanks. tl
FutureSpy  Posted on 2004/12/16 23:05 | Last modified
Quote:
Although I can't understand Portuguese, your translations must be the best.
(That's because my English text is far poorer than my original text.)
I wish they were, but my Japanese is poor too. The translations I could do with less than 1 year of study are very limited, so the chances I misunderstand something are really big.

The English files carry simpler and cleaner explanations of some options, which is pretty good. In other hand, the Japanese files are more informative, but not always easier to understand. I wish I could help you to improve your English files, but both, my English and Japanese are poor...

Sent the Spanish language files to your e-mail.
Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!