WebCoder

How To Catch Hackers, Pt. 2a

August 18th, 2008 | No Comments | Posted in Life, Site News

As a minor update, this is what my inbox looks like since adding the SQL/XSS detector code:

Update: This was supposed to be part 2a…

Tags: hacking

How to Catch Hackers, Pt. 2

August 9th, 2008 | No Comments | Posted in PHP

if(stristr($_GET['p'], 'order by') || stristr($_GET['p'], '--') || stristr($_GET['p'], '\'') || stristr($_GET['p'], '../'))
{
		echo '
No Script Kiddies Allowed

Checking user IQ...
User IQ < minimum. Page not loaded.
Sending e-mail to webmaster (I\'m not kidding)...
Success!
If you want to hack this page, please type the following in a terminal: sudo rm -rf /';
		$text = 'IP Address: '.$_SERVER['REMOTE_ADDR'].'
Query string: '.$_GET['p'];
		mail('you@gmail.com', 'SQL Hacker', $text, "From: you@gmail.com\n");
}

This does not actually protect your site, if you’re using SQL you should properly escape your input. This site uses flatfiles so it’s interesting how many people try an SQL injection (3 so far) — but since I put this up they always leave after the first attempt!

Update (8/10): I forgot the most important part of the code… fixed now >_<

Tags: hacking, PHP

How To Catch Hackers

July 6th, 2008 | 1 Comment | Posted in PHP

(click for full size)

Tags: hacking, PHP

About

I'm a student/web developer from the United States. I hope these posts are useful! If you have a question, leave a comment, or contact me using one of the links below.

Email: bugscripts [a t] g m a i l [dot] com
Twitter: Follow Me

Computer Blogs - BlogCatalog Blog Directory

How To Catch Hackers, Pt. 2a

How to Catch Hackers, Pt. 2

No Script Kiddies Allowed

How To Catch Hackers

About

Recent Posts

Recent Comments

Archives

Categories

Blogroll

Meta

Twitter Updates