Web Security System[WSS] v1.1 deschis in Web Development

Web Security System[WSS] este un proiect ce are ca scop protejarea impotriva atacurilor de tip XSS/SQL/RFI/LFI rapid si eficient,precum si detectarea incercarilor si oprirea incercarilor unui atacator de a compromite webisite`ul in cauza.Acest system scaneaza rapid orice variabila globala existenta.

[size=150]Puncte forte :[/size]
1. Implementarea rapida in orice fisier php
2. Detectarea rapida a vulnerabilitatilor puse la dispozitie de system,precum si "patch`uirea" respectivelor variabile globale,in cazul in care clientul vrea asta
3. Salvarea acestor incercari intr`o baza de date
4. Posibilitatea urmarii unui atacator(se creaza log`urile pentru un atacator(daca se doreste asta) si se urmaresc toate actiunile facute de acesta pe paginile ce au instalate WSS)
5. Panou de administrare - Vizualizarea atacatorilor(dupa ip)
   - Vizualizarea atacurilor
   - Vizualizarea tuturor log`urilor unui atacator specific( ales dupa ip sau id`ul din baza de date)
6. Variabile globale scanate : $_GET,$_POST,$_SERVER[speciale],$_SESSION,$_COOKIE
   -Variabilele scanate din $_SERVER : HTTP_ACCEPT", "HTTP_ACCEPT_CHARSET", "HTTP_ACCEPT_ENCODING", "HTTP_ACCEPT_LANGUAGE" , "HTTP_CONNECTION", "HTTP_HOST","HTTP_REFERER","HTTP_USER_AGENT", "SERVER_ADMIN", "SERVER_PORT", "SERVER_SIGNATURE","PHP_AUTH_DIGEST", "'PHP_AUTH_USER", "PHP_AUTH_PW", "AUTH_TYPE"
[size=150]Puncte slabe:[/size]
1. Panoul de administrare nu are nici un stil si este cam rustic

TIP Argumentele functiilor puse intre [] reprezinta argumente optionale! [/i]
[size=150]Utilizare[/size]

Code:

<?php
require "prt_system.php";
$arr = array("server" => "localhost",
   "user" => "username",
   "pass" => "password",
   "database" => "prt_system");
$protection_system = new ProtectionSystem($connection,[$level],[$warningLevel],[$patch],[$follow])
$protection_system->RunPSystem();
?>

[size=150]Functiile puse la dispozitia clientului[/size]
Constructorul($connection,[$level],[$warningLevel],[$patch],[$follow])
Descriere : Functia pentru initializarea systemului!
Argumente :

Code:

$connection : Un array ce contine detaliile pentru conectarea catre serverul Mysql sau ID`ul catre o conexiune deja deschisa Mysql
   $level : Un numar cuprins intre -1 si 6 ce reprezinta tipurile de vulnerabilitati ce urmeaza a fi verificate de catre sistem
   Explicatii valori :
   -1 // No protection
   0 // XSS protection only
   1 // SQL protection only
   2 // RFI/LFI protection only
   3 // RFI/LFI + SQL protection
   4 // RFI/LFI + XSS protection
   5 // SQL + XSS protection
   6 // Full protection
   $warningLevel : Un numar cuprins intre 1 si 3(inclusiv) ce reprezinta tip`ul de afisarea al erorilor in functie de gravitatea lor!
   Explicatii valori :
   3 // Toate erorile
   2 // Doar erorile importante
   1 // Nici o eroare
   $patch : Daca o variabila este considerata ca avand caractere interzise acestea sunt "patch`uite" pentru a se reduce bresele de securitate
   Valori : TRUE/FALSE
   $follow : Daca systemul detecteaza un atac din partea cuiva,exista optiunea ca de acum inainte atacatorului sa`i fi urmariti toti pasii ce ii face.
   Valori : TRUE/FALSE

RunPSystem()
   Descriere : Functia ce porneste systemul de analiza a breselor de securitate
   Argumente : Nici unul

SetScanZone($which,$value)
   Descriere : Seteaza starea unei variabile globale specifice(sa fie scanata sau nu)
   Argumente :

Code:

$which : Poate fi un vector sau o valoare ce reprezinta tipul variabilei ce i se va stabili starea
   $value : Daca este o valoare iar $which este un vector,atunci fiecarei variabile globale din vectorul $which i se va stabili valoare $value
   Daca este un vector atunci fiecare variabile globale din $which i se va stabili o valoare din vectorul $value(aceeasi pozitie in vector)
  Exemple : $system_protection->SetScanZone("SESSION",TRUE);
   $system_protection->SetScanZone(array("SESSION","SERVER"),TRUE);
   $system_protection->SetScanZone(array("SESSION","SERVER"),array(TRUE,FALSE));

