360safe安全卫士防网站攻击源码
2024-06-20 17:41:06
近段时间,公司网站老被攻击,于是研究起防止攻击方法,当然无外乎就是SQL注入之类的问题,无意间发现了一个360安全卫士提供的源码,觉得挺好的,咋们暂且不说防攻击效果,至少思路是很好的,奉献给大家,大家也可以去360漏洞检查网站去下载。
360webscan.php
<?php
webscan_error();
//引用配置文件
require_once('webscan_cache.php');
//防护脚本版本号
define("WEBSCAN_VERSION", '0.1.1.9');
//防护脚本MD5值
define("WEBSCAN_MD5", md5(@file_get_contents(__FILE__)));
//get拦截规则
$getfilter = "<[^>]*?=[^>]*?&#[^>]*?>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b[^>]*?>|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//post拦截规则
$postfilter = "<[^>]*?=[^>]*?&#[^>]*?>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b[^>]*?>|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//cookie拦截规则
$cookiefilter = "\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//获取指令
$webscan_action = isset($_POST['webscan_act'])&&webscan_cheack() ? trim($_POST['webscan_act']) : '';
//referer获取
$webscan_referer = empty($_SERVER['HTTP_REFERER']) ? array() : array('HTTP_REFERER'=>$_SERVER['HTTP_REFERER']);class webscan_http {var $method;var $post;var $header;var $ContentType;function __construct() {$this->method = '';$this->cookie = '';$this->post = '';$this->header = '';$this->errno = 0;$this->errstr = '';}function post($url, $data = array(), $referer = '', $limit = 0, $timeout = 30, $block = TRUE) {$this->method = 'POST';$this->ContentType = "Content-Type: application/x-www-form-urlencoded\r\n";if($data) {$post = '';foreach($data as $k=>$v) {$post .= $k.'='.rawurlencode($v).'&';}$this->post .= substr($post, 0, -1);}return $this->request($url, $referer, $limit, $timeout, $block);}function request($url, $referer = '', $limit = 0, $timeout = 30, $block = TRUE) {$matches = parse_url($url);$host = $matches['host'];$path = $matches['path'] ? $matches['path'].($matches['query'] ? '?'.$matches['query'] : '') : '/';$port = $matches['port'] ? $matches['port'] : 80;if($referer == '') $referer = URL;$out = "$this->method $path HTTP/1.1\r\n";$out .= "Accept: */*\r\n";$out .= "Referer: $referer\r\n";$out .= "Accept-Language: zh-cn\r\n";$out .= "User-Agent: ".$_SERVER['HTTP_USER_AGENT']."\r\n";$out .= "Host: $host\r\n";if($this->method == 'POST') {$out .= $this->ContentType;$out .= "Content-Length: ".strlen($this->post)."\r\n";$out .= "Cache-Control: no-cache\r\n";$out .= "Connection: Close\r\n\r\n";$out .= $this->post;} else {$out .= "Connection: Close\r\n\r\n";}if($timeout > ini_get('max_execution_time')) @set_time_limit($timeout);$fp = @fsockopen($host, $port, $errno, $errstr, $timeout);$this->post = '';if(!$fp) {return false;} else {stream_set_blocking($fp, $block);stream_set_timeout($fp, $timeout);fwrite($fp, $out);$this->data = '';$status = stream_get_meta_data($fp);if(!$status['timed_out']) {$maxsize = min($limit, 1024000);if($maxsize == 0) $maxsize = 1024000;$start = false;while(!feof($fp)) {if($start) {$line = fread($fp, $maxsize);if(strlen($this->data) > $maxsize) break;$this->data .= $line;} else {$line = fgets($fp);$this->header .= $line;if($line == "\r\n" || $line == "\n") $start = true;}}}fclose($fp);return "200";}}}/*** 关闭用户错误提示*/
