Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.
Mostrar Mensajes Menú
mysql> describe banner;
+---------------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+---------------+------------------+------+-----+---------+----------------+
| id_banner | int(10) unsigned | NO | PRI | NULL | auto_increment |
| nombre | varchar(45) | YES | | NULL | |
| archivo | varchar(200) | YES | | NULL | |
| thumbnail | varchar(200) | YES | | NULL | |
| ventana_nueva | tinyint(1) | YES | | NULL | |
| url | varchar(255) | YES | | NULL | |
| activo | tinyint(1) | YES | | 1 | |
| borrado | tinyint(1) | YES | | 0 | |
| altura | int(11) | NO | | | |
| anchura | int(11) | NO | | | |
| defront | tinyint(1) | NO | | | |
| slot | int(10) unsigned | NO | UNI | | |
+---------------+------------------+------+-----+---------+----------------+
12 rows in set (0.00 sec)
order=down&id_banner=1&slot=1&idnextslot=2
//--------------------------------------------------------------+
// Case Down |
//--------------------------------------------------------------+
if($var['order']=="down"){
//--------------------------------------------------------------+
// First get the next Number ID slot and ID_banner |
//--------------------------------------------------------------+
$DBQuery->attrib['query'] = "SELECT id_banner, slot FROM `banner` WHERE `id_banner` ='".$var['idnextslot']."'";
//echo $DBQuery->attrib['query']."<br>";
$getNextSlot = $DBQuery->RunQuery();
//--------------------------------------------------------------+
// Update the original entry with the new id_slot |
//--------------------------------------------------------------+
$DBQuery->attrib['query'] = "UPDATE `banner` SET `slot` = '".$var['idnextslot']."' WHERE `id_banner` ='".$var['id_banner']."'";
//echo $DBQuery->attrib['query']."<br>";
$downSlot=$DBQuery->RunQuery();
//--------------------------------------------------------------+
// Update the entry target with the old slot |
//--------------------------------------------------------------+
$DBQuery->attrib['query'] = "UPDATE `banner` SET `slot` = '".$var['slot']."' WHERE `id_banner` ='".$getNextSlot[0]['id_banner']."'";
//echo $DBQuery->attrib['query']."<br>";
$downSlot=$DBQuery->RunQuery();
}
//-------------------------------------------------------------------------------------------------------------------------+
// Here emerge the two types of globals vars, copy all incoming POST and GET variables to an associative array called $var |
//-------------------------------------------------------------------------------------------------------------------------+
if(!isset($var) || !is_array($var)) {
$var = array();
$var = array_merge($_POST, $_GET); // GET overwrites POST
}
// With this function, we are clear the html chars to entity ascii
function clear_chars($var){
if(!is_array($var)){
return htmlspecialchars($var);
}
else{
$new_var = array();
foreach ($var as $j => $p){
$new_var[htmlspecialchars($j)]=clear_chars($p);
return $new_var;
}
}
}
if($_POST) $_POST=clear_chars($_POST);
if($_GET) $_GET=clear_chars($_GET);
if($_REQUEST) $_REQUEST=clear_chars($_REQUEST);
if($_SERVER) $_SERVER=clear_chars($_SERVER);
if($_COOKIE) $_COOKIE=clear_chars($_COOKIE);
<?
/*
/************************************************************
/
/ NST Anti Denial of Service Script v 0.1
/
/
/
/ Author: Link < link07@gmail.com >
/
/ ..::[N]eo [S]ecurity [T]eam::..
/
/ http://www.neosecurityteam.net
/
/ Date: October - 2006
/
/
/*************************************************************
This script will prevent Dos and DDos attacks using request flood
of http packets, that causes your server to excecute to much connections
with the database and execute tha php interpreter a lot of times in a few
seconds, all you have to do to install this is include it in a script that
all your scripts use , an script for the database connection for example
and create three empty txt files on the same folder with write and read
permissions: log.txt , bans.txt , counter.txt
This script will ban users using the .htaccess file, so dont forget to put
this is script on the same folder as the .htaccess file as well
It is very configurable just modify the parameters indicated below , to
asign how sctrict the script will act.
