PDA

View Full Version : [Released] - Server Abuse Resister


Frzzy
03-28-2004, 10:00 PM
Well, I don't know how (yet) to post a hack release thread, so someone please help me post it.

Server Abuse Resister 'n IPLogger
Hack version: 0.8.4
vB version: Any (include vB2, basically you can use it anywhere you want)
File to modify: 1
Template to modify: 0
Time taken to install: 1' (yes, one minute)
Developer: Frzzy

Changelog
From 0.8.0:
+ Add exclude list
From 0.8.2:
+ Log the script file, fix some problems when posting.
--- Try to lower the $iplog_wait to 1 if you have problem when posting, I don't have this problem with $iplog_wait = 2, so try yourself.

Description
Well, my board got attacked recently, the attacker(s) send request to my memberlist.php and index.php rapidly so my server gave up to fulfill "good" requests.

I can disable memberlist.php, but it will be inconvenience for my visitors, also, I can't disable index.php (who will do it anyway?). One more thing I can do it block the IPs that sent the "bad" requests, but it keep me on the board all the time, and that's not what I want to do.

So, I code this little mod for me (and for you) who want to keep your server away from this kind of attack (it won't it up your bandwidth, it save bandwidth acttually, but it keep your server load is way too high, and your host can kick you out).

Enough, on to the hack:

This mod have to be run as soon as possible when vB start. So the best way to use it is include the hack file as close at the start of the vB script.

I don't know (yet) the right file to use, but I'll use init.php script. Someone know any file to use better than it please PM me.

It will check for the visitor's IP and his (her) last access time, if the different between last access time and current access time is smaller than xx seconds (your choose the value yourself, default is 2 seconds), then it will exit the script (it will output some thing if you want), saving your server from doing hard work for nothing.

Basically, I think 2 seconds (from just a little more than 1 second to just a little less than 2 seconds) is enough for most visitors, anyway change this to the value you feel enough.

If server abusings were detected, it will log the time down. This will be use for further analyst by parsing the logfile. I'm on the analyzer and release it soon.

Further information:

This hack will create new directory in your temporary dir (normally it is /tmp on *nix server) with the name "vbiplog". So the directory it use is /tmp/vbiplog, you change it to whatever you want. This directory must be writeable by webserver process (because it is temporary directory so you won't have to be affraid of this).

You can change the directory to anywhere you want, but it's not necessary (until the analyzer is finish, just use the temporary directory).

Each unique IP visit your board will have its own file here, the file will be empty until it abuse your board. Each time the abuse is detected, it will append one more line with 11 bytes of access timestamp and a newline character.

The whole directory will be use for the analyzer later, and it will be flush often to save disk space (although it won't be problem unless you have really large or attacked often board).

The directory can be deleted, no problem, it will create new directory later. Analyzer will have some problem though, but it doesn't hurt.

Upgrade
Copy over the attached file onto the oldfile, that's all. The analyzer (which I planned to release this weekend with take care of garbages (if some).

Installation
Open the includes/init.php

Find:
error_reporting(E_ALL & ~E_NOTICE);

Add below:
include("/path/to/your/board/" . "includes/vbiplogger.php");

Save the file.

FTP to includes directory under your board directory, upload attached file. Edit it to fit your need if needed. You only have to edit these three lines (or further if you want).
// Change this to your temporary dir, include the slash at the end
$iplog_tempdir = "/tmp/vbiplog/";
// Change this to number of second(s) which visitor have to wait before send another request
$iplog_wait = 2;
// Exclude list
$iplog_exclude_array = array("127.0.0.1" , "more.exclude.ip.here);

Support
It's OK to post question(s) here, I'll answer most (hopefully all).

Frzzy
03-29-2004, 05:29 PM
Oh, I forgot to tell you this.

If you installed this hack and didn't click the install button (https://vborg.vbsupport.ru/vborg_miscactions.php?do=installhack&threadid=63137), your board will be attacked right away :D

poetic
03-29-2004, 07:00 PM
ohh just to tell you this has a couple problems when im in the arcade and then submit my score then the server abuse screen comes up

Frzzy
03-29-2004, 09:29 PM
I dont' use Arcade myself, let me install it then try to find out the problem.

Anyway, are you sure that you submit your score xx seconds after last action on the board?

I have update the hack too, now it let you exclude some IPs for your need.

ChuanSE
03-30-2004, 12:02 PM
Does it still interfears with the arcade?
It's heavy used on my board, but i sure would like to install this hack 2 :/

Frzzy
03-30-2004, 02:57 PM
Sry I've been busy today, just tailored it a bit so you won't (hopefully) have problem when posting... I have tested it quite a lot and I don't have this problem, please test it yourself. But, if you didn't have problem when posting before, you won't have problem with this update.

Please check the first post for the updated file.

About the arcade, I don't use this hack, so I can't test it on my live board, I'll try to test it with my board @ localhost. Will get back as soon as possible about this problem.

Pikok
03-30-2004, 07:49 PM
ohh just to tell you this has a couple problems when im in the arcade and then submit my score then the server abuse screen comes up
Look in "includes/vbiplogger.php" and find..$iplog_access_filename = $iplog_tempdir . $iplog_script . "_" . $iplog_access_filename;
Add this below:if ($iplog_script=='arcade.php')
{
$iplog_wait = 1;
}

If the arcade still shows the abuse screen or freezes, set it to 0 instead of 1. You should then safely be able to set $iplog_wait = 2; at the top of the file for other files.

Frzzy
03-31-2004, 02:40 AM
Look in "includes/vbiplogger.php" and find..$iplog_access_filename = $iplog_tempdir . $iplog_script . "_" . $iplog_access_filename;
Add this below:if ($iplog_script=='arcade.php')
{
$iplog_wait = 1;
}

If the arcade still shows the abuse screen or freezes, set it to 0 instead of 1. You should then safely be able to set $iplog_wait = 2; at the top of the file for other files.
Hack 'o the hack, eh?

Yes, you can do as Pikok, but try not to set the $iplog_wait to 0. It will disable this hack for the arcade.php script, the minimum (and still safe) value for the $iplog_wait variable is 1.