New: Script Breaking Script

If you have a program or script that you'd like to give away or sell, this is the place to do it. All offers should include contact info.

Moderators: BBear, theunknownhost, flaguy

Post Reply
User avatar
Arf
Official Test Penquin
Posts: 9103
Joined: Tue Apr 09, 2002 12:00 am
Location: IDAHO, USA
Contact:

New: Script Breaking Script

Post by Arf » Tue Apr 05, 2005 2:05 am

Currently in Alpha Testing - BreakScripts Script (BSS)

Hi all,
I've been working on a script breaking script that works on all types of scripts that I'm aware of. (For example: .cgi .php .pl .sh .php2 .php3 .php4 .phps4 .php5 .mv .ncmv .shtml .phtml). So now when a spammer signs up and uploads the goods, it won't matter what he tries to do, things just won't work (except of course regular POP mail, but if he tries that my watch mail script will notify me of that).

This script is to replace BreakCGI and BreakPHP. I will gladly provide free upgrades to anyone who has purchased either of these scripts. Please write to my support address if you're interested in getting the free upgrade (this offer good for a limited time, until version 2.x is created).

This script watches the last X sign ups. When a new account is created, it immediately goes in and disables the ability to run the most commonly used scripts. If the user tries to re-enable scripts, it will disable it again and again until one of two things happen.

1) you white list the user.
2) They become the last X + 1 sign up. In other words, if you want to automatically disable scripting on the last 2 sign ups, all but the last 2 sign ups will have their scipting disabled. If you get a new sign up, the third from the last sign up will have their script re-enabled automatically.

Any feed back is welcomed.

User avatar
Arf
Official Test Penquin
Posts: 9103
Joined: Tue Apr 09, 2002 12:00 am
Location: IDAHO, USA
Contact:

Post by Arf » Wed Apr 06, 2005 8:51 pm

Minor update:

I've also written a companion daemon program which grabs a very tiny footprint in memory (so small you'll probably never see it in top). While the regular program runs every X minutes, the daemon "can" run as a backup running every X seconds. I recommend 5 to 15 seconds (configured in the config.sh file). A good hacker will figure out how the scripts are being broken and try to circumvent it to re-enable scripting. This wouldn't be outside the relm of possibilities. However, the daemon will quickly identify such changes, circumvent this and notify you of the incident by email.

Even without the daemon, the program will similarly identify such changes and re-enable script blocking but window of oportunity is a little wider in this case.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest