[Guide] Making, Secure, Populate your MU Online Server

омфг на конфиг ква защита ши слааш ве
 
дай ми индеха да го видя

Code:
<?
session_start();
header("Cache-control: private");
ob_start();
require("config.php");
include("includes/functions.php");
include ("ctracker.php");
include ("safesql.class.php");
include("class.floodblocker.php");
include ("anti-inject-base64.php");
include("flood/gate.php");
include("tweety.php");
magic();
htmlspecialchars($_REQUEST);
include("includes/functions.login.php");
include("includes/functions.user.php");
login();
logincheck();
admincheck();
logoutadmin();
check_user();
check_user_admin(); 
$queryString = strtolower($_SERVER['QUERY_STRING']);

if (strstr($queryString,"<") OR strstr($queryString,">") OR strstr($queryString,"(") OR strstr($queryString,")") OR
strstr($queryString,"..") OR
strstr($queryString,"%") OR
strstr($queryString,"*") OR
strstr($queryString,"+") OR
strstr($queryString,"!") OR
strstr($queryString,"@")) {
$loc = $_SERVER['PHP_SELF'];
$ip = $_SERVER['REMOTE_ADDR'];
$date = date ("d-m-Y @ h:i");
$lfh = "log.txt";
$lfh = "logove.php";
$log = fopen ( $lfh,"a+" );
fputs ($log, "Attack Date: $date | Attacker IP: $ip | QueryString: $loc?=$queryString\n");
fclose($log);
echo "You think you can hack me? Now You will eat the BANN!!";
}
language();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<meta name="keywords" content="muonline, mu, muo, ovia, game, mmorpg, rpg, online, server, BgZoneMu, BgZoneMu , muserver 99b, muserver, MuOnline 97d, bgzonemu.com, bgzone, NakazaTeLq, Top mu">
<script type="text/javascript" src="includes/overlib.js"></script>
<script type="text/javascript" src="includes/helptip.js"></script>
<script language="JavaScript" type="text/javascript">

<!--

//Disable right click script III- By Renigade ([email protected])
//For full source code, visit http://www.dynamicdrive.com

var message="";
///////////////////////////////////
function clickIE() {if (document.all) {(message);return false;}}
function clickNS(e) {if 
(document.layers||(document.getElementById&&!document.all)) {
if (e.which==2||e.which==3) {(message);return false;}}}
if (document.layers) 
{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}

document.oncontextmenu=new Function("return false")
// --> 
</script>
<link rel="stylesheet" href="images/css.css" type="text/css" media="screen">
<link href="images/style.css" rel="stylesheet" type="text/css">
<title>BgZoneMu</title>
</head>	
<body text="red" style="background-color: #000000;">
<table width="964" border="0" cellpadding="0" cellspacing="0" align="center">
<tr><td>
<img src="images/logo1.png" width="100%" height="200" alt="">
</td></tr>
</table>
и т.н..... ;)
 
Code:
<?
session_start();
header("Cache-control: private");
ob_start();
require("config.php");
include("includes/functions.php");
include ("ctracker.php");
include ("safesql.class.php");
include("class.floodblocker.php");
include ("anti-inject-base64.php");
include("flood/gate.php");
include("tweety.php");
magic();
htmlspecialchars($_REQUEST);
include("includes/functions.login.php");
include("includes/functions.user.php");
login();
logincheck();
admincheck();
logoutadmin();
check_user();
check_user_admin(); 
$queryString = strtolower($_SERVER['QUERY_STRING']);

if (strstr($queryString,"<") OR strstr($queryString,">") OR strstr($queryString,"(") OR strstr($queryString,")") OR
strstr($queryString,"..") OR
strstr($queryString,"%") OR
strstr($queryString,"*") OR
strstr($queryString,"+") OR
strstr($queryString,"!") OR
strstr($queryString,"@")) {
$loc = $_SERVER['PHP_SELF'];
$ip = $_SERVER['REMOTE_ADDR'];
$date = date ("d-m-Y @ h:i");
$lfh = "log.txt";
$lfh = "logove.php";
$log = fopen ( $lfh,"a+" );
fputs ($log, "Attack Date: $date | Attacker IP: $ip | QueryString: $loc?=$queryString\n");
fclose($log);
echo "You think you can hack me? Now You will eat the BANN!!";
}
language();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<meta name="keywords" content="muonline, mu, muo, ovia, game, mmorpg, rpg, online, server, BgZoneMu, BgZoneMu , muserver 99b, muserver, MuOnline 97d, bgzonemu.com, bgzone, NakazaTeLq, Top mu">
<script type="text/javascript" src="includes/overlib.js"></script>
<script type="text/javascript" src="includes/helptip.js"></script>
<script language="JavaScript" type="text/javascript">