SetNoneProtection()
   Descriere : Seteaza level`ul scanarii -1(system`ul nu scaneaza dupa nici un tip de vulnerabilitate)
   Argumente : Nici unul

SetAllProtection()
   Descriere : Seteaza level`ul scanarii 6 (system`ul scaneaza toate tipurile de vulnerabilitati puse la dispozitie)
   Argumente : Nici unul

SetProtectionLevel([$level])
   Descriere : Seteaza level`ul scanarii specificat (system`ul scaneaza toate tipurile de vulnerabilitati puse la dispozitie)
   Argumente :

Code:

$level : Un numar cuprins intre -1 si 6 ce reprezinta tipurile de vulnerabilitati ce urmeaza a fi verificate de catre sistem

SetWarningLevel([$level])
Descriere : Seteaza level`ul pentru afisarea erorilor
Argumente :

Code:

$level : Un numar cuprins intre 1 si 3 ce reprezinta afisarea erorilor in functie de importanta lor

SetMessageToAttacker([$show],[$message])
Descriere : Daca am detectat vreun atac din partea cuiva,ii putem afisa un mesaj pentru a`l speria!
Argumente :

Code:

$show : TRUE = afiseaza mesajul
FALSE = nu afisa mesajul
$message : Mesajul ce urmeaza a fi afisat

SetPatchVars([$value])
Descriere : Stabileste daca sau nu o variabila considerata ca avand cod malitios sa fie sau nu "patch`uita"
Argumente :

Code:

$value : TRUE : DA
FALSE : NU

SetFollowAttacker([$value])
Descriere : Stabileste daca unui atacator i se vor urmari toate miscarile de acum incolo pe paginile ce detin systemul instalat
Argumente :

Code:

$value : TRUE : DA
FALSE : NU

[size=150]Variabile ce pot fi utilizate in system : [/size]

Code:

$ProtectionID : tipul protectiei
   $WarningLevelID : tipul afisarii erorilor
   $ListenZones : starea variabilelor globale
   $ErrLevel : level anumitor erori
Exemple :
   $server_protection->ProtectionID['NONE'] : luam numarul ce reprezinta tipul de protectiei ce nu scaneaza dupa nici un fel de vulnerabilitati
   $server_protection->ListenZones['SESSION] : accesam starea variabilelor globale de tip Session

Configurare admin.php

Code:

$user = "numele adminului"
  $password = "parola adminului"
  $connection = array("server" => "localhost",
   "user" => "ussername",
   "pass" => "password",
   "database" => "prt_system");

Previews :

Pentru mai multe detalii cititi comentariile de la inceputul codului sistemului!

Web Security System[WSS]
Fisier : prt_system.php

Code:

<?php

class ProtectionSystem
{
  ###########################################################################

  //Defined vars
  private $TablePrefix = "prt_sys_"; // Table Prefixes
  private $TableMain = "main"; // Store every attack
  private $TableAttackers = "attackers"; // Store attackers that will be followed from now on
  private $TableCache = "cache"; // Store informations about attackers which are we following

  public $ProtectionID = array(
   "NONE" => -1, // No protection
   "XSS" => 0, // XSS protection only
   "SQL" => 1, // SQL protection only
   "RLFI" => 2, // RFI/LFI protection only
   "RLS" => 3, // RFI/LFI + SQL protection
   "RLX" => 4, // RFI/LFI + XSS protection
   "SSS" => 5, // SQL + XSS protection
   "FULL" => 6 // Full protection
   );
  public $WarningLevelID = array(
   "ALL" => 3, // Show all warnings
   "MED" => 2, // Show important warnings
   "NONE" => 1 // No warnings
);
  public $ListenZones = array(
   "GET" => TRUE, // Scan in GET
   "POST" => TRUE, // Scan in POST
   "COOKIE" => TRUE, // Scan in COOKIE
   "SESSION" => TRUE, // Scan in SESSION
   "SERVER" => TRUE // Scan in SERVER
   );

  public $ErrLevel = array(
   "P_LEVEL" => 3, // Invalid protection level error
   "W_LEVEL" => 3, // Invalid warning level error
   "MYSQL_C" => 2, // Invalid mysql server connection error
   "MYSQL_DB" => 2, // Invalid mysql database error
   "VULN" => 2 // Vulnerabilitys
   );

