How can I block specific hacker probing activities?

Some common attempts to probe your site for old vulnerabilities, or vulnerabilities from other systems, can be blocked by adding the following code to your site:
1. Copy and paste the following code into a new text file in your favorite text-only editor.
2. Save the file as "block_probing.php", and upload it to your store into the following folders:
a) /your_renamed_admin/includes/extra_configures/
b) /includes/extra_configures/
Code:
<?php
/**
 * @package security
 * @copyright Copyright 2003-2011 Zen Cart Development Team
 * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
 * @copyright Portions Copyright 2008,2009,2010,2011 GNU/GPL V.2 BY MIKE H. HTTP://WWW.SPAMBOTSECURITY.COM
 * @version $Id: vuln_trap.php 15882 2011-09-01 08:23:55Z drbyte $
 */
$paramsToCheck = array();



// List of strings to search for and block
$paramsToCheck[] = '.php/login.php';
$paramsToCheck[] = '.php/password_forgotten.php';
$paramsToCheck[] = '.php/sqlpatch.php';
$paramsToCheck[] = 'file_manager.php';
$paramsToCheck[] = 'index.html?';
$paramsToCheck[] = ':2082';
$paramsToCheck[] = ':2083';
$paramsToCheck[] = ':2086';
$paramsToCheck[] = ':2087';





// processing ****************************
/**
 * inoculate against hack attempts which waste CPU cycles
 */
$contaminated = (isset($_FILES['GLOBALS']) || isset($_REQUEST['GLOBALS'])) ? true : false;
$paramsToAvoid  = array('GLOBALS', '_COOKIE', '_ENV', '_FILES', '_GET', '_POST',  '_REQUEST', '_SERVER', '_SESSION', 'HTTP_COOKIE_VARS', 'HTTP_ENV_VARS',  'HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_POST_FILES',  'HTTP_RAW_POST_DATA', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS');
$paramsToAvoid[] = 'autoLoadConfig';
$paramsToAvoid[] = 'mosConfig_absolute_path';
$paramsToAvoid[] = 'hash';
$paramsToAvoid[] = 'main';
foreach($paramsToAvoid as $key) {
  if (isset($_GET[$key]) || isset($_POST[$key]) || isset($_COOKIE[$key])) {
    $contaminated = true;
    break;
  }
}
if ($contaminated)
{
  header('HTTP/1.1 406 Not Acceptable');
  exit(0);
}
$requesturi=@$_SERVER['REQUEST_URI'];
$lcrequesturi=strtolower($requesturi);
$query2=$useragent="";
if(isset($_SERVER['QUERY_STRING'])){$query2=@$_SERVER['QUERY_STRING'];}
$query=strtolower($query2);
$querydec2=urldecode($query2); // urldecoded to make signature writing for detection matching easier
$querydec=strtolower($querydec2);
$querydecsws=preg_replace('/\s+/','',$querydec);
$querydecsws=preg_replace("/[^\x9\xA\xD\x20-\x7F]/",'',$querydecsws);
if(isset($_SERVER['HTTP_USER_AGENT'])){$useragent=@$_SERVER['HTTP_USER_AGENT'];}
$lcuseragent=strtolower($useragent);
$lcuseragentsws=preg_replace('/\s+/','',$lcuseragent);
$lcuseragentsws=preg_replace("/[^\x9\xA\xD\x20-\x7F]/",'',$lcuseragentsws);

foreach ($paramsToCheck as $key => $val) {
  if (substr_count($lcrequesturi, $val) || substr_count($query, $val) || substr($query, -1) == '?') {
    $contaminated = TRUE;
  }
}
unset($paramsToCheck, $paramsToAvoid, $key, $val);
if ($contaminated)
{
  header('HTTP/1.1 406 Not Acceptable');
  exit(0);
}
unset($contaminated);
unset($query2,  $query, $querydec2, $querydec, $querydecsws, $useragent, $lcuseragent,  $lcuseragentsws, $requesturi, $lcrequesturi, $lcrequesturisws, $lcpost,  $lcpostsws);
/* *** END OF INNOCULATION *** */
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

How can I find out what version of Zen Cart or PHP or MySQL I'm using?

To find out what version of Zen Cart or PHP or MySQL you are currently using, you can simply go...

Getting a BLANK PAGE? Here's the answer ...

If you're getting a blank page when trying to browse to a certain page on your store, or after...

What's New in the Upcoming v2.0 release?

Database Abstraction Layer and Sql CacheThe abstraction layer has been re-factored to include a...

Image Preparation - How-to

I've seen several posts where people obviously aren't quite sure about the best way to set up...

Some tips to modify stylesheet

1. Download Web Developer extension for FireFox here2. Install & restart FireFox. You should...