| Author |
Message |
gregexp
The Mouse Is Extension Of Arm
Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol
|
 Posted:
Sun Jul 23, 2006 4:36 am |
|
My apologies this did not work:
<?
Header("content-type: application/x-javascript");
$text=" Powered by phpNUKE;
echo "document.write(\"<b><a href=\"http://phpnuke.org\">" . $text . "</b></a>\")";
?>
But this did:
<?
Header("content-type: application/x-javascript");
$text=" Powered by phpNUKE;
echo "document.write(\"<b><a href=\'http://phpnuke.org\'>" . $text . "</b></a>\")";
?>
I read somewhere that you must use dingle quotes inside of double quotes with javascript...nice 
Learn more and more everday. |
_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! |
|
    
  |
|
spottedhog
Regular
Joined: Jun 02, 2004
Posts: 88
|
| Posted:
Sun Jul 23, 2006 7:08 am |
|
darklord, I am very much interested in that text.php file if you would care to share. (larry@smf-nuke.com) I am wondering if that could be incorporated into the current javascript.php file. It would sure be nice to show the admin email and the copyright footer like this.
Here is what I am thinking about..... Putting a "Contact Us" and the bottom of the Modules block with a call to $adminmail so clicking on a link would automatically bring up the admin's email address. No programming changes needed for the site admin.
If you had not seen, I have started a Nuke fork, removing phpbb and replacing it with SMF. Part of this new fork, I had already made a field in the nuke_config table for Meta tags and it is located in the "Preferences" or what I have now called the Site Config admin file. Works perfectly and one can easily change keywords without file modifications.
OK.... back into the fray... 
The ultimate goal here is website security. Security through obscurity does have a place, but the true bottom line is stopping hack attempts as early in the process as is possible. For UNIX hosting one has this:
1. Obscurity---reducing presence without clouding content in Search Engines
2. Referring---Not being linked from well known Nuke sites
3. Apache Webserver---hopefully at least having DOS protection
4. .htaccess---The first wall for specific site security
5. Secure Code---Patching holes in mainfile.php, admin.php, and all modules, etc.
kguske, your original post was asking how to lesson two specific searches. I think there are some very good and usable ideas are presented in hiding "powered by" etc. Sooo, now on to the other search criteria... One could put in the .htaccess file a RewriteCond and RewriteRule for changing "modules.php?name" to something else. Isn't this how GoogleTap works? |
| |
|
|
|
|
gregexp
|
| Posted:
Sun Jul 23, 2006 7:26 am |
|
if you rewrite the url, you would still be left with the problem of links on the mainpage directing to modules.php
You would need to completely rewrite those links and I posted the text.php code, Its all javascript and I thought perhaps this was exactly what you all were looking for, a way to keep it out of the source but still display what you would like. |
| |
|
|
|
|
spottedhog
|
| Posted:
Sun Jul 23, 2006 9:04 am |
|
Thanks for the code darklord! ...just wanted to make sure.
ahhhhh yes.... great point about links, etc.
Hmmmmm.... It would appear then that one cannot totally eliminate all search engine possible queries, but maybe only lesson the potential, which is not a bad thing. |
| |
|
|
|
|
gregexp
|
| Posted:
Sun Jul 23, 2006 9:54 am |
|
well most would like to difine there own search patterns but I have no clue how google and other search engines actually interact with a site, I just had an idea.
I'm willing to learn and would be more beneficial to this discussion if I knew. Right now I can feel the gears in my head turning, I have some ideas.
Just need to redup on some things. |
| |
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Sun Jul 23, 2006 11:44 am |
|
You can use a simple script like this (not tested) to echo referer strings to you site
Code:
<?
$referer = $_SERVER['HTTP_REFERER'];
$temp_array = explode('?', $referer);
echo "<pre>";
print_r($temp_array);
echo "</pre><hr>";
$temp_array2 = explode('&', $temp_array[1]);
echo "<pre>";
print_r($temp_array2);
echo "</pre><hr>";
$searchwords = explode('=', $temp_array2[0]);
$searchword = urldecode($searchwords[1]);
echo "Your search words are: $searchword<br /><br />";
?>
|
It is then only a matter or searching the $temp_array2 for a match and then executing something if a match is found (such as feeding it to a Sentinel blocker). |
| |
|
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6437
|
| Posted:
Sun Jul 23, 2006 3:24 pm |
|
Really, I was half-kidding when I started this topic. Given the many responses, the question becomes: what do you do when you identify one who searches for these terms? Ban them? |
_________________
I search, therefore I exist...
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
gregexp
|
| Posted:
Sun Jul 23, 2006 3:52 pm |
|
banning would be kinda an overkill, would be nice to bann them for an hour or so.
Like to add them to the .htacess then remove them. |
| |
|
|
|
|
kguske
|
| Posted:
Sun Jul 23, 2006 3:59 pm |
|
Hmmm. A temporary ban is interesting. Most don't have the patience to wait, but why not just let NukeSentinel handle that, instead of writing it to htaccess?
Still, what if it is a legitimate search? How can you really know... |
| |
|
|
|
|
gregexp
|
| Posted:
Sun Jul 23, 2006 4:07 pm |
|
This is true,
Curious ok, lets say they use a bot to search the sites with, Do they normally do that? if so lets force it to redirect to ....DoIBannYou.php
Then DoIBannYou.php would be setup with a security image and timed dealay.
Put 2 scenerios in there, If they dont except cookies, bann em for the hour, if they do, wait lets say 30 sec and if they dont respond bann em. If they respond but do it 5 times incorrectly, bann em. If they manage to make it within 5 times, let them on through and set a cookie tellin sentinel that they are welcome.
And I like the idea to use the database to bann someone but I've been told that the database can be specifically hit to lagg enough for sentinel to not catch them. As long as aache is up, .htaccess catches em. |
| |
|
|
|
|
Guardian2003
|
| Posted:
Sun Jul 23, 2006 4:17 pm |
|
I guess it depends on the search terms used.
For example, a search for 'nukeseo' of 'phpnuke seo module' would be quite valid search criteria for your site kguske so one would have to be careful when handling 'phpnuke' as a search term.
The same could be said for support and development sites where 'phpnuke' might be part of a valid search. I guess it depends on what else is part of the string or if it is something in the default meta.php.
What might be interesting is search strings for the likes of 'vwar' or 'gallery' etc.
A very interesting thread though  |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