function webscan_error() {if (ini_get('display_errors')) {ini_set('display_errors', '0');}
}/*** 验证是否是官方发出的请求*/
function webscan_cheack() {if($_POST['webscan_rkey']==WEBSCAN_U_KEY){return true;}return false;
}
/*** 数据统计回传*/
function webscan_slog($logs) {if(! function_exists('curl_init')) {$http=new webscan_http();$http->post(WEBSCAN_API_LOG,$logs);}else{webscan_curl(WEBSCAN_API_LOG,$logs);}
}
/*** 参数拆分*/
function webscan_arr_foreach($arr) {static $str;if (!is_array($arr)) {return $arr;}foreach ($arr as $key => $val ) {if (is_array($val)) {webscan_arr_foreach($val);} else {$str[] = $val;}}return implode($str);
}
/*** 新版文件md5值效验*/
function webscan_updateck($ve) {if($ve!=WEBSCAN_MD5){return true;}return false;
}/*** 防护提示页*/
function webscan_pape(){$pape=<<<HTML<html><body style="margin:0; padding:0"><center><iframe width="100%" align="center" height="870" frameborder="0" scrolling="no" src="http://safe.webscan.360.cn/stopattack.html"></iframe></center></body></html>
HTML;echo $pape;
}/*** 攻击检查拦截*/
function webscan_StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq,$method) {$StrFiltValue=webscan_arr_foreach($StrFiltValue);if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){webscan_slog(array('ip' => $_SERVER["REMOTE_ADDR"],'time'=>strftime("%Y-%m-%d %H:%M:%S"),'page'=>$_SERVER["PHP_SELF"],'method'=>$method,'rkey'=>$StrFiltKey,'rdata'=>$StrFiltValue,'user_agent'=>$_SERVER['HTTP_USER_AGENT'],'request_url'=>$_SERVER["REQUEST_URI"]));exit(webscan_pape());}if (preg_match("/".$ArrFiltReq."/is",$StrFiltKey)==1){webscan_slog(array('ip' => $_SERVER["REMOTE_ADDR"],'time'=>strftime("%Y-%m-%d %H:%M:%S"),'page'=>$_SERVER["PHP_SELF"],'method'=>$method,'rkey'=>$StrFiltKey,'rdata'=>$StrFiltKey,'user_agent'=>$_SERVER['HTTP_USER_AGENT'],'request_url'=>$_SERVER["REQUEST_URI"]));exit(webscan_pape());}}
/*** 拦截目录白名单*/
function webscan_white($webscan_white_name,$webscan_white_url=array()) {$url_path=$_SERVER['PHP_SELF'];$url_var=$_SERVER['QUERY_STRING'];if (preg_match("/".$webscan_white_name."/is",$url_path)==1) {return false;}foreach ($webscan_white_url as $key => $value) {if(!empty($url_var)&&!empty($value)){if (stristr($url_path,$key)&&stristr($url_var,$value)) {return false;}}elseif (empty($url_var)&&empty($value)) {if (stristr($url_path,$key)) {return false;}}}return true;
}/*** curl方式提交*/
function webscan_curl($url , $postdata = array()){$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);curl_setopt($ch, CURLOPT_TIMEOUT, 15);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);$response = curl_exec($ch);$httpcode = curl_getinfo($ch,CURLINFO_HTTP_CODE);curl_close($ch);return array('httpcode'=>$httpcode,'response'=>$response);
