ΤΥե

-(front-end).php
 --mainfile.php
   ---modules/protector/include/precheck.inc.php  (ȤΤϡmysql_*() Τ)
   ---include/common.php  (ǽƥ桼åĥ
 --header.php
   ---modules/protector/blocks/protector_block.php (ʤ٤$xoopsDBȤ)
...

mainfile.php ؤΥѥåɬܡ
Protector֥åɽʤȡ롼ñ̤ǤIPݤ¾Բǽ




Anti-DoSνե

precheck.inc.php

ǤνϤʤʤä

postcheck.inc.php

$protector->check_dos_attack() θƤӽФ

ȡ
  protector_access ơ֥Υ٥
  ƱIPƱURIؤι٥å (F5 Attack)
   > protector_access ơ֥ؤΥ쥳ɲ (DELAYED INSERT)
   > protector_access ƱIP쥳ɤǤ5ʬ˱Фʤνषƶꤽ˻פΤǡȤꤢƤߤ
   > preferences ǻꤵ줿Ԥäfalse֤
   > banIP ¨¤bad_ipsϿ
   > exit ϡexit; ˡϿ
  USER_AGENT å
   > ޤ٤USER_AGENTʤ顢ʤOKȤ
   > USER_AGENT򺾾Τ밭դbotؤкϺβ
  ƱIP͡URIؤι٥å ʥᥢɼܥå
  protector_access ơ֥ؤΥ쥳ɲ (DELAYED INSERT)
   > preferences ǻꤵ줿Ԥäfalse֤
   > banIP ¨¤bad_ipsϿ
   > exit ϡexit; ˡϿ
  ˤ⳺ʤOK

֤ͤfalseʤ顢Ͽ
Ǥϡpurge() ʤɤϤʤ


protector_block.php

ǤνϤʤʤä


preferences ǻǤ

none   й֤ϤȤʤϿԤ
sleep  5ÿsleep()롣ApacheMySQL٤䤹⤷줺侩
exit   ¨¤exit
banip  xoopsConfig  bad_ips Ͽ
htaccess .htaccessDENY FROMȤƽ񤭹ࡣuploads/.htaccess.bakХååץեǡХååפʤơ.htaccessмưդˡ.htaccessȤʤƥХååפϡХååפ᤹uploads/̾Υѡߥåʤ.htaccessϡŪ˽¤Ϳɬפꡣ


ե륢åץк

ǥեȤON

$_FILES 
/(\.php|\.phtml|\.phtm|\.php3|\.php4|\.cgi|\.pl|\.asp)$/i
Ȥѥ˹פե̾ä顢¨¤purge()

Υå precheck.inc.php ǤΤ߹Ԥ
֥åǽƤ̵̣ʤᡣ

B-WikiǼեȤʤɡphpեźդӤǤϡεǽOFFˤ¾ʤ



ƥѿк

ǥեȤǤϡexit, BanIP ȤON

$_POST, $_GET, $_COOKIE ꥫ

'_SESSION'
'HTTP_SESSION_VARS'
'_GET'
'HTTP_GET_VARS'
'_COOKIE'
'HTTP_COOKIE_VARS'
'_REQUEST'
'_SERVER'
'_ENV'
'_FILES'
'xoopsDB'
'xoopsUser'
'xoopsUserId'
'xoopsUserGroups'
'xoopsUserIsAdmin'
'xoopsConfig'
'xoopsOption'
'xoopsModule'
'xoopsModuleConfig'

Υǥå̵Ĵ٤롣

Υåϡ󥹥ȥ饯ǹԤ

precheck ǸĤä顢¨ purge() 
preferences ˤ餺bad_ip ϿϤʤ
CSRFǴԤƧǤޤǽ뤿

mainfile.php˥ѥå򤷤Ƥʤˤϡ֥åǸĤ롣
ξϡ롼ץե饰ǧǤΤǡpreferences꼡ǡbad_ip ϿԤpurge()Ԥ



⥸塼ID XSS , SQL Injection к

ǥեȤǤOFF

$_POST, $_GET, $_COOKIE ǥå 'id' ǽäơġǤϤʤѿˤĤƤϡintval() 򤫤

precheck , ֥åξǹԤ



SQL InjectionкΣѥ

$_POST, $_GET, $_COOKIE ƵŪȤˡUNION ޤϸΩ /* ̵å

ʸΩ/* ȤϡФˤʤ */ Τʤ /* ΤȡSQL Injectionˤơˤ˻Ȥ

ĤäΥϤ줾죴ʳ٤

⤷ʤ

bit0  ʥǥեȡ
  UNION ʤ顢UNI-ON ʬ򤹤
  /* ʤ顢Ǹ */ Ϳ

bit1 λ
  Ω /* ̤˽򤷤ƤƤճɤѥʤΤǡǼĤʤɤƤṳ̈ȤΤϡäȥӥåꤷƤޤ

bit2 bad_ip Ͽ
  λǤӥåꤹΤˡϤˤꤹ

check_sql_*() ϡprecheck֥å̡
precheckǤϡ˥ȥϿäƤ
header.php ̲᤹ǤΤߡbanIPpurge()Ԥ



IPꥹȤ˺ܤäƤޤäεߺѺ

XOOPS_URL/modules/protector/admin/rescue.php
ǡ餫ꤷƤѥɤϤСIPݤΤΤǤ

ΥѥɤϤ餫ꤷƤɬפ롣
֡ʥѥɤʸˤξ硢εߺѺ̵Ȥʤ롣



路եζػ

ե̾GETľܻꤹˡĤå˺ƥǥ쥯ȥ̤뤳Ȥɤ

եѥϤʤθ̩׵᤹ΤǡճȥѥϹʤġĤȻפäƤǤʤ

Ȥꤢǥ쥯ȥ̤뤿ˤϡ../ 鳫Ϥ뤫../../ ȤѥޤɬפФɬפʤΤǡѥΤȤ

󡢥̥Хкɬס



̥Хк

ꥯʸ \0 ȡƼåͭ˸ʤ
Ȥȡ\0 ¸ߤ뤳ȼΤΤǡꥫ˥åơ
Ĥäǡ¨ purge() 롣



åϥåк

åIPƱ쥻åǰۤʤIP褿ǥ
Ȥ롣

ץΥɥХ󥹡ŲӥʤɤǤϡ
IPɥ쥹Ѥ뤳ȤɤΤǡȤꤢϥ롼
бȤ

ԥ롼פIPåͭˤΤ֥Х󥹤Ȥ
Ȥϻפ


٥ʻ

ӥåȤб
--------------------------------
1:   ٤ι⤤Ρʥǥեȡ
-------------------------------- Quiet
16:  DoS, CRAWLER
32:  
-------------------------------- quiet
64:  ISOCOM, CONTAMI,NullByte
128: ../ Ǥ̤
-------------------------------- full




