php-general Digest 23 Apr 2012 11:15:40 -0000 Issue 7785
Topics (messages 317646 through 317649):
Re: [PHP-DB] School timetable in php
317646 by: tamouse mailing lists
317649 by: Tony Marston
Re: Blocking URL hacking attemps
317647 by: Mihamina Rakotomandimby
317648 by: admin
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
On Sun, Apr 22, 2012 at 1:41 AM, Vinay Kannan <viny...@gmail.com> wrote:
> Weekly subject wise lecture schedule, subject wise / faculty wise.
>
>
> On Sun, Apr 22, 2012 at 12:02 PM, tamouse mailing lists
> <tamouse.li...@gmail.com> wrote:
>>
>> On Fri, Apr 20, 2012 at 7:00 AM, Vinay Kannan <viny...@gmail.com> wrote:
>> > I am trying to develop a school time table system in php mysql, anybody
>> > has
>> > any headsup on the same, i was thinking about some existing scripts to
>> > take
>> > a look at.
>>
>> Not entirely clear what is meant by "time table" -- do you mean
>> schedule of classes? Important dates in the school year? or...?
>>
>> Also, what is it you want to be able to do with this? Who will be
>> using this? There are many different approaches one can take,
>> depending on what needs to happen. Hard to know what to suggest
>> without a little more info?
>
>
I modified an application that was originally set up for scheduling
conference rooms, my version was to schedule appointments at a
convention. You can grab it at https://github.com/tamouse/cdmacal .
It is probably *way* more complex than you need, but it might give
some ideas?
--- End Message ---
--- Begin Message ---
"tamouse mailing lists" wrote in message
news:CAHUC_t-cch8cBXZvzWtx42ZPFEuVkMPG=50jkwv+gygelk_...@mail.gmail.com...
On Sun, Apr 22, 2012 at 1:41 AM, Vinay Kannan <viny...@gmail.com> wrote:
Weekly subject wise lecture schedule, subject wise / faculty wise.
On Sun, Apr 22, 2012 at 12:02 PM, tamouse mailing lists
<tamouse.li...@gmail.com> wrote:
On Fri, Apr 20, 2012 at 7:00 AM, Vinay Kannan <viny...@gmail.com> wrote:
> I am trying to develop a school time table system in php mysql,
> anybody
> has any headsup on the same, i was thinking about some existing
> scripts to
> take a look at.
<snip>
I have a sample application called "Classroom Scheduling" which comes with
the Radicore framework. Even if you don't want to use the code, the database
design might be useful.
If you visit the Radicore website at http://www.radicore.org you can logon
to the demonstration system, click on the PROTO button, then select
"Classroom". This has functions for rooms, teachers, subjects, lessons,
classes and students.
--
Tony Marston
http://www.tonymarston.net
http://www.radicore.org
--- End Message ---
--- Begin Message ---
On 04/22/2012 07:55 PM, sono...@fannullone.us wrote:
Is there a way that I can trap the "extra" info in the URL's and pass it to the
I miss the interest of that system: the URL doesnt exist, so the nasty
client will get a 404 and you're done.
If you want to do more filtering, I would suggest coupling with
fail2ban, so that filtering will occur at TCP level.
--
RMA.
--- End Message ---
--- Begin Message ---
-----Original Message-----
From: sono...@fannullone.us [mailto:sono...@fannullone.us]
Sent: Sunday, April 22, 2012 12:55 PM
To: PHP General
Subject: [PHP] Blocking URL hacking attemps
I'm using a script called BlackHole that uses PHP and a "hidden"
directory to catch bad bots and block them by their IP address from the site
[http://perishablepress.com/blackhole-bad-bots/]. It's working very well,
but I'd like to expand on the idea.
When looking at our access logs, I see someone "adding code" to our
URL's in hopes to, apparently, hack into our site. If our URL is like this:
http://www.example.com/pages/bolts.php
they are adding to it like this:
http://www.example.com/pages/bolts.php/wp-content/themes/functions/thumb.php
.cache/external_e19f4bb51bc2262e07d23b79b916c12c.php
or
http://www.example.com/pages/bolts.php/cart.php
or
http://www.example.com/pages/bolts.php/wp-content/themes/functions/thumb.php
timthumb.php
or
http://www.example.com/pages/bolts.php/bratislava/stare-mesto
Is there a way that I can trap the "extra" info in the URL's and
pass it to the BlackHole script to ban these attempts as well? I'm thinking
I'll need to compare the entered URL with $_SERVER["PHP_SELF"] and if
there's extra info, like another "*.php", after the page name, then ban the
IP. I realize that's a rather simplistic explanation and there may be a
better way to accomplish this.
If anyone has any examples they can share, I'd really appreciate.
Thanks,
Marc
--
PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
Marc,
First I would suggest you look at htaccess or web.config depending
on your flavor of OS.
Examine the URL patterns and rewrite the URL appending to the string. This
will allow you a little more control.
I completely disagree on the blocking IP concept and this can lead to
network latency and other issues, redirecting traffic is more efficient.
I think the scare factor of products like black hole are really just that.
Bots are not always a bad thing, when your server becomes more popular
people are interested in content so controlling the bots is key.
IP addresses can be spoofed and if you have an auto block this could be your
undoing in the long run.
Rick..
--- End Message ---