}if($webscan_action=='update') {//文件更新操作$webscan_update_md5=md5(@file_get_contents(WEBSCAN_UPDATE_FILE));if (webscan_updateck($webscan_update_md5)){if (!file_exists(dirname(__FILE__).'/caches_webscan')){if (@mkdir(dirname(__FILE__).'/caches_webscan',755)) {}else{exit("file_failed");}}@file_put_contents(dirname(__FILE__).'/caches_webscan/'."update_360.dat", @file_get_contents(WEBSCAN_UPDATE_FILE));if(copy(__FILE__,dirname(__FILE__).'/caches_webscan/'."bak_360.dat")&&filesize(dirname(__FILE__).'/caches_webscan/'."update_360.dat")>500&&md5(@file_get_contents(dirname(__FILE__).'/caches_webscan/'."update_360.dat"))==$webscan_update_md5){if (!copy(dirname(__FILE__).'/caches_webscan/'."update_360.dat",__FILE__)){copy(dirname(__FILE__).'/caches_webscan/'."bak_360.dat",__FILE__);exit("copy_failed");}unlink(dirname(__FILE__).'/caches_webscan/'."update_360.dat");exit("update_success");}unlink(dirname(__FILE__).'/caches_webscan/'."update_360.dat");exit("failed");}else{exit("news");}}elseif($webscan_action=="ckinstall") {//验证安装与版本信息if(! function_exists('curl_init')){$web_code=new webscan_http();$httpcode=$web_code->request("http://safe.webscan.360.cn");}else{$web_code=webscan_curl("http://safe.webscan.360.cn");$httpcode=$web_code['httpcode'];}exit("1".":".WEBSCAN_VERSION.":".WEBSCAN_MD5.":".WEBSCAN_U_KEY.":".$httpcode);
}if ($webscan_switch&&webscan_white($webscan_white_directory,$webscan_white_url)) {if ($webscan_get) {foreach($_GET as $key=>$value) {webscan_StopAttack($key,$value,$getfilter,"GET");}}if ($webscan_post) {foreach($_POST as $key=>$value) {webscan_StopAttack($key,$value,$postfilter,"POST");}}if ($webscan_cookie) {foreach($_COOKIE as $key=>$value) {webscan_StopAttack($key,$value,$cookiefilter,"COOKIE");}}if ($webscan_referre) {foreach($webscan_referer as $key=>$value) {webscan_StopAttack($key,$value,$postfilter,"REFERRER");}}
}?>
webscan_cache.php
<?php
//用户唯一key
define('WEBSCAN_U_KEY', '网站生成的KEY');
//数据回调统计地址
define('WEBSCAN_API_LOG', 'http://safe.webscan.360.cn/papi/log/?key='.WEBSCAN_U_KEY);
//版本更新地址
define('WEBSCAN_UPDATE_FILE','http://safe.webscan.360.cn/papi/update/?key='.WEBSCAN_U_KEY);
//拦截开关(1为开启,0关闭)
$webscan_switch=1;
//提交方式拦截(1开启拦截,0关闭拦截,post,get,cookie,referre选择需要拦截的方式)
$webscan_post=1;
$webscan_get=1;
$webscan_cookie=1;
$webscan_referre=1;
//后台白名单,后台操作将不会拦截,添加"|"隔开白名单目录下面默认是网址带 admin /dede/ 放行
$webscan_white_directory='admin|\/dede\/';
//url白名单,可以自定义添加url白名单,默认是对phpcms的后台url放行
//写法:比如phpcms 后台操作url index.php?m=admin php168的文章提交链接post.php?job=postnew&step=post ,dedecms 空间设置edit_space_info.php
$webscan_white_url = array('index.php' => 'm=admin','post.php' => 'job=postnew&step=post','edit_space_info.php'=>'');
?>
源码下载:http://files.cnblogs.com/mengdejun/360safe.zip
转载于:https://www.cnblogs.com/mengdejun/p/3387869.html
360safe安全卫士防网站攻击源码相关推荐
- 基于Java毕业设计新型冠状病毒防控咨询网站2020源码+系统+mysql+lw文档+部署软件
基于Java毕业设计新型冠状病毒防控咨询网站2020源码+系统+mysql+lw文档+部署软件 基于Java毕业设计新型冠状病毒防控咨询网站2020源码+系统+mysql+lw文档+部署软件 本源码技 ...
