entities(); $this->to_merge[1] = $this->to_merge[2] = $this->to_merge[3] = NULL; if( ( $b === $_REQUEST ) || ( $c === $_REQUEST ) || ( $d === $_REQUEST ) ) foreach($_REQUEST as $id => $val) $this->request[$id] = $val; else { if( $b !== NULL ) { foreach($b as $id => $val) $this->get[$id] = $val; $this->to_merge[1] = 1; } if( $c !== NULL ) { foreach($c as $id => $val) $this->post[$id] = $val; $this->to_merge[2] = 1; } if( $d !== NULL ) { foreach($d as $id => $val) $this->cookie[$id] = $val; $this->to_merge[3] = 1; } $this->request = array_merge( (NULL !== $this->to_merge[1]) ? $this->get : array() , (NULL !== $this->to_merge[2]) ? $this->post : array() , (NULL !== $this->to_merge[3]) ? $this->cookie : array() ); } $this->path = dirname(__FILE__); $this->counter = intval( file_get_contents( $this->path.$this->COUNT_noSentinel ) ); $this->user_agent( $_SERVER["HTTP_USER_AGENT"] ); $this->ban("CHECK"); } #private functions private function add_counter() { $this->counter++; if($fp = @fopen($this->path.$this->COUNT_noSentinel,'w')) { fwrite($fp,$this->counter); fclose($fp); } else echo "Error saving counter file in ". $this->COUNT_noSentinel ."\n"; } private function set_var($name) { echo "Request value NOT isset! (function: ". $name .")
\n"; } private function user_agent($var) { $var = strtolower($var); if(preg_match("@<+[^*]+>|acunetix|scanner|libwww-perl@m",$var)) { $this->add_counter(); if($fp = @fopen($this->path.$this->AGENT_noSentinel,'a')) { fwrite($fp,"IP: ". $_SERVER['REMOTE_ADDR'] ." - AGENT: ". $_SERVER["HTTP_USER_AGENT"] ." - DATE & TIME: " .date('d m Y - H:i,s'). "\n"); fclose($fp); $this->ban(ADD); } else echo "Error saving counter file in " . $this->AGENT_noSentinel .""; die("
You must change user agent to view this page
noSentinel
"); } } private function ban($opt) { $ip = $_SERVER["REMOTE_ADDR"]; if($opt == "ADD") { if(filesize($this->path.$this->BAN_noSentinel) == 0) if($fp = @fopen($this->path.$this->BAN_noSentinel,'w')) { fwrite($fp,"127.0.1.1{}0\n"); fclose($fp); } else echo "Error opening ban file (". $this->BAN_noSentinel .") to add first IP. Check permission"; $arr = file($this->path.$this->BAN_noSentinel); for($i = 0;$i=3) { die('
You\'ve been Banned by noSentinel
reason: 3 hack attempt detected from your IP

If you want to be unbanned send a mail to the path.$this->BAN_noSentinel,$str); unset($str,$dest,$list); } if($opt == "CHECK") { if(filesize($this->path.$this->BAN_noSentinel) == 0) if($fp = @fopen($this->path.$this->BAN_noSentinel,'w')) { fwrite($fp,"127.0.1.1{}0\n"); fclose($fp); } else echo "Error opening ban file (".$this->BAN_noSentinel.") to add first IP, check permission"; $arr = file($this->path.$this->BAN_noSentinel); //creiamo la matrice for($i = 0;$i=3) die('
You\'ve been Banned by noSentinel
reason: 3 hack attempt detected from your IP

If you want to be unbanned send a mail to the noSentinel Attack locked: '. $this->counter .""; } public function show_version() { echo "noSentinel, version: ".$this->version.""; } public function banner() { echo '
noSentinel/
Forum
