一次下很多個搜尋條件(ex:AV or DAT or AVI or MP3 or .....),
造成資料庫一直在找資料而CPU負荷過重,最後導致當機。
\n攻擊的方法和防範的方法不只這些,有空再慢慢整理出來給大家。
修正如下
1. 限制訪客不能用搜尋、會員列表、會員群組。
2. 限制搜尋條件最多五個(含AND、OR、NOT)。
3. 限制訪客不能查看誰在線上詳細資料。
代碼: 選擇全部
#-----[ OPEN ]------------------------------------------
#
search.php
#
#-----[ FIND ]------------------------------------------
#
if ( $mode == 'searchuser' )
{
//
// This handles the simple windowed user search functions called from various other scripts
//
if ( isset($HTTP_POST_VARS['search_username']) )
{
username_search($HTTP_POST_VARS['search_username']);
}
else
{
username_search('');
}
#
#-----[ REPLACE ]---------------------------------------
#
if ( $mode == 'searchuser' )
{
//
// This handles the simple windowed user search functions called from various other scripts
//
if ( !$userdata['session_logged_in'] )
{
redirect(append_sid("login.$phpEx?redirect=search.$phpEx&mode=searchuser", true));
}
if ( isset($HTTP_POST_VARS['search_username']) )
{
username_search($HTTP_POST_VARS['search_username']);
}
else
{
username_search('');
}
#
#-----[ FIND ]------------------------------------------
#
else if ( $search_keywords != '' || $search_author != '' || $search_id )
{
$store_vars = array('search_results', 'total_match_count', 'split_search', 'sort_by', 'sort_dir', 'show_results', 'return_chars');
//
// Search ID Limiter, decrease this value if you experience further timeout problems with searching forums
$limiter = 5000;
//
// Cycle through options ...
//
if ( $search_id == 'newposts' || $search_id == 'egosearch' || $search_id == 'unanswered' || $search_keywords != '' || $search_author != '' )
{
#
#-----[ REPLACE ]---------------------------------------
#
else if ( $search_keywords != '' || $search_author != '' || $search_id )
{
$store_vars = array('search_results', 'total_match_count', 'split_search', 'sort_by', 'sort_dir', 'show_results', 'return_chars');
if ( !$userdata['session_logged_in'] )
{
redirect(append_sid("login.$phpEx?redirect=search.$phpEx", true));
}
//
// Search ID Limiter, decrease this value if you experience further timeout problems with searching forums
$limiter = 5000;
//
// Cycle through options ...
//
if ( $search_id == 'newposts' || $search_id == 'egosearch' || $search_id == 'unanswered' || $search_keywords != '' || $search_author != '' )
{
#
#-----[ FIND ]------------------------------------------
#
$word_match = array();
$result_list = array();
for($i = 0; $i < count($split_search); $i++)
{
switch ( $split_search[$i] )
{
case 'and':
$current_match_type = 'and';
break;
#
#-----[ REPLACE ]---------------------------------------
#
$word_match = array();
$result_list = array();
if ( count($split_search) > 5 )
{
message_die(GENERAL_MESSAGE, $lang['No_search_match']);
}
for($i = 0; $i < count($split_search); $i++)
{
switch ( $split_search[$i] )
{
case 'and':
$current_match_type = 'and';
break;
#
#-----[ SAVE/CLOSE ALL FILES ]--------------------------
代碼: 選擇全部
#
#-----[ OPEN ]------------------------------------------
#
groupcp.php
#
#-----[ FIND ]------------------------------------------
#
$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : 0;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : 0;
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
//
// Default var values
//
#
#-----[ REPLACE ]---------------------------------------
#
$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : 0;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : 0;
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
if ( !$userdata['session_logged_in'] )
{
redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx", true));
}
//
// Default var values
//
#
#-----[ SAVE/CLOSE ALL FILES ]--------------------------
代碼: 選擇全部
#
#-----[ OPEN ]------------------------------------------
#
viewonline.php
#
#-----[ FIND ]------------------------------------------
#
while ( $row = $db->sql_fetchrow($result) )
{
$view_online = false;
if ( $row['session_logged_in'] )
{
$user_id = $row['user_id'];
if ( $user_id != $prev_user )
{
#
#-----[ REPLACE ]---------------------------------------
#
while ( $row = $db->sql_fetchrow($result) )
{
$view_online = false;
if ( $row['session_logged_in'] && $userdata['session_logged_in'] )
{
$user_id = $row['user_id'];
if ( $user_id != $prev_user )
{
#
#-----[ SAVE/CLOSE ALL FILES ]--------------------------