Results 1 to 4 of 4

Thread: Block php scripts from scanning site?

  1. #1
    Join Date
    Dec 2005
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Block php scripts from scanning site?

    I have found some php scripts on another site are being used to scan for files and folders on my site...

    What can I do to block the script from scanning my folders? I would prefer to do it "quiety" that is, not letting the script or script runner know they have been blocked, but instead just blocking (or redirecting) without any thing being noticed. (So that say the results page of the scripts just comes back empty every time)

  2. #2
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    This is difficult. The best way is to look for the precise headers it always uses (User-Agent, connection timeout, and so on). If the script always comes from that site, of course, you can just block (or redirect) connection attempts from that address. The address can be found with $_SERVER['HTTP_REMOTE_ADDR'], or the domain name with $_SERVER['HTTP_REMOTE_HOST']. To redirect, you use the Location: header like so:
    Code:
    <?php if($_SERVER['HTTP_REMOTE_HOST'] == "badsite.com") header("Location: http://www.google.com/"); ?>
    That may not work, however; it's possible that the script would ignore HTTP redirects. In this case, try:
    Code:
    <?php if($_SERVER['HTTP_REMOTE_HOST'] == "badsite.com") {
      require("http://www.google.com/");
      die();
    } ?>
    If all the above methods fail (the site uses a different address and changes its headers periodically to avoid detection), you'd need to rely on Javascript to tell the bots from the browsers. I'd advise, if it gets to this stage, leaving it; the cost of making your pages dependent on Javascript isn't worth the saving of the bandwidth these bots use up.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends franšais | entiendo espa˝ol | t˘i Ýt hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  3. #3
    Join Date
    Dec 2005
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    so I would have to put one of those scripts on every page? or just on the index?

  4. #4
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    At the very top of whichever page(s) the scripts request.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends franšais | entiendo espa˝ol | t˘i Ýt hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •