近段時間,公司網站老被攻擊,於是研究起防止攻擊方法,當然無外乎就是SQL注入之類的問題,無意間發現了一個360安全衛士提供的原始碼,覺得挺好的,咋們暫且不說防攻擊效果,至少思路是很好的,奉獻給大家,大家也可以去360漏洞檢查網站去下載。
360webscan.php
<?php
webscan_error();
//引用配置檔案
require_once('webscan_cache.php');
//防護指令碼版本號
define("WEBSCAN_VERSION", '0.1.1.9');
//防護指令碼MD5值
define("WEBSCAN_MD5", md5(@file_get_contents(__FILE__)));
//get攔截規則
$getfilter = "<[^>]*?=[^>]*?&#[^>]*?>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b[^>]*?>|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//post攔截規則
$postfilter = "<[^>]*?=[^>]*?&#[^>]*?>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b[^>]*?>|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//cookie攔截規則
$cookiefilter = "\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//獲取指令
$webscan_action = isset($_POST['webscan_act'])&&webscan_cheack() ? trim($_POST['webscan_act']) : '';
//referer獲取
$webscan_referer = empty($_SERVER['HTTP_REFERER']) ? array() : array('HTTP_REFERER'=>$_SERVER['HTTP_REFERER']); class webscan_http {
var $method;
var $post;
var $header;
var $ContentType; function __construct() {
$this->method = '';
$this->cookie = '';
$this->post = '';
$this->header = '';
$this->errno = 0;
$this->errstr = '';
} function post($url, $data = array(), $referer = '', $limit = 0, $timeout = 30, $block = TRUE) {
$this->method = 'POST';
$this->ContentType = "Content-Type: application/x-www-form-urlencoded\r\n";
if($data) {
$post = '';
foreach($data as $k=>$v) {
$post .= $k.'='.rawurlencode($v).'&';
}
$this->post .= substr($post, 0, -1);
}
return $this->request($url, $referer, $limit, $timeout, $block);
} function request($url, $referer = '', $limit = 0, $timeout = 30, $block = TRUE) {
$matches = parse_url($url);
$host = $matches['host'];
$path = $matches['path'] ? $matches['path'].($matches['query'] ? '?'.$matches['query'] : '') : '/';
$port = $matches['port'] ? $matches['port'] : 80;
if($referer == '') $referer = URL;
$out = "$this->method $path HTTP/1.1\r\n";
$out .= "Accept: */*\r\n";
$out .= "Referer: $referer\r\n";
$out .= "Accept-Language: zh-cn\r\n";
$out .= "User-Agent: ".$_SERVER['HTTP_USER_AGENT']."\r\n";
$out .= "Host: $host\r\n";
if($this->method == 'POST') {
$out .= $this->ContentType;
$out .= "Content-Length: ".strlen($this->post)."\r\n";
$out .= "Cache-Control: no-cache\r\n";
$out .= "Connection: Close\r\n\r\n";
$out .= $this->post;
} else {
$out .= "Connection: Close\r\n\r\n";
}
if($timeout > ini_get('max_execution_time')) @set_time_limit($timeout);
$fp = @fsockopen($host, $port, $errno, $errstr, $timeout);
$this->post = '';
if(!$fp) {
return false;
} else {
stream_set_blocking($fp, $block);
stream_set_timeout($fp, $timeout);
fwrite($fp, $out);
$this->data = '';
$status = stream_get_meta_data($fp);
if(!$status['timed_out']) {
$maxsize = min($limit, 1024000);
if($maxsize == 0) $maxsize = 1024000;
$start = false;
while(!feof($fp)) {
if($start) {
$line = fread($fp, $maxsize);
if(strlen($this->data) > $maxsize) break;
$this->data .= $line;
} else {
$line = fgets($fp);
$this->header .= $line;
if($line == "\r\n" || $line == "\n") $start = true;
}
}
}
fclose($fp);
return "200";
}
} } /**
* 關閉使用者錯誤提示
*/
function webscan_error() {
if (ini_get('display_errors')) {
ini_set('display_errors', '0');
}
} /**
* 驗證是否是官方發出的請求
*/
function webscan_cheack() {
if($_POST['webscan_rkey']==WEBSCAN_U_KEY){
return true;
}
return false;
}
/**
* 資料統計回傳
*/
function webscan_slog($logs) {
if(! function_exists('curl_init')) {
$http=new webscan_http();
$http->post(WEBSCAN_API_LOG,$logs);
}
else{
webscan_curl(WEBSCAN_API_LOG,$logs);
}
}
/**
* 引數拆分
*/
function webscan_arr_foreach($arr) {
static $str;
if (!is_array($arr)) {
return $arr;
}
foreach ($arr as $key => $val ) { if (is_array($val)) { webscan_arr_foreach($val);
} else { $str[] = $val;
}
}
return implode($str);
}
/**
* 新版檔案md5值效驗
*/
function webscan_updateck($ve) {
if($ve!=WEBSCAN_MD5)
{
return true;
}
return false;
} /**
* 防護提示頁
*/
function webscan_pape(){
$pape=<<<HTML
<html>
<body style="margin:0; padding:0">
<center><iframe width="100%" align="center" height="870" frameborder="0" scrolling="no" src="http://safe.webscan.360.cn/stopattack.html"></iframe></center>
</body>
</html>
HTML;
echo $pape;
} /**
* 攻擊檢查攔截
*/
function webscan_StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq,$method) {