  public $ErrMessages = array(
"P_LEVEL" => "echo \"Invalid protection level.Please select value between {#this->ProtectionID['NONE']} and {#this->ProtectionID['FULL']}!\";",
"W_LEVEL" => "echo \"Invalid warning level.Please select value between {#this->WarningLevelID['NONE']} and {#this->WarningLevelID['ALL']}!\";",
"MYSQL_C" => "echo \"Mysql connection problem!\";",
"MYSQL_DB" => "echo \"Mysql database not found!\";",
"VULN" => "echo \" *************************************************************************************<br>
* <b>Protection System</b> has detected a possible attack from : <b>{#ip}</b> at {#time}! <br>
* <b>Attack type</b> : {#vuln}<br>
* <b>Variable vulnerable</b> : {#vars}<br>
* <b>Variable Patched</b> : {#patched}<br>
* <b>Folow Attacker</b> : {#follow}<br>
* <b>Details</b> : Information about possible attack and the attacker were stored!<br>
*************************************************************************************<br>\";",
   );
  //Requested vars
  private $ProtectionLevel = 6; // Protection level
  private $WarningLevel = 3; // Warning level
  private $MysqlID = -1; // Mysql Connection ID
  private $ShowMessage = TRUE; // If we detect something we show an message
  private $EventMessage = "Acces Violation!"; // Message show in case of attack detection
  private $PatchVars = TRUE; // Patch value from detected problems
  private $FollowAttacker = TRUE; // Store all information about attacker from now on
  private $ExistThreads = FALSE; // Security Threads
  private $SecurityThreads = array(array(array())); // Store threads if exists
  private $SystemVersion = "1.1";

  ##################
  #-# constructor() #-#
  public function __construct($connection,$level = 6,$warningLevel = 3,$patch = TRUE,$follow = TRUE)
  {
   if($warningLevel >= $this->WarningLevelID['NONE'] && $warningLevel <= $this->WarningLevelID['ALL'])
{
$this->WarningLevel = $warningLevel;
}
else
{
$this->WarningLevel = 3;
$this->ShowWarning("W_LEVEL");
}

   if($level >= $this->ProtectionID['NONE'] && $level <= $this->ProtectionID['FULL'])
   {
$this->ProtectionLevel = $level;
}
else
{
$this->ProtectionLevel = $this->ProtectionID['FULL'];
ShowWarning("P_LEVEL");
}

$this->PatchVars = $patch;
$this->FollowAttacker = $follow;

   if(is_array($connection))
{

if(!$this->MysqlID = mysql_connect($connection['server'],$connection['user'],$connection['pass']))
{
$this->MysqlID = -1;
$this->ShowWarning("MYSQL_C");
}
else
{
if(!mysql_select_db($connection['database'],$this->MysqlID))
{
$this->MysqlID = -1;
$this->ShowWarning("MYSQL_DB");
}
}
}
else
{
$this->MysqlID = $connection;
}
if($this->FollowAttacker == TRUE) { $this->FollowAttacker(); }
  }#-# constructor() #-#

  // !~! Public Functions !~!

  public function RunPSystem()
  {

   //Proces GET data
if($this->ListenZones['GET'])
foreach($_GET as $key => $row)
$this->ScanThis($key,$row,'GET');

//Proces POST data
if($this->ListenZones['POST'])
foreach($_POST as $key => $row)
$this->ScanThis($key,$row,'POST');

//Proces COOKIE data
if($this->ListenZones['COOKIE'])
foreach($_COOKIE as $key => $row)
$this->ScanThis($key,$row,'COOKIE');

//Proces COOKIE data
if($this->ListenZones['SESSION'])
if(isset($_SESSION))
foreach($_SESSION as $key => $row)
$this->ScanThis($key,$row,'SESSION');

//Proces SERVER data
if($this->ListenZones['SERVER'])
{
$Which = array(
   "HTTP_ACCEPT",
   "HTTP_ACCEPT_CHARSET",
   "HTTP_ACCEPT_ENCODING",
   "HTTP_ACCEPT_LANGUAGE",
   "HTTP_CONNECTION",
   "HTTP_HOST",
   "HTTP_REFERER",
   "HTTP_USER_AGENT",
   "SERVER_ADMIN",
   "SERVER_PORT",
   "SERVER_SIGNATURE",
   "PHP_AUTH_DIGEST",
   "'PHP_AUTH_USER",
   "PHP_AUTH_PW",
   "AUTH_TYPE");
foreach($Which as $row)
if(isset($_SERVER[$row]))
$this->ScanThis($row,$_SERVER[$row],'SERVER');
}

if($this->ExistThreads == TRUE)
$this->ShowWarning("VULN_S");
  }

  private function ScanThis($key,$value,$type)
  {
   $errors = array("XSS" => FALSE,
"SQL" => FALSE,
"RLFI" => FALSE);

