Jump to content
metin2dev
Sign in to follow this  
Weles

Free site + protect www server

Recommended Posts

Warning!: The site is vulnerable to SQLi attacks - if someone wants to, he can rewrite the page as follows:

https://youtu.be/DXji_JiuTdo

  • I do not know if this is the right forum section

I also recommend adding a captcha for registration, login and display of the full ranking. The site also has an advanced administrator system.

Website (one change - 99% of original files from BombWorkStudio):

https://www23.zippyshare.com/v/eo4JElK4/file.html

Scan:

https://www.virustotal.com/#/file-analysis/YzJjNDUyOGY0MzJlZGI5ZDgwMWFlYWVmMzBmYzE0OGY6MTUzMDQ2NDcwNQ==

Layout:

https://www.mpcforum.pl/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/jySgsmk.jpg&key=6f9f51e6dc2b4695eef338e253b46d36f714e9f3ae3b035c720b15909e791c07

Web server protection against two idiots (Internet terror - DejmieN & Komar1911)

## CHECKING IP, WHICH MAKE THE BIGGEST ATTACKS ##

cat /var/log/apache2/access.log |awk '{print $1}' |sort |uniq -c |sort -n

## CHECKING IPs WHICH MAKE THE BIGGEST ATTACKS AND BLOCKING THEIR ##

FILE=/var/log/apache2/access.log; for ip in `cat $FILE |cut -d ' ' -f 1 |sort |uniq`; do { COUNT=`grep ^$ip $FILE |wc -l`; if [[ "$COUNT" -gt "500" ]]; then iptables -A INPUT -s $ip -j DROP; fi }; done


Where 500 - is responsible for the number of connections from one ip - after exceeding this number, the bot will be blocked.

## DISPLAYING ALL IP ADDRESSES AND NUMBER OF ATTACKS FROM ANY IP ##

FILE=/var/log/apache2/access.log; for ip in `cat $FILE |cut -d ' ' -f 1 |sort |uniq`; do { COUNT=`grep ^$ip $FILE |wc -l`; if [[ "$COUNT" -gt "500" ]]; then echo "$COUNT : $ip"; fi }; done

## BLOCKING ENTRIES ON THE WEBSITE + CLOUDFLARE UNLOCKING ##

iptables -A INPUT -s YOUR_IP_MACHINE_THAT_YOU_WILL_PROTECT -j DROP
iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP

You enter the IP addresses one by one

https://www.cloudflare.com/ips-v4

 

iptables -I INPUT -p tcp -m multiport --dports http,https -s HERE_IPV4_ADRESS -j ACCEPT

 

https://www.cloudflare.com/ips-v6

 

iptables -I INPUT -p tcp -m multiport --dports http,https -s HERE_IPV6_ADRESS -j ACCEPT

## CONFIGURATION jail.local - FAIL2BAN ##

	[apache]
enabled  = true
filter   = apache-auth
action   = iptables-multiport[name=auth, port="http,https"]
logpath  = /var/log/apache2/access.log
bantime  = 9600
maxretry = 1
ignoreip = 103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/12,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17
	[apache-badbots]
enabled  = true
filter   = apache-badbots
action   = iptables-multiport[name=badbots, port="http,https"]
logpath  = /var/log/apache2/access.log
bantime  = 9600
maxretry = 1
ignoreip = 103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/12,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17
	[apache-noscript]
enabled  = true
filter   = apache-noscript
action   = iptables-multiport[name=noscript, port="http,https"]
logpath  = /var/log/apache2/access.log
bantime  = 9600
maxretry = 1
ignoreip = 103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/12,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17
[apache-overflows]
enabled  = true
filter   = apache-overflows
action   = iptables-multiport[name=overflows, port="http,https"]
logpath  = /var/log/apache2/access.log
bantime  = 9600
maxretry = 1
ignoreip = 103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/12,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17


Where ignoreip is responsible for IP addresses CLOUDFLARE

## BLOCKING EMPTY GETS VIA .htaccess ##

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteRule ^ - [F]

 

Edited by Weles
Magic double topic.
  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×