Beating Script Kiddies Using Referer

[ Follow Ups ] [ Post Followup ] [ FileGods Message Board ] [ FAQ ]

Posted by FileGod (66.81.166.131) on December 29, 2005 at 04:05:30:

Here is some Perl code to catch the IP address of the person on you site, if you make this work on you message board there is a chance it could crash some users browsers & some browsers may get blocked from using you message board if you use this, I forget if this is the code I seen that crashes some browsers but I do not think so...

#!/usr/local/bin/perl
########################################################
# Getitex 1.0 #
# By Thomas Tsoi 26.7.99 #
# webmaster@cgi.com.hk #
########################################################
# #
# CGI.com.hk: #
# http://www.cgi.com.hk/ #
# #
# #################################################### #
# #
# You can distribute this script and use it freely as #
# long as this header is not edited in the script. #
# #
########################################################

# File storing IDs and URLs
$data = "/home/astronom/public_html/perl/data.txt";

# Domains which are allowed to access the files
@domains = ("astronomy.org.hk", "macuser.nildram.co.uk", "hkcampus.net");

############################################################
$id = $ENV{'QUERY_STRING'};
$referer = $ENV{'HTTP_REFERER'};

if ($id eq "") {
&InvalidID;
exit;
}

if (&CheckDomain == 1) {
if (&GetURL == 1) {
print "Location: $url\n\n";
}
else {
&InvalidID;
}
}
else {
&InvalidDomain;
exit;
}

################################
sub CheckDomain {
$referer =~ s/(http\:\/\/|ftp\:\/\/)//gi;
@temp = split(/\//, $referer);
$refer_domain = $temp[0];

$okay = 0;
foreach $domain (@domains) {
if ($refer_domain =~ /$domain/i) {
$okay = 1;
}
}
return $okay;
}

sub GetURL {
open(DATA, $data);
@lines = ;
close(DATA);

$found = 0;
foreach $line (@lines) {
($index, $location) = split(/\|/, $line);
if ($id eq $index) {
$found = 1;
$url = $location;
}
}
#print $found;
return $found;
}

sub InvalidID {
print "Content-type: text/html\n\n";
################################################ HTML to edit
print <

Error! Invalid ID.

END_OF_HTML
########################
}

sub InvalidDomain {
print "Content-type: text/html\n\n";
################################################# HTML to edit
print <

Web Hosting by Netfirms | Free Domain Names by Netfirms

Error! Request rejected.

END_OF_HTML
########################
}

FileGods Downloads & Search Engines

Follow Ups:

Re: Beating Script Kiddies Using Referer FileGod 02:47:00 12/30/05 (0)
Re: Beating Script Kiddies Using Referer FileGod 02:46:46 12/30/05 (0)
Re: Beating Script Kiddies Using Referer FileGod 02:33:11 12/30/05 (0)

Post a Followup

Name:
E-Mail:

Subject:

Comments:
: Here is some Perl code to catch the IP address of the person on you site, if you make this work on you message board there is a chance it could crash some users browsers & some browsers may get blocked from using you message board if you use this, I forget if this is the code I seen that crashes some browsers but I do not think so... : #!/usr/local/bin/perl : ######################################################## : # Getitex 1.0 # : # By Thomas Tsoi 26.7.99 # : # webmaster@cgi.com.hk # : ######################################################## : # # : # CGI.com.hk: # : # http://www.cgi.com.hk/ # : # # : # #################################################### # : # # : # You can distribute this script and use it freely as # : # long as this header is not edited in the script. # : # # : ######################################################## : # File storing IDs and URLs : $data = "/home/astronom/public_html/perl/data.txt"; : # Domains which are allowed to access the files : @domains = ("astronomy.org.hk", "macuser.nildram.co.uk", "hkcampus.net"); : ############################################################ : $id = $ENV{'QUERY_STRING'}; : $referer = $ENV{'HTTP_REFERER'}; : if ($id eq "") { : &InvalidID; : exit; : } : if (&CheckDomain == 1) { : if (&GetURL == 1) { : print "Location: $url\n\n"; : } : else { : &InvalidID; : } : } : else { : &InvalidDomain; : exit; : } : ################################ : sub CheckDomain { : $referer =~ s/(http\:\/\/|ftp\:\/\/)//gi; : @temp = split(/\//, $referer); : $refer_domain = $temp[0]; : $okay = 0; : foreach $domain (@domains) { : if ($refer_domain =~ /$domain/i) { : $okay = 1; : } : } : return $okay; : } : sub GetURL { : open(DATA, $data); : @lines = <DATA>; : close(DATA); : $found = 0; : foreach $line (@lines) { : ($index, $location) = split(/\|/, $line); : if ($id eq $index) { : $found = 1; : $url = $location; : } : } : #print $found; : return $found; : } : : sub InvalidID { : print "Content-type: text/html\n\n"; : ################################################ HTML to edit : print <<END_OF_HTML; : <html> : <body> : <h1>Error! Invalid ID.</h1> : </body> : </html> : END_OF_HTML : ######################## : } : sub InvalidDomain { : print "Content-type: text/html\n\n"; : ################################################# HTML to edit : print <<END_OF_HTML; : <html> : <body> : <h1>Error! Request rejected.</h1> : </body> : </html> : END_OF_HTML : ######################## : }

Optional Link URL:
Link Title:
Optional Image URL:

[ Follow Ups ] [ Post Followup ] [ FileGods Message Board ] [ FAQ ]