   switch($this->ProtectionLevel)
{
case 0:
if($this->IS_XSS($value) == FALSE) { $errors['XSS'] = TRUE; }
break;
case 1:
if($this->IS_SQL($value) == FALSE) { $errors['SQL'] = TRUE; }
break;
case 2:
if($this->IS_RLFI($value) == FALSE) { $errors['RLFI'] = TRUE; }
break;
case 3:
$errors['RLFI'] = $this->IS_RLFI($value);
$errors['SQL'] = $this->IS_SQL($value);
break;
case 4:
$errors['XSS'] = $this->IS_XSS($value);
$errors['RLFI'] = $this->IS_RLFI($value);
break;
case 5:
$errors['SQL'] = $this->IS_SQL($value);
$errors['XSS'] = $this->IS_XSS($value);
break;
case 6:
$errors['RLFI'] = $this->IS_RLFI($value);
$errors['SQL'] = $this->IS_SQL($value);
$errors['XSS'] = $this->IS_XSS($value);
break;
default:
return;
}

if($this->PatchVars == TRUE)
$this->PatchVuln($errors,$key,$value,$type);

if(in_array(TRUE,$errors)) { $this->ExistThreads = TRUE; }
foreach($errors as $keyE => $valueE)
if($valueE == TRUE)
$this->SecurityThreads[$keyE][] = array("key" => $key,
"value" => $value,
"type" => $type);
  }

  public function SetScanZone($which,$value)
  {
   if(is_array($which))
{
if(is_array($value))
{
for($x = 0; $x < sizeof($which); $x++)
$this->ListenZones[$which[$x]] = $value[$x];
}
else
{
foreach($which as $row)
$this->ListenZones[$row] = $value;
}
}
else
{
$this->ListenZones[$which] = $value;
}
  }

  public function SetNoneProtection()
  {
   $this->ProtectionLevel = $this->ProtectionID['NONE'];
  }

  public function SetAllProtection()
  {
   $this->ProtectionLevel = $this->ProtectionID['FULL'];
  }

  public function SetProtectionLevel($level = 6)
  {
   if($level >= $this->ProtectionID['NONE'] && $level <= $this->ProtectionID['FULL'])
   {
$this->ProtectionLevel = $level;
}
else
{
$this->ProtectionLevel = $this->ProtectionID['FULL'];
ShowWarning("P_LEVEL");
}
  }

  public function SetWarningLevel($level = 3)
  {
   if($level >= $WarningLevelID['NONE'] && $level <= $WarningLevelID['ALL'])
{
$this->warningLevel = $level;
}
else
{
$this->warningLevel = 3;
$this->ShowWarning("W_LEVEL");
}
  }

  public function SetMessageToAttacker($show = TRUE,$message = "Acces Violation!")
  {
   $this->ShowMessage = $show;
$this->EventMessage = $message;
  }

  public function SetPatchVars($value = TRUE)
  {
   $this->PatchVars = $value;
  }

  public function SetFollowAttacker($value = TRUE)
  {
   $this->FollowAttacker = $value;
  }
  // !~! Private Functions !~!

  private function IS_XSS($value)
  {
   if($value != "")
{
$original = $value;
$value = htmlspecialchars($original);

if($original != $value)
return TRUE;
else
return FALSE;
}
return FALSE;
  }

  private function IS_SQL($value)
  {
   if($value != "")
{
$original = $value;
if (get_magic_quotes_gpc()) { $value = stripslashes($value); }
   $value = mysql_real_escape_string($value);

if($original != $value)
return TRUE;
else
return FALSE;
}
return FALSE;
  }

  private function IS_RLFI($value)
  {
   if($value != "")
{
$original = $value;
if(strpos($value,'.') !== FALSE)
{
if(strpos($value,"../") !== FALSE) { return TRUE; }

if(strpos($value,"://") !== FALSE) { return TRUE; }
if(strpos($value,"http") !== FALSE ||
strpos($value,'https') !== FALSE ||
strpos($value,"ftp") !== FALSE ||
strpos($value,'www') !== FALSE) { return TRUE; }

if(file_exists($value)) { return TRUE; }
}
else
{
return FALSE;
}
}
return FALSE;
  }

  private function PatchVuln($vuln,$key,$value,$type)
  {
   foreach($vuln as $err => $val)
{
   if($val == TRUE)
{
switch($err)
{
case "XSS" :
$value = htmlspecialchars($value);
break;
case "SQL" :
if (get_magic_quotes_gpc()) { $value = stripslashes($value); }
   $value = mysql_real_escape_string($value);
break;
case "RLFI":
$rn = rand(10000,99999);
$value = substr($value,0,strlen($value) / 2) + $rn + substr($value,strlen($value) / 2);
break;
}
}
}

switch($type)
{
case 'GET' : $_GET[$key] = $value; break;
case 'POST' : $_POST[$key] = $value; break;
case 'COOKIE' : $_COOKIE[$key] = $value; break;
case 'SESSION' : $_SESSION[$key] = $value; break;
case 'SERVER' : $_SERVER[$key] = $value; break;
default : return;
}
  }