$StrFiltValue=webscan_arr_foreach($StrFiltValue);
if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){
webscan_slog(array('ip' => $_SERVER["REMOTE_ADDR"],'time'=>strftime("%Y-%m-%d %H:%M:%S"),'page'=>$_SERVER["PHP_SELF"],'method'=>$method,'rkey'=>$StrFiltKey,'rdata'=>$StrFiltValue,'user_agent'=>$_SERVER['HTTP_USER_AGENT'],'request_url'=>$_SERVER["REQUEST_URI"]));
exit(webscan_pape());
}
if (preg_match("/".$ArrFiltReq."/is",$StrFiltKey)==1){
webscan_slog(array('ip' => $_SERVER["REMOTE_ADDR"],'time'=>strftime("%Y-%m-%d %H:%M:%S"),'page'=>$_SERVER["PHP_SELF"],'method'=>$method,'rkey'=>$StrFiltKey,'rdata'=>$StrFiltKey,'user_agent'=>$_SERVER['HTTP_USER_AGENT'],'request_url'=>$_SERVER["REQUEST_URI"]));
exit(webscan_pape());
} }
/**
* 攔截目錄白名單
*/
function webscan_white($webscan_white_name,$webscan_white_url=array()) {
$url_path=$_SERVER['PHP_SELF'];
$url_var=$_SERVER['QUERY_STRING'];
if (preg_match("/".$webscan_white_name."/is",$url_path)==1) {
return false;
}
foreach ($webscan_white_url as $key => $value) {
if(!empty($url_var)&&!empty($value)){
if (stristr($url_path,$key)&&stristr($url_var,$value)) {
return false;
}
}
elseif (empty($url_var)&&empty($value)) {
if (stristr($url_path,$key)) {
return false;
}
} } return true;
} /**
* curl方式提交
*/
function webscan_curl($url , $postdata = array()){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
$response = curl_exec($ch);
$httpcode = curl_getinfo($ch,CURLINFO_HTTP_CODE);
curl_close($ch);
return array('httpcode'=>$httpcode,'response'=>$response);
} if($webscan_action=='update') {
//檔案更新操作
$webscan_update_md5=md5(@file_get_contents(WEBSCAN_UPDATE_FILE));
if (webscan_updateck($webscan_update_md5))
{
if (!file_exists(dirname(__FILE__).'/caches_webscan'))
{
if (@mkdir(dirname(__FILE__).'/caches_webscan',755)) {
}
else{
exit("file_failed");
}
}
@file_put_contents(dirname(__FILE__).'/caches_webscan/'."update_360.dat", @file_get_contents(WEBSCAN_UPDATE_FILE)); if(copy(__FILE__,dirname(__FILE__).'/caches_webscan/'."bak_360.dat")&&filesize(dirname(__FILE__).'/caches_webscan/'."update_360.dat")>500&&md5(@file_get_contents(dirname(__FILE__).'/caches_webscan/'."update_360.dat"))==$webscan_update_md5)
{
if (!copy(dirname(__FILE__).'/caches_webscan/'."update_360.dat",__FILE__))
{
copy(dirname(__FILE__).'/caches_webscan/'."bak_360.dat",__FILE__);
exit("copy_failed");
}
unlink(dirname(__FILE__).'/caches_webscan/'."update_360.dat");
exit("update_success");
}
unlink(dirname(__FILE__).'/caches_webscan/'."update_360.dat");
exit("failed");
}
else{
exit("news");
} } elseif($webscan_action=="ckinstall") {
//驗證安裝與版本資訊
if(! function_exists('curl_init')){
$web_code=new webscan_http();
$httpcode=$web_code->request("http://safe.webscan.360.cn");
}
else{
$web_code=webscan_curl("http://safe.webscan.360.cn");
$httpcode=$web_code['httpcode'];
} exit("1".":".WEBSCAN_VERSION.":".WEBSCAN_MD5.":".WEBSCAN_U_KEY.":".$httpcode);
} if ($webscan_switch&&webscan_white($webscan_white_directory,$webscan_white_url)) {
if ($webscan_get) {
foreach($_GET as $key=>$value) {
webscan_StopAttack($key,$value,$getfilter,"GET");
}
}
if ($webscan_post) {
foreach($_POST as $key=>$value) {
webscan_StopAttack($key,$value,$postfilter,"POST");
}
}
if ($webscan_cookie) {
foreach($_COOKIE as $key=>$value) {
webscan_StopAttack($key,$value,$cookiefilter,"COOKIE");
}
}
if ($webscan_referre) {
foreach($webscan_referer as $key=>$value) {
webscan_StopAttack($key,$value,$postfilter,"REFERRER");
}
}
} ?>
webscan_cache.php
<?php
//使用者唯一key
define('WEBSCAN_U_KEY', '網站生成的KEY');
//資料回撥統計地址
define('WEBSCAN_API_LOG', 'http://safe.webscan.360.cn/papi/log/?key='.WEBSCAN_U_KEY);
//版本更新地址
define('WEBSCAN_UPDATE_FILE','http://safe.webscan.360.cn/papi/update/?key='.WEBSCAN_U_KEY);
//攔截開關(1為開啟,0關閉)
$webscan_switch=1;
//提交方式攔截(1開啟攔截,0關閉攔截,post,get,cookie,referre選擇需要攔截的方式)
$webscan_post=1;
$webscan_get=1;
$webscan_cookie=1;
$webscan_referre=1;
//後臺白名單,後臺操作將不會攔截,新增"|"隔開白名單目錄下面預設是網址帶 admin /dede/ 放行
$webscan_white_directory='admin|\/dede\/';
//url白名單,可以自定義新增url白名單,預設是對phpcms的後臺url放行
//寫法:比如phpcms 後臺操作url index.php?m=admin php168的文章提交連結post.php?job=postnew&step=post ,dedecms 空間設定edit_space_info.php
$webscan_white_url = array('index.php' => 'm=admin','post.php' => 'job=postnew&step=post','edit_space_info.php'=>'');
?>
原始碼下載:http://files.cnblogs.com/mengdejun/360safe.zip