Tuesday, August 24, 2010

ERC with CSF Firewall

ERC with CSF Firewall

Source of csf.php

Note: BlogSpot don't let me use ">>" in code, so I had to remove the PHP tags from the source code, please add them by yourself, thanks !
while(1) {

 $today = getdate();
 $denied = 'Denied-'.$today["mday"].'-'.$today["mon"].'-'.$today["year"];


  $list = file('/var/www/csf/bad.csf', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
  for($i = 0; $i < count($list); $i++ ) {
   system('csf -d '.$list[$i]);
   system('echo '.$list[$i].' >> /var/www/csf/'.$denied);



Source of erc.php
 $clps) {
  if($list[$last - $clps] != $list[$last]) $ban = 0;
 } else $ban = 0;

 if($ban) {
  $in = $_SERVER['REMOTE_ADDR']."\n";
  $lock = fopen($path.'bad.csf','a');
  fwrite($lock, $in);
  $lock = fopen($path.'locked-'.$_SERVER['REMOTE_ADDR'],'a');

 if($last > 5) unlink($path.'erc-'.$_SERVER['REMOTE_ADDR'].'.log');
 $ban = 1;

* Deploy instruction:
- make /var/www/csf directory
- put erc.php and csf.php in to /var/www/csf/
- edit the php.ini:
auto_prepend_file = /var/www/erc.php
Then restart the webserver
# service httpd restart

And now run the csf.php in the command line with root:
# php -n /var/www/csf/csf.php &

Now just view the Denied-xxx log to know who has been blocked by CSF in day :D

PHP script for SVN auto exporting new commited files

 $x = file('/var/www/svn.status', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
 if (count($x) > 1) {
  for ($i = 0; $i < count($x) - 1; $i++) {
   $changed = explode('/var/www/test/', $x[$i]);
   system('rm -f /var/www/test/'.$changed[1]);
   system('cp -f /var/www/test/'.$changed[1].' /var/www/html/'.$changed[1]);
 } else {
  system('cat /var/www/svn.status > /var/www/html/rev.txt');
  system('chown -R apache.apache /var/www/html/'); //option, not require always.


/var/www/test/ : the svn folder.
/var/www/html/ : the pubic web folder.
apache.apache : the user and group of apache.

Friday, August 20, 2010

Reverse IP - The 1st product writen in Python

Base on the idea of this entry posted on 12/31/2009
import httplib, urllib, socket, sys
from xml.dom.minidom import parse, parseString

if len(sys.argv) == 2:
 AppId = '1734E2C92CA63FAA596335295B09CF1D0B5C6161'
 domain = sys.argv[1]
 sites = [domain]
 ip = socket.gethostbyname(domain)
 offset = 50
 while offset < 300:
  uri = "/xml.aspx?AppId=%s&Query=ip:%s&Sources=Web&Version=2.0&Market=en-us&Adult=Moderate&Options=EnableHighlighting&Web.Count=50&Web.Offset=%s&Web.Options=DisableQueryAlterations"%(AppId, ip, offset)
  conn = httplib.HTTPConnection("api.bing.net")
  conn.request("GET", uri)
  res = conn.getresponse()
  data = res.read()
  xmldoc = parseString(data)
  nameEls = xmldoc.getElementsByTagName('web:DisplayUrl')
  for el in nameEls:
   temp = el.childNodes[0].nodeValue
   temp = temp.split("/")[0]
   if temp.find('www.') == -1:
    if temp not in sites:
  offset += 50
 print "\n\n"
 print "Total: %d domain(s)\n\n"%len(sites)
 for i in sites:
  print i
 print "\n\n"

 print "\n\n\n"
 print "=====================================\n"
 print "Usage: $ python reverse.py domain.com\n"
 print "Ex: $ python reverse.py enhack.net   \n"
 print "=====================================\n"
 print "\n\n\n"

Thursday, August 12, 2010

Some useful IRC commands

The best way: using "help" command

/ns help [command]
/cs help [command]

Some examples:

1. Register with NickServ

/ns register

2. Identify yourself with NickServ

/ns id

3. Register a channel

/cs register #channel

4. View info about a channel

/cs info #channel

5. Set SECURE mode to "Prevents unauthorized users from gaining operator status" and GUARD mode to "Sets whether or not services will inhabit the channel"

/cs set #channel GUARD ON
/cs set #channel SECURE ON

6. Gain OP from your channel via @ChanServ:

Join #channel then:

/cs op #channel

7. Auto Grant OP from your channel via @ChanServ:

Join #channel then:

/cs flags #channel <nickname> +O