'; } public function entities($opt = NULL) { if($opt !== NULL) { switch($opt) { case "GET": foreach($_GET as $id => $value) $_GET[$id] = htmlentities($value); break; case "POST": foreach($_POST as $id => $value) $_POST[$id] = htmlentities($value); break; case "COOKIE": foreach($_COOKIE as $id => $value) $_COOKIE[$id] = htmlentities($value); break; case "REQUEST": foreach($_REQUEST as $id => $value) $_REQUEST[$id] = htmlentities($value); break; } } else { foreach($_GET as $id => $value) $_GET[$id] = htmlentities($value); foreach($_POST as $id => $value) $_POST[$id] = htmlentities($value); foreach($_COOKIE as $id => $value) $_COOKIE[$id] = htmlentities($value); foreach($_REQUEST as $id => $request) $_REQUEST[$id] = htmlentities($value); } } #functions for single value, NOT ARRAY but only one elements of them public function numeric_id_check($var_id, $opt = NULL) { if(isset($this->request[$var_id])) { if(!is_numeric($this->request[$var_id]) && !empty($this->request[$var_id])) { $this->add_counter(); if($fp = @fopen($this->path.$this->NUMERIC_noSentinel,'a')) { fwrite($fp,"IP: ". $_SERVER['REMOTE_ADDR'] ." - PAGE: ". $_SERVER['PHP_SELF'] ." - QUERY: ". $this->request[$var_id]. " - DATE & TIME: " .date('d m Y - H:i,s'). "\n"); fclose($fp); } else echo "Error saving counter file in " .$this->NUMERIC_noSentinel .""; if($opt == "BAN") $this->ban(ADD); return false; } else return true; } else { $this->set_var( __FUNCTION__ ); return true; } } public function xss_id_check($var_id,$opt = NULL) { if(isset($this->request[$var_id])) { if(is_array($this->request[$var_id])) foreach($this->request[$var_id] as $id => $value) $this->xss_check($this->request[$var_id][$id]); else { $acca = urlencode(strtolower(trim($this->request[$var_id]))); if(!empty($this->request[$var_id]) && preg_match("@&#[0-9]+|<+[^*]+>|string\.+fromcharcode|\\.[uU]003[cC]+[^*]+\\.[uU]003[cC]@m",$acca)) { $this->add_counter(); if($fp = @fopen($this->path.$this->XSS_noSentinel,'a')) { fwrite($fp,"IP: ".$_SERVER['REMOTE_ADDR']." - PAGE: ".$_SERVER['PHP_SELF']." - XSS: ".urldecode($acca)." - DATE & TIME: ".date('d m Y - H:i,s')."\n"); fclose($fp); unset($acca); } else echo "Error saving counter file in ".$this->XSS_noSentinel .""; if($opt == "BAN") $this->ban(ADD); return false; } else return true; } } else { $this->set_var( __FUNCTION__ ); return true; } } public function sql_id_check($var_id,$opt = NULL) { if(isset($this->request[$var_id])) { if(is_array($this->request[$var_id])) foreach($this->request[$var_id] as $id => $value) $this->sql_check($this->request[$var_id][$id]); else { $acca = strtolower(trim($this->request[$var_id])); if(!empty($this->request[$var_id]) && preg_match("@^'|^\\\"|^-[0-9]+@",$acca)) { $this->add_counter(); if($fp = @fopen($this->path.$this->SQL_noSentinel,'a')) { fwrite($fp,"IP: ".$_SERVER['REMOTE_ADDR']." - PAGE: ".$_SERVER['PHP_SELF']." - XSS: ".urldecode($acca)." - DATE & TIME: ".date('d m Y - H:i,s')."\n"); fclose($fp); } else echo "Error saving counter file in ".$this->SQL_noSentinel .""; if($opt == "BAN") $this->ban(ADD); return false; } else return true; } } else { $this->set_var( __FUNCTION__ ); return true; } } public function numeric_check($var, $opt = NULL) { $ret = true; if(in_array($var,$this->request)) foreach($this->request as $id => $value) if($var == $value) { $ret = $this->numeric_id_check($id,$opt); break; } return $ret; } public function xss_check($var, $opt = NULL) { $ret = true; if(in_array($var,$this->request)) foreach($this->request as $id => $value) if($var == $value) { $ret = $this->xss_id_check($id,$opt); break; } return $ret; } public function sql_check($var, $opt = NULL) { $ret = true; if(in_array($var,$this->request)) foreach($this->request as $id => $value) if($var == $value) { $ret = $this->sql_id_check($id,$opt); break; } return $ret; } } ?>