<!--

//Disable right click script III- By Renigade ([email protected])
//For full source code, visit http://www.dynamicdrive.com

var message="";
///////////////////////////////////
function clickIE() {if (document.all) {(message);return false;}}
function clickNS(e) {if 
(document.layers||(document.getElementById&&!document.all)) {
if (e.which==2||e.which==3) {(message);return false;}}}
if (document.layers) 
{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}

document.oncontextmenu=new Function("return false")
// --> 
</script>
<link rel="stylesheet" href="images/css.css" type="text/css" media="screen">
<link href="images/style.css" rel="stylesheet" type="text/css">
<title>BgZoneMu</title>
</head>	
<body text="red" style="background-color: #000000;">
<table width="964" border="0" cellpadding="0" cellspacing="0" align="center">
<tr><td>
<img src="images/logo1.png" width="100%" height="200" alt="">
</td></tr>
</table>
и т.н..... ;)

DevilMu Web.... Иначе темата си е супер! :)
 
Стъпка 3 :

Как да популялизираме нашият Web Site ?!?!? :

Като за начало може да го добавите тука : /7/

и в други подобни форуми

Например Mu Online top 100 - Private servers, free servers, Guides, Guilds в него има безплатна услуга чрез която след като се регистрирате и ъпдейтните вашето сървър инфо получавате 7 дни безплатно ГОЛД МЕМБЕР !!!


Немисля,че това е начина за популялизиране на даден сайт или сървър :p
9/10 !! Thanks
 
10/10, Great Omaru, but some modules are missing from the security folder..

web_modules.php
clean_var.php
login.class.php
scripts/index.inc

and most of the link's are broken, but the most important file is still alive ;)
 
OmaRuCat страшен си благодаря.
 
4 Step :

How to Avoid some DDoS Attacks :
Add in xampp/apache/conf/httpd.conf

LimitRequestBody 10240000

This is 10 mb upload size per user and can be used to avoid some tips of DDoS attacks !

LimitRequestBody 102400
This is 100 kb ...

Happy avoiding DDoS Attacks ! Read and other instructions !!
How to do this?
 
You need to put it in : apache/modules/
After that to edit : apache/conf/httpd.conf

And to add :
after all LoadModule :

LoadModule dosevasive22_module modules/mod_dosevasive22.so

In bottom of file :

DOSHashTableSize 3097
DOSPageCount 35
DOSSiteCount 70
DOSPageInterval 30
DOSSiteInterval 30
DOSBlockingPeriod 10
DOSWhitelist 127.0.0.1
DOSWhitelist 127.0.0.*
DOSWhitelist 127.0.*.*
 

Attachments

  • mod_dosevasive22.rar
    5.6 KB · Views: 11
who can reupload this:
За повече защита ви предлагам да си изтеглите и mod_security на Apache 2

Download : http://4storing.com/y22u7r/1d12fc990...f83bca1bd.html

Как да го инсталираме ?!?!? :
Отворете xampp/apache/conf/httpd.conf
Допълнете на последните редове :

LoadModule security2_module modules/mod_security2/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so
SecRuleEngine On
SecDefaultAction log,auditlog,deny,status:403,phase:2,t:lowercase,t:replaceNulls,t:compressWhitespace

SecAuditEngine RelevantOnly
SecAuditLogType Serial
SecAuditLog logs/mod_security2.log

SecRule ARGS "c:/" t:normalisePathWin
SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access'"
SecRule ARGS "d:/" t:normalisePathWin

SecRule ARGS:highlight "(\x27|%27|\x2527|%2527)"