360safe安全卫士防网站攻击源码

时间:2023-03-10 00:33:46
360safe安全卫士防网站攻击源码

近段时间,公司网站老被攻击,于是研究起防止攻击方法,当然无外乎就是SQL注入之类的问题,无意间发现了一个360安全卫士提供的源码,觉得挺好的,咋们暂且不说防攻击效果,至少思路是很好的,奉献给大家,大家也可以去360漏洞检查网站去下载。

360webscan.php

<?php

webscan_error();

//引用配置文件

require_once('webscan_cache.php');

//防护脚本版本号

define("WEBSCAN_VERSION", '0.1.1.9');

//防护脚本MD5值

define("WEBSCAN_MD5", md5(@file_get_contents(__FILE__)));

//get拦截规则

$getfilter = "<[^>]*?=[^>]*?&#[^>]*?>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b[^>]*?>|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";

//post拦截规则

$postfilter = "<[^>]*?=[^>]*?&#[^>]*?>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b[^>]*?>|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";

//cookie拦截规则

$cookiefilter = "\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";

//获取指令

$webscan_action  = isset($_POST['webscan_act'])&&webscan_cheack() ? trim($_POST['webscan_act']) : '';

//referer获取

$webscan_referer = empty($_SERVER['HTTP_REFERER']) ? array() : array('HTTP_REFERER'=>$_SERVER['HTTP_REFERER']);

class webscan_http {

  var $method;

  var $post;

  var $header;

  var $ContentType;

  function __construct() {

    $this->method = '';

    $this->cookie = '';

    $this->post = '';

    $this->header = '';

    $this->errno = 0;

    $this->errstr = '';

  }

  function post($url, $data = array(), $referer = '', $limit = 0, $timeout = 30, $block = TRUE) {

    $this->method = 'POST';

    $this->ContentType = "Content-Type: application/x-www-form-urlencoded\r\n";

    if($data) {

      $post = '';

      foreach($data as $k=>$v) {

        $post .= $k.'='.rawurlencode($v).'&';

      }

      $this->post .= substr($post, 0, -1);

    }

    return $this->request($url, $referer, $limit, $timeout, $block);

  }

  function request($url, $referer = '', $limit = 0, $timeout = 30, $block = TRUE) {

    $matches = parse_url($url);

    $host = $matches['host'];

    $path = $matches['path'] ? $matches['path'].($matches['query'] ? '?'.$matches['query'] : '') : '/';

    $port = $matches['port'] ? $matches['port'] : 80;

    if($referer == '') $referer = URL;

    $out = "$this->method $path HTTP/1.1\r\n";

    $out .= "Accept: */*\r\n";

    $out .= "Referer: $referer\r\n";

    $out .= "Accept-Language: zh-cn\r\n";

    $out .= "User-Agent: ".$_SERVER['HTTP_USER_AGENT']."\r\n";

    $out .= "Host: $host\r\n";

    if($this->method == 'POST') {

      $out .= $this->ContentType;

      $out .= "Content-Length: ".strlen($this->post)."\r\n";

      $out .= "Cache-Control: no-cache\r\n";

      $out .= "Connection: Close\r\n\r\n";

      $out .= $this->post;

    } else {

      $out .= "Connection: Close\r\n\r\n";

    }

    if($timeout > ini_get('max_execution_time')) @set_time_limit($timeout);

    $fp = @fsockopen($host, $port, $errno, $errstr, $timeout);

    $this->post = '';

    if(!$fp) {

      return false;

    } else {

      stream_set_blocking($fp, $block);

      stream_set_timeout($fp, $timeout);

      fwrite($fp, $out);

      $this->data = '';

      $status = stream_get_meta_data($fp);

      if(!$status['timed_out']) {

        $maxsize = min($limit, 1024000);

        if($maxsize == 0) $maxsize = 1024000;

        $start = false;

        while(!feof($fp)) {

          if($start) {

            $line = fread($fp, $maxsize);

            if(strlen($this->data) > $maxsize) break;

            $this->data .= $line;

          } else {

            $line = fgets($fp);

            $this->header .= $line;

            if($line == "\r\n" || $line == "\n") $start = true;

          }

        }

      }

      fclose($fp);

      return "200";

    }

  }

}

/**

 *   关闭用户错误提示

 */

function webscan_error() {

  if (ini_get('display_errors')) {

    ini_set('display_errors', '0');

  }

}

/**

 *  验证是否是官方发出的请求

 */

function webscan_cheack() {

  if($_POST['webscan_rkey']==WEBSCAN_U_KEY){

    return true;

  }

  return false;

}

/**

 *  数据统计回传

 */

function webscan_slog($logs) {

  if(! function_exists('curl_init')) {

    $http=new webscan_http();

    $http->post(WEBSCAN_API_LOG,$logs);

  }

  else{

    webscan_curl(WEBSCAN_API_LOG,$logs);

  }

}

/**

 *  参数拆分

 */

function webscan_arr_foreach($arr) {

  static $str;

  if (!is_array($arr)) {

    return $arr;

  }

  foreach ($arr as $key => $val ) {

    if (is_array($val)) {

      webscan_arr_foreach($val);

    } else {

      $str[] = $val;

    }

  }

  return implode($str);

}

/**

 *  新版文件md5值效验

 */

function webscan_updateck($ve) {

  if($ve!=WEBSCAN_MD5)

  {

    return true;

  }

  return false;

}

/**

 *  防护提示页

 */

function webscan_pape(){

  $pape=<<<HTML

  <html>

  <body style="margin:0; padding:0">

  <center><iframe width="100%" align="center" height="870" frameborder="0" scrolling="no" src="http://safe.webscan.360.cn/stopattack.html"></iframe></center>

  </body>

  </html>

HTML;

  echo $pape;

}

/**

 *  攻击检查拦截

 */

function webscan_StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq,$method) {

  $StrFiltValue=webscan_arr_foreach($StrFiltValue);

  if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){

    webscan_slog(array('ip' => $_SERVER["REMOTE_ADDR"],'time'=>strftime("%Y-%m-%d %H:%M:%S"),'page'=>$_SERVER["PHP_SELF"],'method'=>$method,'rkey'=>$StrFiltKey,'rdata'=>$StrFiltValue,'user_agent'=>$_SERVER['HTTP_USER_AGENT'],'request_url'=>$_SERVER["REQUEST_URI"]));

    exit(webscan_pape());

  }

  if (preg_match("/".$ArrFiltReq."/is",$StrFiltKey)==1){

    webscan_slog(array('ip' => $_SERVER["REMOTE_ADDR"],'time'=>strftime("%Y-%m-%d %H:%M:%S"),'page'=>$_SERVER["PHP_SELF"],'method'=>$method,'rkey'=>$StrFiltKey,'rdata'=>$StrFiltKey,'user_agent'=>$_SERVER['HTTP_USER_AGENT'],'request_url'=>$_SERVER["REQUEST_URI"]));

    exit(webscan_pape());

  }

}

/**

 *  拦截目录白名单

 */

function webscan_white($webscan_white_name,$webscan_white_url=array()) {

  $url_path=$_SERVER['PHP_SELF'];

  $url_var=$_SERVER['QUERY_STRING'];

  if (preg_match("/".$webscan_white_name."/is",$url_path)==1) {

    return false;

  }

  foreach ($webscan_white_url as $key => $value) {

    if(!empty($url_var)&&!empty($value)){

      if (stristr($url_path,$key)&&stristr($url_var,$value)) {

        return false;

      }

    }

    elseif (empty($url_var)&&empty($value)) {

      if (stristr($url_path,$key)) {

        return false;

      }

    }

  }

  return true;

}

/**

 *  curl方式提交

 */

function webscan_curl($url , $postdata = array()){

  $ch = curl_init();

  curl_setopt($ch, CURLOPT_URL, $url);

  curl_setopt($ch, CURLOPT_HEADER, 0);

  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

  curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);

  curl_setopt($ch, CURLOPT_TIMEOUT, 15);

  curl_setopt($ch, CURLOPT_POST, 1);

  curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);

  $response = curl_exec($ch);

  $httpcode = curl_getinfo($ch,CURLINFO_HTTP_CODE);

  curl_close($ch);

  return array('httpcode'=>$httpcode,'response'=>$response);

}

if($webscan_action=='update') {

  //文件更新操作

  $webscan_update_md5=md5(@file_get_contents(WEBSCAN_UPDATE_FILE));

  if (webscan_updateck($webscan_update_md5))

  {

    if (!file_exists(dirname(__FILE__).'/caches_webscan'))

    {

      if (@mkdir(dirname(__FILE__).'/caches_webscan',755)) {

      }

      else{

        exit("file_failed");

      }

    }

    @file_put_contents(dirname(__FILE__).'/caches_webscan/'."update_360.dat", @file_get_contents(WEBSCAN_UPDATE_FILE));

    if(copy(__FILE__,dirname(__FILE__).'/caches_webscan/'."bak_360.dat")&&filesize(dirname(__FILE__).'/caches_webscan/'."update_360.dat")>500&&md5(@file_get_contents(dirname(__FILE__).'/caches_webscan/'."update_360.dat"))==$webscan_update_md5)

    {

      if (!copy(dirname(__FILE__).'/caches_webscan/'."update_360.dat",__FILE__))

      {

        copy(dirname(__FILE__).'/caches_webscan/'."bak_360.dat",__FILE__);

        exit("copy_failed");

      }

      unlink(dirname(__FILE__).'/caches_webscan/'."update_360.dat");

      exit("update_success");

    }

    unlink(dirname(__FILE__).'/caches_webscan/'."update_360.dat");

    exit("failed");

  }

  else{

    exit("news");

  }

}

elseif($webscan_action=="ckinstall") {

  //验证安装与版本信息

  if(! function_exists('curl_init')){

    $web_code=new webscan_http();

    $httpcode=$web_code->request("http://safe.webscan.360.cn");

  }

  else{

    $web_code=webscan_curl("http://safe.webscan.360.cn");

    $httpcode=$web_code['httpcode'];

  }

  exit("1".":".WEBSCAN_VERSION.":".WEBSCAN_MD5.":".WEBSCAN_U_KEY.":".$httpcode);

}

if ($webscan_switch&&webscan_white($webscan_white_directory,$webscan_white_url)) {

  if ($webscan_get) {

    foreach($_GET as $key=>$value) {

      webscan_StopAttack($key,$value,$getfilter,"GET");

    }

  }

  if ($webscan_post) {

    foreach($_POST as $key=>$value) {

      webscan_StopAttack($key,$value,$postfilter,"POST");

    }

  }

  if ($webscan_cookie) {

    foreach($_COOKIE as $key=>$value) {

      webscan_StopAttack($key,$value,$cookiefilter,"COOKIE");

    }

  }

  if ($webscan_referre) {

    foreach($webscan_referer as $key=>$value) {

      webscan_StopAttack($key,$value,$postfilter,"REFERRER");

    }

  }

}

?>

webscan_cache.php

<?php

//用户唯一key

define('WEBSCAN_U_KEY', '网站生成的KEY');

//数据回调统计地址

define('WEBSCAN_API_LOG', 'http://safe.webscan.360.cn/papi/log/?key='.WEBSCAN_U_KEY);

//版本更新地址

define('WEBSCAN_UPDATE_FILE','http://safe.webscan.360.cn/papi/update/?key='.WEBSCAN_U_KEY);

//拦截开关(1为开启,0关闭)

$webscan_switch=1;

//提交方式拦截(1开启拦截,0关闭拦截,post,get,cookie,referre选择需要拦截的方式)

$webscan_post=1;

$webscan_get=1;

$webscan_cookie=1;

$webscan_referre=1;

//后台白名单,后台操作将不会拦截,添加"|"隔开白名单目录下面默认是网址带 admin  /dede/ 放行

$webscan_white_directory='admin|\/dede\/';

//url白名单,可以自定义添加url白名单,默认是对phpcms的后台url放行

//写法:比如phpcms 后台操作url index.php?m=admin php168的文章提交链接post.php?job=postnew&step=post ,dedecms 空间设置edit_space_info.php

$webscan_white_url = array('index.php' => 'm=admin','post.php' => 'job=postnew&step=post','edit_space_info.php'=>'');

?>

源码下载:http://files.cnblogs.com/mengdejun/360safe.zip

相关文章