  private function FollowAttacker()
  {
   if($this->MysqlID != -1)
{
$query = "SELECT * FROM `{$this->TablePrefix}{$this->TableAttackers}` WHERE ip = '{$_SERVER['REMOTE_ADDR']}' AND follow = 1";
if(mysql_num_rows(mysql_query($query,$this->MysqlID)) >= 1)
{
$date = gmdate("D, d M Y H:i:s");
$query = "INSERT INTO {$this->TablePrefix}{$this->TableCache} (`ip`,`browser`,`time`,`attack`) VALUES
('{$_SERVER['REMOTE_ADDR']}','{$_SERVER['HTTP_USER_AGENT']}','{$date}',
'{$_SERVER['PHP_SELF']}?{$_SERVER['QUERY_STRING']}')";
mysql_query($query,$this->MysqlID);
}
}
  }

  private function GetVersion()
  {
   return "v".$this->SystemVersion;
  }

  private function ShowWarning($error = "")
  {
$ip = $_SERVER['REMOTE_ADDR'];
$time = gmdate("D, d M Y H:i:s");
$patched = ($this->PatchVars == TRUE) ? "<font color=\"#00FF00\">YES</font>" : "<font color=\"#FF0000\">NO</font>";
$follow = ($this->FollowAttacker == TRUE) ? "<font color=\"#00FF00\">YES</font>" : "<font color=\"#FF0000\">NO</font>";
$vars = "";

if($error == "VULN_S")
{
if($this->ExistThreads == TRUE)
{
if($this->ShowMessage == TRUE)
{
echo "<b>Message to Attacker : </b>".$this->EventMessage."<br>";
}
}
foreach($this->SecurityThreads as $vuln => $row)
{
if(is_numeric($vuln)) continue;
for($x = 0; $x < sizeof($row); $x++)
{
if($this->MysqlID != -1)
{
$type = "\$_".$row[$x]["type"]."['".$row[$x]["key"]."']";
$query = "INSERT INTO {$this->TablePrefix}{$this->TableMain} (`ip`,`browser`,`time`,`attack`,`type`,`variable`) VALUES
('{$_SERVER['REMOTE_ADDR']}','{$_SERVER['HTTP_USER_AGENT']}','{$time}',
'{$_SERVER['PHP_SELF']}','{$vuln}','".mysql_real_escape_string(htmlspecialchars($type))." = {$row[$x]['value']}')";

@mysql_query($query,$this->MysqlID);

if($this->FollowAttacker == TRUE)
{
$query = "SELECT * FROM `{$this->TablePrefix}{$this->TableAttackers}` WHERE ip = '{$_SERVER['REMOTE_ADDR']}' AND follow = '1'";

if(mysql_num_rows(mysql_query($query,$this->MysqlID)) == 0)
{
$query = "INSERT INTO {$this->TablePrefix}{$this->TableAttackers} (`ip`,`follow`,`time`)
VALUES ('{$_SERVER['REMOTE_ADDR']}','1','{$time}')";
@mysql_query($query,$this->MysqlID);
}
$query = "INSERT INTO {$this->TablePrefix}{$this->TableCache} (`ip`,`browser`,`time`,`attack`,`type`) VALUES
('{$_SERVER['REMOTE_ADDR']}','{$_SERVER['HTTP_USER_AGENT']}','{$time}',
'{$_SERVER['PHP_SELF']}{$_SERVER['QUERY_STRING']}','{$vuln}')";
@mysql_query($query,$this->MysqlID);
}
if($vars != "") { $vars .= ",".$type; } else { $vars = $type; }
}
}
if($this->ExistThreads == TRUE)
{
if($this->ErrLevel["VULN"] <= $this->WarningLevel)
{
echo eval(str_replace("#","$",$this->ErrMessages["VULN"]));
}
}
}
echo "<div align='right'><b> | Web Security System</b> version <b>".$this->GetVersion()."</b> is running on this server. <b>| © 2009 | </b> ";
   }
else
{
if($this->ErrLevel[$error] <= $this->WarningLevel)
echo "<b>Error : </b>".eval(str_replace("#","$",$this->ErrMessages[$error]));
}
  }
}
?>

Fisier : admin.php

Code:

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.1//EN' 'http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd'>

<html xmlns='http://www.w3.org/1999/xhtml'>
  <head>
   <title>Web Security System - Admin Panel</title>
   <meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1' />
   <meta http-equiv='content-style-type' content='text/css' />
   <link rel='stylesheet' href='extream.css' type='text/css' />
  </head>

