Post: PHP Black listing & White listing [Security]
Options
04-11-2016, 02:22 AM
#1
D4tabase
Haxor!
This is a better way secure/protect your ACP by utilizing white listing.
I will talk about the two types. (Black listing and White listing)
Well what is blacklisting?
Say an attacker bruteforces your ACP, but then their IP gets banned because of the many failed attempts. That is black listing.
There is a fault in this. The fault being that the attacker can always change their IP using Proxies.
How can we prevent this?
This is where white listing comes in play. In this case the problem is an attacker bruteforcing and changing IP Addresses. By white listing which IP Addresses you want to access the ACP you prevent the attacker to do both.
Bruteforce and changing IPs won't matter anymore because you must have a IP white listed to keep bruteforcing.
So how will the code look like?
Well this code will go on the top of the PHP file which lets you login into the ACP.
Also make sure the file we are going to be reading from "ips.txt" is in the same directory of the ACP and it is non-readable.
You can achieve this by modifying the .htaccess. Do not chmod the file otherwise PHP may not be able to read it.
Make sure the IP Addresses are separated by a new line in ips.txt
White listing Code:
<?php
$ip_addresses = explode("\n", file_get_contents(dirname(__FILE__) . '/ips.txt'
); // Read the file and split it up by a new line making it an array.
$curIP = $_SERVER['REMOTE_ADDR']; // We get the visitor's IP
if (!in_array($curIP, $ip_addresses)) // Checks if the visitor's IP is white listed.
{
header('location: /'; // We redirect him to the home page of the site.
die ('You are not allowed to visit this part of the site.'; // We make the script die so other php code does not get executed.
}
Last edited by
D4tabase ; 04-11-2016 at 02:25 AM.
04-11-2016, 03:11 AM
#2
CyberNomadic
Web Developer
Originally posted by D4tabase
This thread is to help people that want more security added to their site. Although no matter how much security you add there will always be an attacker that will get through it. However you can delay the attacker by utilizing many things to bypass your security.
This is a better way secure/protect your ACP by utilizing white listing.
I will talk about the two types. (Black listing and White listing)
Well what is blacklisting?
Say an attacker bruteforces your ACP, but then their IP gets banned because of the many failed attempts. That is black listing.
There is a fault in this. The fault being that the attacker can always change their IP using Proxies.
How can we prevent this?
This is where white listing comes in play. In this case the problem is an attacker bruteforcing and changing IP Addresses. By white listing which IP Addresses you want to access the ACP you prevent the attacker to do both.
Bruteforce and changing IPs won't matter anymore because you must have a IP white listed to keep bruteforcing.
So how will the code look like?
Well this code will go on the top of the PHP file which lets you login into the ACP.
Also make sure the file we are going to be reading from "ips.txt" is in the same directory of the ACP and it is non-readable.
You can achieve this by modifying the .htaccess. Do not chmod the file otherwise PHP may not be able to read it.
Make sure the IP Addresses are separated by a new line in ips.txt
White listing Code:
This is a better way secure/protect your ACP by utilizing white listing.
I will talk about the two types. (Black listing and White listing)
Well what is blacklisting?
Say an attacker bruteforces your ACP, but then their IP gets banned because of the many failed attempts. That is black listing.
There is a fault in this. The fault being that the attacker can always change their IP using Proxies.
How can we prevent this?
This is where white listing comes in play. In this case the problem is an attacker bruteforcing and changing IP Addresses. By white listing which IP Addresses you want to access the ACP you prevent the attacker to do both.
Bruteforce and changing IPs won't matter anymore because you must have a IP white listed to keep bruteforcing.
So how will the code look like?
Well this code will go on the top of the PHP file which lets you login into the ACP.
Also make sure the file we are going to be reading from "ips.txt" is in the same directory of the ACP and it is non-readable.
You can achieve this by modifying the .htaccess. Do not chmod the file otherwise PHP may not be able to read it.
Make sure the IP Addresses are separated by a new line in ips.txt
White listing Code:
<?php
$ip_addresses = explode("\n", file_get_contents(dirname(__FILE__) . '/ips.txt'); // Read the file and split it up by a new line making it an array.
$curIP = $_SERVER['REMOTE_ADDR']; // We get the visitor's IP
if (!in_array($curIP, $ip_addresses)) // Checks if the visitor's IP is white listed.
{
header('location: /'; // We redirect him to the home page of the site.
die ('You are not allowed to visit this part of the site.'; // We make the script die so other php code does not get executed.
}
For a non-SQL environment, this would work. I'd reccomend it. Also, this can be done via htaccess in Apache for those interested.
Note to OP:
Add support for cloudflare IPs! Its very simple:
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
$_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
}
Last edited by
CyberNomadic ; 04-11-2016 at 08:08 AM.
The following user thanked CyberNomadic for this useful post:
04-11-2016, 12:43 PM
#3
D4tabase
Haxor!
CloudFlare IP's can be spoofed if you didn't know which is why the CloudFlare plugin/add-on is recommended to be used.
By CloudFlare plugin/add-on I mean the cloudflare.c file they made for apache. If you are using nginx you have to do it a different way, but it is easy.
So you shouldn't use PHP for that.
By CloudFlare plugin/add-on I mean the cloudflare.c file they made for apache. If you are using nginx you have to do it a different way, but it is easy.
So you shouldn't use PHP for that.
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
