Frzzy
03-28-2004, 10:00 PM
Well, I don't know how (yet) to post a hack release thread, so someone please help me post it.
Server Abuse Resister 'n IPLogger
Hack version: 0.8.4
vB version: Any (include vB2, basically you can use it anywhere you want)
File to modify: 1
Template to modify: 0
Time taken to install: 1' (yes, one minute)
Developer: Frzzy
Changelog
From 0.8.0:
+ Add exclude list
From 0.8.2:
+ Log the script file, fix some problems when posting.
--- Try to lower the $iplog_wait to 1 if you have problem when posting, I don't have this problem with $iplog_wait = 2, so try yourself.
Description
Well, my board got attacked recently, the attacker(s) send request to my memberlist.php and index.php rapidly so my server gave up to fulfill "good" requests.
I can disable memberlist.php, but it will be inconvenience for my visitors, also, I can't disable index.php (who will do it anyway?). One more thing I can do it block the IPs that sent the "bad" requests, but it keep me on the board all the time, and that's not what I want to do.
So, I code this little mod for me (and for you) who want to keep your server away from this kind of attack (it won't it up your bandwidth, it save bandwidth acttually, but it keep your server load is way too high, and your host can kick you out).
Enough, on to the hack:
This mod have to be run as soon as possible when vB start. So the best way to use it is include the hack file as close at the start of the vB script.
I don't know (yet) the right file to use, but I'll use init.php script. Someone know any file to use better than it please PM me.
It will check for the visitor's IP and his (her) last access time, if the different between last access time and current access time is smaller than xx seconds (your choose the value yourself, default is 2 seconds), then it will exit the script (it will output some thing if you want), saving your server from doing hard work for nothing.
Basically, I think 2 seconds (from just a little more than 1 second to just a little less than 2 seconds) is enough for most visitors, anyway change this to the value you feel enough.
If server abusings were detected, it will log the time down. This will be use for further analyst by parsing the logfile. I'm on the analyzer and release it soon.
Further information:
This hack will create new directory in your temporary dir (normally it is /tmp on *nix server) with the name "vbiplog". So the directory it use is /tmp/vbiplog, you change it to whatever you want. This directory must be writeable by webserver process (because it is temporary directory so you won't have to be affraid of this).
You can change the directory to anywhere you want, but it's not necessary (until the analyzer is finish, just use the temporary directory).
Each unique IP visit your board will have its own file here, the file will be empty until it abuse your board. Each time the abuse is detected, it will append one more line with 11 bytes of access timestamp and a newline character.
The whole directory will be use for the analyzer later, and it will be flush often to save disk space (although it won't be problem unless you have really large or attacked often board).
The directory can be deleted, no problem, it will create new directory later. Analyzer will have some problem though, but it doesn't hurt.
Upgrade
Copy over the attached file onto the oldfile, that's all. The analyzer (which I planned to release this weekend with take care of garbages (if some).
Installation
Open the includes/init.php
Find:
error_reporting(E_ALL & ~E_NOTICE);
Add below:
include("/path/to/your/board/" . "includes/vbiplogger.php");
Save the file.
FTP to includes directory under your board directory, upload attached file. Edit it to fit your need if needed. You only have to edit these three lines (or further if you want).
// Change this to your temporary dir, include the slash at the end
$iplog_tempdir = "/tmp/vbiplog/";
// Change this to number of second(s) which visitor have to wait before send another request
$iplog_wait = 2;
// Exclude list
$iplog_exclude_array = array("127.0.0.1" , "more.exclude.ip.here);
Support
It's OK to post question(s) here, I'll answer most (hopefully all).
Server Abuse Resister 'n IPLogger
Hack version: 0.8.4
vB version: Any (include vB2, basically you can use it anywhere you want)
File to modify: 1
Template to modify: 0
Time taken to install: 1' (yes, one minute)
Developer: Frzzy
Changelog
From 0.8.0:
+ Add exclude list
From 0.8.2:
+ Log the script file, fix some problems when posting.
--- Try to lower the $iplog_wait to 1 if you have problem when posting, I don't have this problem with $iplog_wait = 2, so try yourself.
Description
Well, my board got attacked recently, the attacker(s) send request to my memberlist.php and index.php rapidly so my server gave up to fulfill "good" requests.
I can disable memberlist.php, but it will be inconvenience for my visitors, also, I can't disable index.php (who will do it anyway?). One more thing I can do it block the IPs that sent the "bad" requests, but it keep me on the board all the time, and that's not what I want to do.
So, I code this little mod for me (and for you) who want to keep your server away from this kind of attack (it won't it up your bandwidth, it save bandwidth acttually, but it keep your server load is way too high, and your host can kick you out).
Enough, on to the hack:
This mod have to be run as soon as possible when vB start. So the best way to use it is include the hack file as close at the start of the vB script.
I don't know (yet) the right file to use, but I'll use init.php script. Someone know any file to use better than it please PM me.
It will check for the visitor's IP and his (her) last access time, if the different between last access time and current access time is smaller than xx seconds (your choose the value yourself, default is 2 seconds), then it will exit the script (it will output some thing if you want), saving your server from doing hard work for nothing.
Basically, I think 2 seconds (from just a little more than 1 second to just a little less than 2 seconds) is enough for most visitors, anyway change this to the value you feel enough.
If server abusings were detected, it will log the time down. This will be use for further analyst by parsing the logfile. I'm on the analyzer and release it soon.
Further information:
This hack will create new directory in your temporary dir (normally it is /tmp on *nix server) with the name "vbiplog". So the directory it use is /tmp/vbiplog, you change it to whatever you want. This directory must be writeable by webserver process (because it is temporary directory so you won't have to be affraid of this).
You can change the directory to anywhere you want, but it's not necessary (until the analyzer is finish, just use the temporary directory).
Each unique IP visit your board will have its own file here, the file will be empty until it abuse your board. Each time the abuse is detected, it will append one more line with 11 bytes of access timestamp and a newline character.
The whole directory will be use for the analyzer later, and it will be flush often to save disk space (although it won't be problem unless you have really large or attacked often board).
The directory can be deleted, no problem, it will create new directory later. Analyzer will have some problem though, but it doesn't hurt.
Upgrade
Copy over the attached file onto the oldfile, that's all. The analyzer (which I planned to release this weekend with take care of garbages (if some).
Installation
Open the includes/init.php
Find:
error_reporting(E_ALL & ~E_NOTICE);
Add below:
include("/path/to/your/board/" . "includes/vbiplogger.php");
Save the file.
FTP to includes directory under your board directory, upload attached file. Edit it to fit your need if needed. You only have to edit these three lines (or further if you want).
// Change this to your temporary dir, include the slash at the end
$iplog_tempdir = "/tmp/vbiplog/";
// Change this to number of second(s) which visitor have to wait before send another request
$iplog_wait = 2;
// Exclude list
$iplog_exclude_array = array("127.0.0.1" , "more.exclude.ip.here);
Support
It's OK to post question(s) here, I'll answer most (hopefully all).