ʤΥϤָŤΤǡƤˤʤޤ󡣤ʤ


ΤΥե

-(front-end).php
 --mainfile.php
   ---modules/protector/include/precheck.inc.php
   ---include/common.php  (ǽƥ桼åĥ
   ---modules/protector/include/postcheck.inc.php
 --header.php
   x ---modules/protector/blocks/protector_block.php (deleted)
...

mainfile.php ؤΥѥå



Anti-DoSνե

precheck.inc.php

ǤνϤʤʤä

postcheck.inc.php

$protector->check_dos_attack() θƤӽФ

ȡ
  protector_access ơ֥Υ٥
  ƱIPƱURIؤι٥å (F5 Attack)
   > protector_access ơ֥ؤΥ쥳ɲ (DELAYED INSERT)
   > protector_access ƱIP쥳ɤǤ5ʬ˱Фʤνषƶꤽ˻פΤǡȤꤢƤߤ
   > preferences ǻꤵ줿Ԥäfalse֤
   > banIP ¨¤bad_ipsϿ
   > exit ϡexit; ˡϿ
  USER_AGENT å
   > ޤ٤USER_AGENTʤ顢ʤOKȤ
   > USER_AGENT򺾾Τ밭դbotؤкϺβ
  ƱIP͡URIؤι٥å ʥᥢɼܥå
  protector_access ơ֥ؤΥ쥳ɲ (DELAYED INSERT)
   > preferences ǻꤵ줿Ԥäfalse֤
   > banIP ¨¤bad_ipsϿ
   > exit ϡexit; ˡϿ
  ˤ⳺ʤOK

֤ͤfalseʤ顢Ͽ
Ǥϡpurge() ʤɤϤʤ


preferences ǻǤ

none   й֤ϤȤʤϿԤ
sleep  5ÿsleep()롣ApacheMySQL٤䤹⤷줺侩
exit   ¨¤exit
banip  xoopsConfig  bad_ips Ͽ
htaccess .htaccessDENY FROMȤƽ񤭹ࡣuploads/.htaccess.bakХååץեǡХååפʤơ.htaccessмưդˡ.htaccessȤʤƥХååפϡХååפ᤹uploads/̾Υѡߥåʤ.htaccessϡŪ˽¤Ϳɬפꡣ



ե륢åץк

precheck ΤߤǹԤ

ǥեȤON

$_FILES 
/(\.php|\.phtml|\.phtm|\.php3|\.php4|\.cgi|\.pl|\.asp)$/i
Ȥѥ˹פե̾ä顢¨¤purge()

B-WikiǼեȤʤɡphpեźդӤǤϡεǽOFFˤ¾ʤ

⥸塼¦ǡmainfile.php ƤӽФ PROTECTOR_SKIP_FILESCHECKER 뤳ȤǤ⡢ΥåϥåפǤ롣B-WikiʤɤбƤȴ򤷤



ƥѿк

precheck ΤߤǹԤ

ĤäΥǥեưϡexit

$_POST, $_GET, $_COOKIE ꥫ

'GLOBALS'
'_SESSION'
'HTTP_SESSION_VARS'
'_GET'
'HTTP_GET_VARS'
'_COOKIE'
'HTTP_COOKIE_VARS'
'_REQUEST'
'_SERVER'
'_ENV'
'_FILES'
'xoopsDB'
'xoopsUser'
'xoopsUserId'
'xoopsUserGroups'
'xoopsUserIsAdmin'
'xoopsConfig'
'xoopsOption'
'xoopsModule'
'xoopsModuleConfig'