*/
$data = "";
$ban = "";
$visits = 1;
$error = 0;
$ahora = date("Y-n-j H:i:s");
$safemode = 0;
$new = "";
$flooder =0;
$registered = 0;
$wwwdir = "/home/neosecur/public_html/";
$ahora = date("Y-n-j H:i:s");
if(!$file = @fopen($wwwdir."log.txt","r"))
$error = 1;
while (!@feof($file))
{
$data .= @fgets($file);
}
$visitor = explode("\n",$data);
$i=0;
while($visitor[$i])
{
$iptime = explode("@",$visitor[$i]);
if ($_SERVER['REMOTE_ADDR'] == $iptime[0])
{
$tiempo = strtotime($ahora) - $iptime[1];
if ($tiempo <= 1) // this line controls the acces of an ip, only one request during the number of seconds you replace here
{
$safemode = 1;
$flooder = 1;
}
$iptime[1]=strtotime($ahora);
$registered = 1;
}
$new .=$iptime[0]."@".$iptime[1]."\n";
$i++;
}
if (!$registered)
$new.=$_SERVER['REMOTE_ADDR']."@".strtotime($ahora)."\n";
if (!@fclose($file))
$error = 1;
if(!$file = @fopen($wwwdir."log.txt","wt"))
$error = 1;
@fwrite($file,$new);
if (!@fclose($file))
$error = 1;
if (!$fcount = @fopen($wwwdir."counter.txt","rt"))
$error = 1;
$vst = @fgets($fcount);
$count = explode("@",$vst);
if (strtotime($ahora) == $count[1])
{
$visits = $count[0] + 1;
$count[0] = $visits;
}
else
{
$count[0] = 1;
$count[1] = strtotime($ahora);
}
if (!@fclose($fcount))
$error = 1;
$new = $count[0]."@".$count[1];
if (!$fcount = @fopen($wwwdir."counter.txt","wt"))
$error = 1;
@fwrite($fcount,$new);
if (!@fclose($fcount))
$error = 1;
$new = "";
$registered = 0;
if ($visits > 4) // this line controls visits during a second, it is used to prevent ddos attacks you can modify this depending on the capacity of your server
{
$safemode = 1;
if ($flooder)
{
if (!$fban = @fopen($wwwdir."bans.txt","rt")) $error = 1;
while (!@feof($fban))
{
$ban .= @fgets($fban);
}
$ips = explode ("\n",$ban);
$i=0;
while ($ips[$i])
{
if ($_SERVER['REMOTE_ADDR'] == $ips[$i])
$registered = 1;
$i++;
$new .=$ips[$i];
}
if (!@fclose($fban)) $error = 1;
if (!$registered)
{
if (!$fban = @fopen($wwwdir."bans.txt","wt")) $error = 1;
$new .=$_SERVER['REMOTE_ADDR']."\n";
@fwrite($fban,$new);
if (!@fclose($fban)) $error = 1;
}
else
{
if (!$fht = @fopen($wwwdir.".htaccess","rt"))
$error = 1;
$cont = "";
$cont2 = "";
$eob = 0;
while (!@feof($fht))
{
$a = @fgets($fht);
if ($eob)
$cont2.=$a;
else
{
if ($a == "</Limit>\r\n" or $a == "</Limit>" or $a == "</Limit>\n")
{
$eob = 1;
$cont2.=$a;
}
else
$cont.=$a;
}
}
if (!@fclose($fht))
$error = 1;
if (!$fht = @fopen($wwwdir.".htaccess","wt"))
$error = 1;
$cont .= "Deny from ".$_SERVER['REMOTE_ADDR']."\n";
$cont .= $cont2;
@fwrite($fht,$cont);
if (!@fclose($fht))
$error = 1;
}
}
}
if ($error)
{
echo "ocurrio un error inesperado por favor trata actualizando de nuevo o vuelve en un rato. Gracias por tu comprensión.";
exit(0);
}
if($safemode)
{
echo '<META HTTP-EQUIV="Refresh" CONTENT="2;URL=">';
exit(0);
}
// if no restrictions have been activated , the content of the web will be displayed normally
//echo "contenido";
?>
nano /etc/apt/sources.list
#Etch
deb http://http.us.debian.org/debian etch main contrib non-free
#deb http://non-us.debian.org/debian-non-US etch/non-US main contrib non-free
deb http://security.debian.org etch/updates main contrib non-free
#deb http://www.debian-multimedia.org etch main
deb-src http://http.us.debian.org/debian etch main contrib non-free
#Para Oracle
deb http://oss.oracle.com/debian unstable main non-free
ctrl+ X, S
apt-get update
apt-get install ssh
apt-get install libauthen-pam-perl libio-pty-perl libmd5-perl libnet-ssleay-perl
wget http://internap.dl.sourceforge.net/sourceforge/webadmin/webmin_1.410_all.deb
dpkg -i webmin_1.410_all.deb
Webmin install complete. You can now login to https://ip:10000/
as root with your root password, or as any user who can use sudo
to run commands as root.
