I've been using this for well over a year now and have not has a site hacked into yet:
Use it like this:
firstName = Clean String(RequestForm("firstname"))
The script has the means to both log the hack attempt to a text file, redirect the hacker to a safe page and also the ability to email you of the attempt. Make sure you write-enable the folder with the log file. If you need help, email me at steve@stevegreenstein.com
Function CleanString(s)
If ((Not IsNull(s)) And (s <> "")) Then
tmp = Replace(Trim(s), "'", "''")
tmp = Replace(tmp, """", """)
CleanString = CompareInput(tmp)
End If
End Function
' check against all known bad things that can be used in SQL injection
' and for good measure, check for b.js as this is what the current round
' of hacks uses…
' Now, note that from the logs captured, the hacks are nearly 100% in hex
' but still some keywords must be plain and this function should catch it
function CompareInput(str)
dim tmp
tmp = str
tmp = filterInput(tmp, "/script")
tmp = filterInput(tmp, "insert into")
tmp = filterInput(tmp, "delete from")
tmp = filterInput(tmp, "drop table")
tmp = filterInput(tmp, "exec(")
tmp = filterInput(tmp, "declare")
tmp = filterInput(tmp, "cast(")
tmp = filterInput(tmp, "varchar")
tmp = filterInput(tmp, "sp_")
tmp = filterInput(tmp, "xp_")
tmp = filterInput(tmp, "@@")
tmp = filterInput(tmp, "--")
tmp = filterInput(tmp, ";")
tmp = filterinput(tmp, "b.js")
tmp = filterinput(tmp, "ngg.js")
tmp = filterinput(tmp, "q.js")
tmp = filterinput(tmp, "js.js")
tmp = filterinput(tmp, "script.js")
CompareInput = tmp
End function
' if any of the things checked against ARE in the user data that
' came from the form or query string, log the hack and redirect hacker
' so your code does not continue and does the SQL. But if data is
' clean the function returns
function filterInput(str, filterStr)
if instr(lcase(str), filterStr) <> 0 then
logTheHack(str)
' Send email.................
Set MyCDO = Server.CreateObject("CDONTS.NewMail")
If IsObject (MyCDO) Then
MyCDO.From = "do-not-reply@" & left(Request.ServerVariables("SERVER_NAME"),4)
MyCDO.To = "
youremail@yourdomain.com"
MyCDO.Subject = "Attempted Hacking Attack at " & Request.ServerVariables("SERVER_NAME")
TBdy = "String used in hacking attempt: " & str & Chr(13) & Chr(10)
TBdy = TBdy & "Here is the IP: " & Request.ServerVariables("REMOTE_ADDR") & Chr(13) & Chr(10)
TBdy = TBdy & "Web Page: " & Request.ServerVariables("URL") & Chr(13) & Chr(10)
MyCDO.Body = TBdy
MyCDO.Send
Set MyCDO = nothing
End If
'............................
Response.Redirect "http://" & Request.ServerVariables("SERVER_NAME") & "/hackRedirect.asp" ' redirect hacker
else
filterInput = str
end if
end function
' this function will log the hack with all server variables
' so you can get lots of info on the hacker
sub logTheHack(s)
set fso = server.createobject("scripting.filesystemobject")
set wf = fso.opentextfile(server.mappath("..\logs\logHack.txt"), 8, true)
wf.writeline(Now)
wf.writeline("----------------------------")
for each x in Request.ServerVariables
wf.writeline(x & ": " & Request.ServerVariables(x))
next
wf.writeline("----------------------------")
wf.writeline(")" & vbcrlf & s & vbcrlf)
wf.writeline("============================")
wf.close
set wf = nothing
set fso = nothing
end sub
Topic Options
Post Options
Thanks(0)