  <body>
   <div style='height:30px'><br /></div>

<?php

  $user = "user";
  $pass = "pass";

  $connection = array("server" => "localhost",
   "user" => "user",
"pass" => "password",
"database" => "prt_system");


  $TablePrefix = "prt_sys_"; // Table Prefixes
  $TableMain = "main"; // Store every attack
  $TableAttackers = "attackers"; // Store attackers that will be followed from now on
  $TableCache = "cache"; // Store informations about attackers which are we following



  mysql_connect($connection['server'],$connection['user'],$connection['pass']) or die("Could not connect to server.");
  mysql_select_db($connection["database"]) or die("Could not connect to database");

  $auth = md5($_SERVER['REMOTE_ADDR'].md5($user.md5($pass)));
  $cookie = $_COOKIE['admin_auth'];

  if(!isset($_POST['user'])) $_POST['user'] = '';
  if(!isset($_POST['pass'])) $_POST['pass'] = '';
  if (!$user || !$pass)
  {
echo "Admin username or password missing from config."; exit;
  }
  elseif ($pass == "pass")
  {
echo "Admin password must be changed from default."; exit;
  }
  elseif ($cookie == $auth)
  {
setcookie("admin_auth", $auth, (time() + (60 * 60 * 24)), "/");
define("PRT_SYSTEM_ADMIN", "1");
  }
  elseif ($user == $_POST['user'] && $pass == $_POST['pass'])
  {
   echo "Welcome <b>".$user."</b> to Web Protection System admin panel!<font color='#FF0000'>This is restricted page!</font><br>";
setcookie("admin_auth", $auth, (time() + (60 * 60 * 24)), "/");
define("PRT_SYSTEM_ADMIN", "1");
  }

  if (defined("PRT_SYSTEM_ADMIN"))
  {

   if(isset($_GET['pg']))
{
switch($_GET['pg'])
{
case "attackers":
if(isset($_POST['submit']))
{
$query = mysql_query("SELECT * FROM `{$TablePrefix}{$TableAttackers}`");
while($row = mysql_fetch_array($query))
{
if(isset($_POST['opt'.$row['id']]))
{
switch($_POST['opt'.$row['id']])
{
case "flw":
mysql_query("UPDATE `{$TablePrefix}{$TableAttackers}` SET follow = '".($row['follow'] ? 0 : 1)."' WHERE id = {$row['id']}") or die(mysql_error());
break;
case "delA":
mysql_query("DELETE FROM `{$TablePrefix}{$TableAttackers}` WHERE id = {$row['id']}") or die(mysql_error());
break;
case "delAA":
mysql_query("DELETE FROM `{$TablePrefix}{$TableCache}` WHERE ip = '".$row['ip']."'") or die(mysql_error());
break;
case "delAll":
mysql_query("DELETE FROM `{$TablePrefix}{$TableMain}` WHERE ip = '".$row['ip']."'") or die(mysql_error());
break;
}
}
}
}
$query = mysql_query("SELECT * FROM `{$TablePrefix}{$TableAttackers}`");
if(mysql_num_rows($query) >= 1)
{
echo "
<form method='post' action=''>
<table cellspacing='6' cellpadding='0' style='margin:auto'>
<tr>
<td style='text-align:center;white-space:nowrap'><b> [ ID ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Attacker IP ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Detected date ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Follow ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Actions ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Logs ] </b></td>
</tr>";
$i = 1;
while($row = mysql_fetch_array($query))
{
echo "
<tr>
<td style='text-align:center'> {$i} </td>
<td style='text-align:center'> {$row['ip']} </td>
<td style='text-align:center'> {$row['time']} </td>
<td style='text-align:center'> ".($row['follow'] ? "<font color='#00FF00'>YES</font>" : "<font color='#FF0000'>NO</font>" )." </td>
<td style='text-align:center'>
<select name='opt{$row['id']}'>
<option value=''>No action</option>
<option value='flw'>".($row['follow'] ? "Stop following" : "Start following")."</option>
<option value='delA'>Delete attacker</option>
<option value='delAA'>Delete cache</option>
<option value='delAll'>Delete all attacks</option>
</select>
</td>
<td style='text-align:center'> <a href='{$_SERVER['PHP_SELF']}?pg=follow&id=".$row['id']."'>Logs</a> </td>
</tr>";
$i++;
}
echo "<tr><td></td><td></td><td></td><td><input type='submit' name='submit' value='Submit'/></td><td></td></tr></table></form>";
}
else
{
echo "Web Security System : <font color='#00FF00'>Security OK</font><br>";
}
echo " [ <a href='javascript:void(0)' onclick='history.go(-1)'>Go back</a> ]";
break;
case "follow":
if((isset($_GET['id']) && is_numeric($_GET['id'])) || isset($_GET['ip']))
{
if(isset($_GET['id']))
$query = mysql_query("SELECT * FROM `{$TablePrefix}{$TableAttackers}` WHERE id = {$_GET['id']}") or die(mysql_error());
else
{
$_GET['ip'] = mysql_real_escape_string($_GET['ip']);
$query = mysql_query("SELECT * FROM `{$TablePrefix}{$TableAttackers}` WHERE ip = '".$_GET['ip']."'") or die(mysql_error());
}

