Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: script kiddie blocker Share/Save - My123World.Com!

  1. #1
    Security Researcher
    Join Date
    May 2011
    Location
    Pune, Maharashtra, India
    Posts
    237
    Blog Entries
    1

    script kiddie blocker

    ***** DEFENSIVE TECHNIQUE *********


    Hi All,


    Note: I have been talking a lot about making this list offline however never posted any details of this online so here are the details.
    Many time web site administrators are faced with situations like some script kiddie *empowered* by latest version of nessus or w3af or skipfish and is hell bent on putting your site to knees.

    at this point there are multiple options available one of then is going the cloudflare way or putting a web application firewall.


    I am thinking of a very simple method to do exactly the same i.e. provide some protection against simple script kiddies.


    *This method will in no ways protect you from a determined cracker or someone who is good at keeping his own tools*


    so basic logic is to compile a list of generic user agent strings of common tools so that they could be blocked @ htaccess level.

    Right now i am looking for all kind of possible inputs in terms of various useragents will publish a complete guide once i have sufficiently covered list of user agents.

    Basic htaccess rule list would be


    Code:
    # SKiddie Blocking
     RewriteEngine On
     
     RewriteCond %{HTTP_USER_AGENT}  [OR]
     RewriteCond %{HTTP_USER_AGENT} 
     RewriteRule ^.*  [F,L]
    
    # SKiddie end
    This will simply supply everyone with a simple blank page as response.

    Now The reason for this post is i am yet to collect the useragent strings for these scanner.
    so opening this thread so that we can get detailes by crowd source.

    SkipFish - SF in useragent
    DirBuster - Dirbuster in Useragent string.

    Once we have sufficient no of strings will build a simple code block which we can place in htaccess to get these things done.

    Note : I am in no ways saying this is the full fledge protection however will deter the script kiddies who don't even know that such options exist.
    Website :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

    Blog :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  2. #2
    Super Commando Dhruv abhaythehero's Avatar
    Join Date
    Sep 2010
    Location
    Lucknow/Pune,India
    Posts
    466
    Blog Entries
    2
    Most of these scanners have a list of user agents which they send. But they do send in additional headers. Like acunetix ...

    Code:
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0)
    Host: [domainremoved].org
    Connection: Close
    Acunetix-Product: WVS/2.0 (Acunetix Web Vulnerability Scanner - EVALUATION)
    Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
    Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
    mod_security-action: 406
    Anyway to counter these by .htaccess
    In the world of 0s and 1s, are you a zero or The One !

  3. #3
    Code:
    w3af
    User-agent: w3af.sourceforge.net
    I remember reading a article long ago by irongeek on skiddy baiting, Though its a completely different story, i think its worth a mention
    All izz Well

  4. #4
    Administrator 41.w4r10r's Avatar
    Join Date
    Jul 2010
    Location
    Pune
    Posts
    339
    Blog Entries
    3
    as far as i know many of this scanners can be configured to use any browsers i.e. IE,FF,Chrome user agent... so in such cases whats the idea??

    also i am not sure how much effective your idea will be.. but i will suggest now you have 2-3 tools user agent why dont you go for test run of your idea and then move ahead for collecting more user agent...

    and best of luck...

  5. #5
    Security Researcher
    Join Date
    May 2011
    Location
    Pune, Maharashtra, India
    Posts
    237
    Blog Entries
    1
    @abhay nice point so i will need such headers also
    this should be able to do it.
    RewriteCond %{HTTP:Acunetix-Product} ^WVS

    @41.w4r10r,
    I never said this will be full proof but this will be fool proof from people who just download tools and run it against sites.
    problem is not that they may find flaws.
    problems is that they use our bandwidth's.

    I already have something in this effect ready all we need is useragents that we can plug in
    htaccess based spamBot and Leacher Blocking Code | Anant Shrivastava : Techno Enthusiast
    and this works pretty well.
    Website :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

    Blog :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  6. #6
    Administrator 41.w4r10r's Avatar
    Join Date
    Jul 2010
    Location
    Pune
    Posts
    339
    Blog Entries
    3
    hmm your code on blog seems cool....

    bravo idea.....

  7. #7
    I like this idea to protect site from script kiddies.

    Dose anyone have list of the user-agents for scanners ?

  8. #8
    Security Researcher
    Join Date
    May 2011
    Location
    Pune, Maharashtra, India
    Posts
    237
    Blog Entries
    1
    Quote Originally Posted by d4rkd4wn View Post
    I like this idea to protect site from script kiddies.

    Dose anyone have list of the user-agents for scanners ?
    That's what i am missing just need that.

    the whole purpose of post is to collect such agents.
    Website :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

    Blog :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  9. #9
    Garage Newcomer
    Join Date
    Dec 2010
    Location
    Cyberworld
    Posts
    45
    i dont know my thinking is right or wrong but i will suggest one thing here ....

    use snort to collect the user agents it will help you alot .....

    snort have list of the malicious user agent list :P
    ~peace~

  10. #10
    Code:
    http://www.sans.org/reading_room/whitepapers/hackers/user-agent-field-analyzing-detecting-abnormal-malicious-organization_33874
    have a look here
    Garage4Hackers bugs for the community , of the community

    We provide IT
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •