‫"ت‬#$% &'() &* +,-‫ز‬#*

:!"#$%

:‫*)(ان‬

#/ 01/ ‫ذ‬3(4 ‫ی از‬07-389 ‫ای‬0* :; ‫@ در;?& ی ورودی‬A* ‫ه‬3'4

‫د‬393% ‫ی‬#/ ‫ روش‬.‫د دارد‬39‫ و‬D(8EF% ‫ی‬#/ ‫د روش‬3G +;#H &* #/ 01/ D434#I 07J ‫ذ‬3(4 ‫ی از ورود و‬07-389 ‫ای‬0*
:‫ از‬KLM‫ر‬#NO

‫ز‬#P% 07J ‫ی از ورود‬07-389 =1

‫س‬#LR#4 ‫ی‬#/ IP ‫ی از ورود‬07-389 =2

S/ #* "#* ‫ارد‬3% T7U0M =3

&* ‫ان را‬0*#U DH0EH‫ د‬default #; index ‫ت‬#'() @G#H #* ‫ان‬3M D% (‫ز‬#P% 07J ‫ی از ورود‬07-389) DW‫رد او‬3% ‫در‬
#* ‫اد‬0X‫ی ورود ا‬389 ‫ان‬3M D% (‫س‬#LR#4 ‫ی‬#/ IP ‫ی از ورود‬07-389) D%‫رد دو‬3% ‫ در‬#%‫ ا‬.+A* ‫ت آن‬#;3E'% ‫ر و‬KW3X :;
.+H‫ ا‬0EZ* &[/ ‫ از‬D%3H ‫رد‬3% #%‫ ا‬.+X0- ‫ را‬K43R D% +;#H :; ‫ وارد‬proxy #* &U D4#AU ‫ و‬D434#I 07J ‫ی‬#/ IP
.‫دد‬0- D% S/‫ا‬0X +;#H :; ‫ای‬0* \%#U +7L%‫د و ا‬3R D% &EX0- ]%#U DH0EH‫ا در آن د‬0;‫ز‬

‫ی‬#/ ‫ری‬3EU0;‫ از دا‬D1; ‫& در‬U ^;‫_ ا‬9 &* K7/‫م د‬#P4‫ ا‬K;#N4 D)#G ‫ر‬#U a7/ ‫م‬3H ‫رد‬3% b;0c ‫ از‬+7L%‫اری ا‬0I 0* ‫ای‬0*
.‫دازد‬0d D% ‫س‬#LR#4 ‫اد‬0X‫ ا‬#* &8*#$% &* ‫ر‬#U‫د‬3G ‫رت‬3) &* KU ‫ر‬#U ^;‫ ا‬#* .K7/‫ار د‬0I DE7L%‫;\ ا‬#X :; ‫د‬3G +;#H

:K7LU ‫ را وارد‬0;‫ی ز‬#/ KU \;#X ^;‫\ ا‬G‫ دا‬.K;‫ز‬#A* .php K43Ad #* \;#X :; ‫ر‬#U ^;‫ای ا‬0*

n kp-tools.com($a)

al $report_to ,$_log_file;
d_str = array("content-type:","charset=","mime-version:","multipart/mixed","bcc:","insert", "select", "update", "delete", "distinct",
g", "truncate", "replace","handler", "like", "as", "or", "procedure", "limit", "order by", "group by", "asc", "desc","../");
spect_found = false;
ach($bad_str as $suspect)

egi($suspect, strtolower($a)))

= (empty($_SERVER['REMOTE_ADDR'])) ? 'empty' : $_SERVER['REMOTE_ADDR'];

= (empty($_SERVER['HTTP_REFERER'])) ? 'empty' : $_SERVER['HTTP_REFERER'];
= (empty($_SERVER['HTTP_USER_AGENT'])) ? 'empty' : $_SERVER['HTTP_USER_AGENT'];
= (empty($_SERVER['REQUEST_URI'])) ? 'empty' : $_SERVER['REQUEST_URI'];
= (empty($_SERVER['REQUEST_METHOD'])) ? 'empty' : $_SERVER['REQUEST_METHOD'];

suspect_found = true;
= eregi_replace($suspect, " (>>><strong>".$suspect."</strong><<<) ", $a);

IF EMAIL NOTIFICATION ARE ADDED

.K7LU \$EL% root #; www #; wwwroot ‫ری‬3EU0;‫;\ را *& دا‬#X ،\;#X ^;‫ه ا‬07G‫ از ذ‬Kf*
ail($report_to,"[ABUSE] NOTIFICATION @ " .$_SERVER['HTTP_HOST'] . " by " . $ip,"possible abuse @ "
.‫د‬3R D%H:i:s')
RVER['HTTP_HOST'] . " by " . $ip ." (" . date('d/m/Y ‫ *& رو‬.‫\)"رو‬n\n"
0;‫م ز‬#7d #* ،‫د‬3R :#[R
."IP/HOST +;#H
" . $ip ‫وارد‬."USER
. "\n\n" 0NEf% 07J Dd ‫آی‬: :;
AGENT #* DAU
" . $ua 0-‫ن ا‬3LU‫ا‬
. "\n\n"
ERER : " . $rf . "\n\n" ."REQUEST URI : " . $ru . "\n\n" ."REQUEST METHOD : " . $rm . "\n\n" ."SUSPECT String: " . $a .
\n--","From:".$report_to."\nMessage-ID: <".date("YmdHis")."@".$_SERVER['SERVER_NAME'].">\nMime-Version:
Your IP is detected! Your IP is: *** 1.0\nContent-
text/plain; charset=UTF-8\nContent-Transfer-Encoding: 7bit");
KP-Tools DE7L%‫وه ا‬0- ‫ی از‬0/#c#I‫ آ‬#7U K7H