Du musst ja das Rad nicht neu erfinden...
In der 404.php musst Du die Zeilen
$cmd = '/usr/bin/sudo /usr/sbin/fwblock4time ' . $_SERVER['REMOTE_ADDR'] . ' ' . $blocktime . ' 1>/dev/null 2>/dev/null; echo $? | tail -n1';
$result = intval(`$cmd`);
auswechseln, wenn Du keine Root-Rechte hast oder fwblock4time nicht benutzen willst oder kannst. Füge dann ein require not $IP
an die .htaccess an (Ich hoffe sowas darfst Du) und bau Dir was mit at
um diese wieder los zu werden. (grep -v
könnte helfen.)
404.php (in .htaccess als Fehlerseite einrichten)
<?php
$noblocks = [
'192.168.1.',
'127.'
];
$noblocks[] = trim( `LANG=C host "home.fastix.org" | tail -n1 | cut -d ' ' -f4` );
$blocktime = 60; # Minuten
if ( empty( $_SERVER['REMOTE_ADDR'] ) ) {
echo __FILE__ . " executed in CLI: Nothing to do." . PHP_EOL;
exit;
}
foreach ( $noblocks as $noblock ) {
if ( 0 === strpos( $_SERVER['REMOTE_ADDR'], $noblock ) ) {
error404();
exit;
}
}
$flagFound = false;
include '404_angriffe.php';
$haystack = strtolower( $_SERVER['REQUEST_URI'] );
foreach ( $angriffe as $s ) {
$needle = strtolower( trim( $s ) );
if ( $needle && false !== strpos( $haystack, $needle ) ) {
$flagFound = true;
break;
}
}
if ( $flagFound ) {
$cmd = '/usr/bin/sudo /usr/sbin/fwblock4time ' . $_SERVER['REMOTE_ADDR'] . ' ' . $blocktime . ' 1>/dev/null 2>/dev/null; echo $? | tail -n1';
$result = intval(`$cmd`);
if ( 0 == $result ) {
error_log('Angriffsversuch: ' . $_SERVER['REMOTE_ADDR'] . " wurde fuer $blocktime Minuten in der Firewall blockiert.");
} else {
error_log( "Error $result from execute $cmd" );
}
iLoveSkriptKiddies();
exit;
} else {
error404();
exit;
}
function error404( $logentry=false, $exit=true ) {
if ( headers_sent() ) {
trigger_error('Es kann kein Status 404 gesendet werden, weil zuvor Daten gesendet wurden.', E_USER_ERROR);
} else {
ob_end_clean();
http_response_code( 404 );
?>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>404 Not Found</title>
</head>
<body>
<h1>Not Found</h1>
<p>The requested URL <?=htmlspecialchars(urldecode($_SERVER['REQUEST_URI']))?> was not found on this server.</p>
<hr>
<address><?=$_SERVER['SERVER_SOFTWARE']?> Server at <?=htmlspecialchars($_SERVER['HTTP_HOST'])?> Port <?=htmlspecialchars($_SERVER['SERVER_PORT'])?></address>
</body>
</html>
<?php
}
if ( $logentry ) {
error_log( $logentry );
}
if ( $exit ) {
exit;
} else {
return true;
}
}
function iLoveSkriptKiddies() {
http_response_code( 403 );
header ("content-type:image/svg+xml");
echo '<svg ... /></svg>
';
}
404_angriffe.php: (Verlangt natürlich immer mal nach Pflege...)
<?php
$angriffe=explode(
"\n",
'/.
../../../
/_asterix/
/a2billing/
/adm/
/admin/
/administrator.php
/App.php
/backup/
/cgi-bin/
/composer.php
/data.php
/db/
/dbadmin
/db.init.php
/db.php
/db_pma.php
/dmpr/
/drupal.php
/editor.php
/entropysearch.cgi
/etc/
/horde/
/ip.php
/login.cgi
/manager/
/msd/
/muhstik/
/mx.php
/myadmin/
/MyAdmin/
/myadmin2/
/mysql
/mysql/
/mysql_admin/
/mysql-admin/
/mysqladmin/
/mysqldump
/mysqldumper/
/mysqlmanager/
/mysql.php
/noxdir/
/phpadmin/
/phpma/
/phpmy/
/phpmyadmin/
/phppma/
/pma/
/pma2/
/proxyheader.php
/setup.php
/shell.php
/solstice
/spider.php
/sqlmanager/
/sqlweb/
/status/
/system.php
/thinkphp
/tomcat.php
/toor.php
/TP/
/thinkphp/
/typo3/
/uploadify.php
/vhcs/
/vhcs2/
/vtigercrm/
/w00tw00t.at.blackhats.romanian.anti-sec
/webcm
/webdav/
/webcapture.jpg
/websql/
/wlwmanifest.xml
/wp-admin/
/wp-admin.php
/wp-config.php
/wp-content/
/wp-includes/
/wp-login.php
/xampp/
/xmlrpc.php
HelloThinkPHP
voip.cfg
');