Υǥå̵Ĵ٤롣

Υåϡ󥹥ȥ饯ǹԤ

precheck ǸĤäơġban_ip ʤ顢ȤꤢGETPOSTˤơbad_ipϿͽpostcheckλˡݸ롼פǤʤban

¨¤бǤ롢Ȥǡ̤ˡexit ɤȻפ롣



⥸塼ID XSS , SQL Injection к

precheck Τߡ

$_POST, $_GET, $_COOKIE ǥå 'id' ǽäơġǤϤʤѿˤĤƤϡintval() 򤫤

ǥեȤǤOFF



SQL InjectionкΣѥ

postcheck Τߡcommon.php θǤ⡢ۤʤȤȽǡ

$_POST, $_GET, $_COOKIE ƵŪȤˡUNION ޤϸΩ /* ̵å

ʸΩ/* ȤϡФˤʤ */ Τʤ /* ΤȡSQL Injectionˤơˤ˻Ȥ

ĤäΥϤ줾죴ʳ٤

⤷ʤ

bit0  ʥǥեȡ
  UNION ʤ顢UNI-ON ʬ򤹤
  /* ʤ顢Ǹ */ Ϳ

bit1 λ
  Ω /* ̤˽򤷤ƤƤճɤѥʤΤǡǼĤʤɤƤṳ̈ȤΤϡäȥӥåꤷƤޤ

bit2 bad_ip Ͽ
  λǤӥåꤹΤˡϤˤꤹ



路եζػ

precheck ǤΤ߹Ԥ

ե̾GETľܻꤹˡĤå˺ƥǥ쥯ȥ̤뤳Ȥɤ

եѥϤʤθ̩׵᤹ΤǡճȥѥϹʤġĤȻפäƤǤʤ

Ȥꤢǥ쥯ȥ̤뤿ˤϡ../ 鳫Ϥ뤫../../ ȤѥޤɬפФɬפʤΤǡѥΤȤ

󡢥̥Хкɬס

ǥեȤON

2.3x ޤǤϡPOSTˤĤƤԤäƤPOSTˤĤ̤åɬפʤΤϡ2.0.9.2ޤǤΥ顢˰ư



̥Хк

󥹥ȥ饯ǹԤפprecheck

ꥯʸ \0 ȡƼåͭ˸ʤ
Ȥȡ\0 ¸ߤ뤳ȼΤΤǡꥫ˥åơ
ĤäϡڡѴ롣

ǥեȤON



åϥåк

postcheck Τߡ

åIPƱ쥻åǰۤʤIP褿ǥ
Ȥ롣

ץΥɥХ󥹡ŲӥʤɤǤϡ
IPɥ쥹Ѥ뤳ȤɤΤǡȤꤢϥ롼
бȤ

ԥ롼פIPåͭˤΤ֥Х󥹤Ȥ
ȤϻפʥǥեȤ⤽ʤäƤ



XOOPSСͭηդ

Ȥꤢ2.0.9.2 ǸĤäProtectorŪˡǺɤǤߤ
2.4ϡǥեȤoffȤƤ롣



IPꥹȤ˺ܤäƤޤäεߺѺ

XOOPS_URL/modules/protector/admin/rescue.php
ǡ餫ꤷƤѥɤϤСIPݤΤΤǤ

ΥѥɤϤ餫ꤷƤɬפ롣
֡ʥѥɤʸˤξ硢εߺѺ̵Ȥʤ롣

precheck ǡͤ򸫤ơmd5Ƥʤʤ顢Ūmd5ϥåȤäΤ֤롣ȽǴϺǽΣʸ'*=*'Ǥ뤫ɤȤǤʤˡǤ뤳ȤϼФƤΤͤùޤʤǤ :-)

ʤǤ⡢ճɤˡ




٥ʻ

ӥåȤб
--------------------------------
1:   ٤ι⤤Ρʥǥեȡ
     CONTAMI, UPLOAD
     BruteForce, xmlrpc, CRITERIA,
     misc debug, misc smilies, edituser avatar choose, findusersh
     DBLayerTrapˤSQL Injection
-------------------------------- Quiet
16:  DoS, CRAWLER
32:  NullByte, ISOCOM, UNION
-------------------------------- quiet
64:  ../ Ǥ̤ 
128: SPAM
-------------------------------- full