https://ip:10000/
apt-get install apache2 php5 libapache2-mod-php5 php5-gd
a2enmod rewrite
/etc/init.d/apache2 force-reload
apt-get install build-essential php5-dev
cd /tmp
wget http://bart.eaccelerator.net/source/0.9.5.2/eaccelerator-0.9.5.2.tar.bz2
tar xvfj eaccelerator-0.9.5.2.tar.bz2
cd eaccelerator-0.9.5.2
phpize
./configure
make
make install
nano /etc/php5/conf.d/eaccelerator.ini
Ponemos:
extension="eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/var/cache/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
mkdir -p /var/cache/eaccelerator
chmod 0777 /var/cache/eaccelerator
/etc/init.d/apache2 restart
apt-get install php5-curl
/etc/init.d/apache2 reload
apt-get install openssl ssl-cert
apt-get install libapache2-mod-php5 php5-cli php5-common php5-cgi
a2enmod ssl
/etc/init.d/apache2 force-reload
openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout
/etc/apache2/apache.pem
Generating a 1024 bit RSA private key
...++++++
.................................++++++
writing new private key to '/etc/apache2/apache.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:MX
State or Province Name (full name) [Some-State]:DF
Locality Name (eg, city) []:Df
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:amartinezdec@abargon.com
chmod 600 /etc/apache2/apache.pem
nano /etc/apache2/sites-available/default
Cambiar:
NameVirtualHost *
por
NameVirtualHost *:80
NameVirtualHost *:443
Y agregrar dentro de la directiva <virtualhost>:
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
SSLCertificateKeyFile /etc/apache2/apache.pem
ctrl+ X, S
nano /etc/apache2/ports.conf
Agregrar:
Listen 443
ctrl+ X, S
/etc/init.d/apache2 reload
Probamos el PHP
nano /var/www/test.php
<?php phpinfo(); ?>
ctrl+ X, S
https://ip/test.php
apt-get install mysql-server mysql-client php5-mysql
apt-get install webalizer
cd /var/www/
mkdir phpmyadmin
cd /var/www/phpmyadmin
wget http://superb-west.dl.sourceforge.net/sourceforge/phpmyadmin/phpMyAdmin-2.11.6-all-languages.zip
unzip phpMyAdmin-2.11.6-all-languages.zip
https://ip/phpmyadmin/
Ponemos un theme bonito
cd /var/www/phpmyadmin/themes/
wget http://internap.dl.sourceforge.net/sourceforge/phpmyadmin/arctic_ocean-2.11a.zip
unzip arctic_ocean-2.11a.zip
nano /var/www/phpmyadmin/config.inc.php
<?php
$cfg['blowfish_secret'] = '8#$&/sdsad##';
$i = 0;
$i++;
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['extension'] = 'mysql';
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
$cfg['ThemeDefault']='arctic_ocean';
?>
ctrl+ X, S
wget http://oss.oracle.com/el4/RPM-GPG-KEY-oracle -O- | sudo apt-key add -
apt-get update
apt-get install oracle-xe
Executing Post-install steps...
You must run '/etc/init.d/oracle-xe configure' as the root user to configure the database.
/etc/init.d/oracle-xe configure
Specify the HTTP port that will be used for Oracle Application Express [8080]:
Specify a port that will be used for the database listener [1521]:
Specify a password to be used for database accounts. Note that the same
password will be used for SYS and SYSTEM. Oracle recommends the use of
different passwords for each database account. This can be done after
initial configuration:
Do you want Oracle Database 10g Express Edition to be started on boot (y/n) [y]:
Starting Oracle Net Listener...Done
Configuring Database...Done
Starting Oracle Database 10g Express Edition Instance...Done
Installation Completed Successfully.
To access the Database Home Page go to http://127.0.0.1:8080/apex
apt-get install vncserver
vncserver -geometry 1024x768 -depth 24
New 'X' desktop is nombredemáquina:1
Starting applications specified in /etc/X11/Xsession
Log file is /root/.vnc/nombredemáquina:1.log