if(mysql_num_rows($query) >= 1)
{

$row = mysql_fetch_array($query);
$ip = $row['ip']; $id = $row['id'];
if(isset($_POST['submit']) && $_POST['submit'] == "Delete selected")
{
$q = mysql_query("SELECT * FROM `{$TablePrefix}{$TableCache}` WHERE ip = '{$ip}'") or die(mysql_error());
while($ro = mysql_fetch_array($q))
{
if(isset($_POST['del'.$ro['id']]))
mysql_query("DELETE FROM `{$TablePrefix}{$TableCache}` WHERE id = {$ro['id']}") or die(mysql_error());
}
}

if(isset($_POST['submit']) && $_POST['submit'] == "Delete selected threats")
{
$q = mysql_query("SELECT * FROM `{$TablePrefix}{$TableMain}` WHERE ip = '{$ip}'") or die(mysql_error());
while($ro = mysql_fetch_array($q))
{
if(isset($_POST['del'.$ro['id']]))
mysql_query("DELETE FROM `{$TablePrefix}{$TableMain}` WHERE id = {$ro['id']}") or die(mysql_error());
}
}

echo "<div align='center'><h3> Attacker informations : </h3></div>";
echo "
<table cellspacing='4' cellpadding='0' style='margin:auto'>
<tr>
<td style='text-align:center;white-space:nowrap'><b> [ ID ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Attacker IP ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Detected date ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Follow ] </b></td>
</tr>
<tr>
<td style='text-align:center'> {$row['id']} </td>
<td style='text-align:center'> {$row['ip']} </td>
<td style='text-align:center'> {$row['time']} </td>
<td style='text-align:center'> ".($row['follow'] ? "<font color='#00FF00'>YES</font>" : "<font color='#FF0000'>NO</font>" )." </td>
</tr></table>
";
$query2 = mysql_query("SELECT * FROM `{$TablePrefix}{$TableCache}` WHERE ip = '{$ip}'") or die(mysql_error());
if(mysql_num_rows($query2) >= 1)
{
echo "
<div align='center'><h3> Attacker Cache : </h3></div><br>
<form method='post' action=''>
<table border='1' cellspacing='4' cellpadding='0' style='margin:auto'>
<tr>
<td style='text-align:center;white-space:nowrap'><b> [ ID ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Browser ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Time ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Page ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Delete ] </b></td>
</tr>";
$i = 1;
while($row = mysql_fetch_array($query2))
{
echo "
<tr>
<td style='text-align:center'> <b>{$i}</b> </td>
<td style='text-align:center'> ".substr($row['browser'],0,40)." </td>
<td style='text-align:center'> {$row['time']} </td>
<td style='text-align:center'> ".htmlspecialchars($row['attack'])." </td>
<td style='text-align:center'> <input name='del".$row['id']."' type='checkbox' value=' '>
</tr>";
$i++;
}
echo "
</table><br><div align='center'><input type='submit' name='submit' value='Delete selected'/></div></form>";
}

$query3 = mysql_query("SELECT * FROM `{$TablePrefix}{$TableMain}` WHERE ip = '{$ip}'") or die(mysql_error());
if(mysql_num_rows($query3) >= 1)
{
echo "
<div align='center'><h3> Attacker real threats : </h3></div><br>
<form method='post' action=''>
<table border='1' cellspacing='4' cellpadding='0' style='margin:auto'>
<tr>
<td style='text-align:center;white-space:nowrap'><b> [ ID ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Browser ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Time ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Page ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Attack type ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Variable Focus ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Delete ] </b></td>
</tr>";
$i = 1;
while($row = mysql_fetch_array($query3))
{
echo "
<tr>
<td style='text-align:center'> <b>{$i}</b> </td>
<td style='text-align:center'> ".htmlspecialchars(substr($row['browser'],0,40))." </td>
<td style='text-align:center'> {$row['time']} </td>
<td style='text-align:center'> ".htmlspecialchars($row['attack'])." </td>
<td style='text-align:center'> <font color='#FF0000'>{$row['type']}</font> </td>
<td style='text-align:center'> ".htmlspecialchars($row['variable'])." </td>
<td style='text-align:center'> <input name='del".$row['id']."' type='checkbox' value=' '>
</tr>";
$i++;
}
echo "
</table><br><div align='center'><input type='submit' name='submit' value='Delete selected threats'/></div></form>";
}
}
else
{
echo "Invalid ID!";
}
}
echo " [ <a href='javascript:void(0)' onclick='history.go(-1)'>Go back</a> ]<br><br>";
break;
case "attacks":

$query = mysql_query("SELECT * FROM `{$TablePrefix}{$TableMain}`") or die(mysql_error());
if(mysql_num_rows($query) >= 1)
{

if(isset($_POST['submit']) && $_POST['submit'] == "Delete selected threats")
{
$q = mysql_query("SELECT * FROM `{$TablePrefix}{$TableMain}`") or die(mysql_error());
while($ro = mysql_fetch_array($q))
{
if(isset($_POST['del'.$ro['id']]))
mysql_query("DELETE FROM `{$TablePrefix}{$TableMain}` WHERE id = {$ro['id']}") or die(mysql_error());
}
}
echo "
<div align='center'><h3> Attacks detected by Web Security System : </h3></div><br>
<form method='post' action=''>
<table border='1' cellspacing='4' cellpadding='0' style='margin:auto'>
<tr>
<td style='text-align:center;white-space:nowrap'><b> [ ID ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Attacker IP ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Browser ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Time ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Page ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Attack type ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Variable Focus ] </b></td>
<td style='text-align:center;white-space:nowrap'><b> [ Delete ] </b></td>
</tr>";
$i = 1;
$query = mysql_query("SELECT * FROM `{$TablePrefix}{$TableMain}`") or die(mysql_error());
while($row = mysql_fetch_array($query))
{
echo "
<tr>
<td style='text-align:center'> <b>{$i}</b> </td>
<td style='text-align:center'> <a href='".$_SERVER['PHP_SELF']."?pg=follow&ip=".$row['ip']."'><b>".$row['ip']."</b></a> </td>
<td style='text-align:center'> ".htmlspecialchars(substr($row['browser'],0,40))." </td>
<td style='text-align:center'> {$row['time']} </td>
<td style='text-align:center'> ".htmlspecialchars($row['attack'])." </td>
<td style='text-align:center'> <font color='#FF0000'>{$row['type']}</font> </td>
<td style='text-align:center'> ".htmlspecialchars($row['variable'])." </td>
<td style='text-align:center'> <input name='del".$row['id']."' type='checkbox' value=' '>
</tr>";
$i++;
}
echo "
</table><br><div align='center'><input type='submit' name='submit' value='Delete selected threats'/></div></form>";
}
else
{
echo "Web Security System : <font color='#00FF00'>Security OK</font><br>";
}
echo " [ <a href='javascript:void(0)' onclick='history.go(-1)'>Go back</a> ]";
break;
default:
echo "
<div><b> Menu </b></div>
<div> # <a href='?pg=attackers'><b>Show attackers</b></a></div>
<div> # <a href='?pg=attacks'><b>Show attacks</b></a></div>
";
break;
}
}
else
{
echo "
<div><b> Menu </b></div>
<div> # <a href='?pg=attackers'><b>Show attackers</b></a></div>
<div> # <a href='?pg=attacks'><b>Show attacks</b></a></div>
";
}
  }
  else
  {?>
   <form method='post' action='' name='submit'>
   <table style='margin:auto; text-align:center'>
   <tr>
   <td>
   Username :
   </td>
   <td>
   <input type='text' name='user' value='' />
   </td>
   </tr>
   <tr>
   <td>
   Password :
   </td>
   <td>
   <input type='password' name='pass' value='' />
   </td>
   </tr>
   <tr>
   <td colspan='2'>
   <input type='submit' name='admin_login' value='Login' />
   </td>
   </tr>
   </table>
   </form>
<?php }
?>
</body>
</html>

Tabelele Mysql

Code:

CREATE TABLE `prt_sys_attackers` (
  `id` int(11) NOT NULL auto_increment,
  `ip` char(255) NOT NULL,
  `follow` smallint(6) NOT NULL,
  `time` char(255) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=40 ;

CREATE TABLE `prt_sys_cache` (
  `id` int(11) NOT NULL auto_increment,
  `ip` char(255) NOT NULL,
  `browser` char(255) NOT NULL,
  `time` char(255) NOT NULL,
  `attack` text NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=58 ;

CREATE TABLE `prt_sys_main` (
  `id` int(11) NOT NULL auto_increment,
  `ip` char(255) NOT NULL,
  `browser` char(255) NOT NULL,
  `time` char(255) NOT NULL,
  `attack` text NOT NULL,
  `type` char(50) NOT NULL,
  `variable` text NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=85 ;