- java毕业生设计疫情防控网站计算机源码+系统+mysql+调试部署+lw
java毕业生设计疫情防控网站计算机源码+系统+mysql+调试部署+lw java毕业生设计疫情防控网站计算机源码+系统+mysql+调试部署+lw 本源码技术栈: 项目架构:B/S架构 开发语言: ...
- 2021最新PHP域名防封系统源码4.0+后台管理功能+个人免签支付接口网站源码
这是一款最新的域名防封系统源码,带有后台管理系统,带有充值功能,对接个人免签支付(码支付) 功能还是不错的,感兴趣的拿去研究!带有配置教程! 站长测试环境:PHP5.4+MYSQL5.6 1.导入数据 ...
- 基于Java毕业设计校园疫情防控管理系统源码+系统+mysql+lw文档+部署软件
基于Java毕业设计校园疫情防控管理系统源码+系统+mysql+lw文档+部署软件 基于Java毕业设计校园疫情防控管理系统源码+系统+mysql+lw文档+部署软件 本源码技术栈: 项目架构:B/S ...
- 计算机毕业设计Java高原特色农产品网站设计(源码+系统+mysql数据库+Lw文档)
计算机毕业设计Java高原特色农产品网站设计(源码+系统+mysql数据库+Lw文档) 计算机毕业设计Java高原特色农产品网站设计(源码+系统+mysql数据库+Lw文档) 本源码技术栈: 项目架构 ...
- JAVA毕业设计家用电器销售网站计算机源码+lw文档+系统+调试部署+数据库
JAVA毕业设计家用电器销售网站计算机源码+lw文档+系统+调试部署+数据库 JAVA毕业设计家用电器销售网站计算机源码+lw文档+系统+调试部署+数据库 本源码技术栈: 项目架构:B/S架构 开发语 ...
- 2022新版域名防红系统源码
介绍: 2022新版域名防红系统源码,管理会员制度渠道,掌管多种服务,黑白名单管理邮箱配置生成提醒发送对接易支付进行交易,订单列表,带有各种短网址功能提供接口对接,实现短网址+防红两不误,可自定义多中 ...
- java毕业生设计学术会议信息网站计算机源码+系统+mysql+调试部署+lw
java毕业生设计学术会议信息网站计算机源码+系统+mysql+调试部署+lw java毕业生设计学术会议信息网站计算机源码+系统+mysql+调试部署+lw 本源码技术栈: 项目架构:B/S架构 开 ...
- JAVA毕业设计花卉网站计算机源码+lw文档+系统+调试部署+数据库
JAVA毕业设计花卉网站计算机源码+lw文档+系统+调试部署+数据库 JAVA毕业设计花卉网站计算机源码+lw文档+系统+调试部署+数据库 本源码技术栈: 项目架构:B/S架构 开发语言:Java语言 ...
最新文章
- 顺序表-删除所有元素值为x结点(相等加一,不等前移k)
- Git011--分支管理策略
- 检索数据表中重复的记录
- boot.ini文件解密
- eclipse导入Java文件后出现中文乱码
- 一步一步实现自己的模拟控件(5)——隐藏类
- 2015蓝桥杯省赛---java---C---2(立方尾不变)
- 一款精美的漂亮的EMLOG模板
- php 5.4日志文件在哪里,我的错误日志文件在哪里?(Where are my error log files?)
- functions.php隐藏恶意代码,警惕WordPress主题functions.php包含的恶意代码
- 五款机房教学管理系统,你的教室安装了吗
- 测试用例设计方法有哪些?
- 7-4 华氏度转摄氏度 (5分) java
- MySQL窗口函数(分组内排序、筛选)
- java发微信_java实现微信发送消息
- typroa 思维导图_巧用Markdown和百度脑图
- 用vue实现类ant Design的日历组件
- Efficient Image Dehazing with Boundary Constraint and Contextual Regularization
- Redis-3-Java搭建Redis
- Pad application for ordering (应用之酒店点菜系统)