curl attack prevention

Hello all!

Can you write me some code which let me sleep calm during the night
and what should I do to prevent some attackers from using curl function?

In Poland there is a big portal which become famous and some attackers
attacked it by using curl function and get all data about users.

Can you wirte me what should I do to prevent my portal from such attack?

Maybe id session regenerating is one of the thing which I should apply after
new login?

Thank you in advance
M.

Re: curl attack prevention

K. wrote:

> What should I do to prevent some attackers from using curl function?

Unplug your server.

--
----------------------------------
Iván Sánchez Ortega -ivansanchez-algarroba-escomposlinux-punto-org-

Proudly running Debian Linux with 2.6.22-3-amd64 kernel, KDE 3.5.8, and PHP
5.2.5-1 generating this signature.
Uptime: 12:23:02 up 68 days, 22:38, 4 users, load average: 1.69, 1.23,
1.07

Re: curl attack prevention

K. wrote:
> Hello all!
>
> Can you write me some code which let me sleep calm during the night
> and what should I do to prevent some attackers from using curl function?
>
> In Poland there is a big portal which become famous and some attackers
> attacked it by using curl function and get all data about users.
>
> Can you wirte me what should I do to prevent my portal from such attack?
>
> Maybe id session regenerating is one of the thing which I should apply after
> new login?
>
> Thank you in advance
> M.
>
>

Well, nothing special about curl.
It is just PHP's way of making http requests.

If the portals are hacked, they are NOT HACKED via Curl, but just USING
Curl.
The portals were unsafe to start with.

Regards,
Erwin Moller

Re: curl attack prevention

> Well, nothing special about curl.
> It is just PHP's way of making http requests.
>
> If the portals are hacked, they are NOT HACKED via Curl, but just USING
> Curl.
> The portals were unsafe to start with.
>
> Regards,
> Erwin Moller

Yes, I have made a mistake with saying that they are hacked via curl.
I meant that how to prevent from hacking by using curl.

What things should I apply to make my site safe and be sure that nobody
who uses curl will not hacked my site?

Please answer.
I will be very grateful for help
M.

Re: curl attack prevention

> What things should I apply to make my site safe and be sure that nobody
> who uses curl will not hacked my site?
>
> Please answer.
> I will be very grateful for help

Safety is not a command-line switch. Safety is looking what needs to be
done and exclude the rest. Like regenerating the session IDs. You should
always do that upon changing the user rights.
Also, take a good look at the file settings and look if sensitive files
are accessible from outside. Look at the possibility of SQL injection if
you use a database, and command-line injection if you call external
programs, e-mail injection if you send mail, etc.

And please don't expect our crystal balls to work if you even don't tell
us what OS you are using.

Safety is details and guarding those details.

Good luck,
--
Willem Bogaerts

Application smith
Kratz B.V.
http://www.kratz.nl/

Re: curl attack prevention

On 30 Jan, 11:56, "K." wrote:
> > Well, nothing special about curl.
> > It is just PHP's way of making http requests.
>
> > If the portals are hacked, they are NOT HACKED via Curl, but just USING
> > Curl.
> > The portals were unsafe to start with.
>
> > Regards,
> > Erwin Moller
>
> Yes, I have made a mistake with saying that they are hacked via curl.
> I meant that how to prevent from hacking by using curl.
>

The same way you prevent every other type of HTTP mediated attack.

Stop obsessing about Curl.

If you're having trouble understanding how the attack worked then tell
us where we can get more info on it.

Otherwise try google for 'PHP security'

C.

Re: curl attack prevention

K. wrote:
>> Well, nothing special about curl.
>> It is just PHP's way of making http requests.
>>
>> If the portals are hacked, they are NOT HACKED via Curl, but just USING
>> Curl.
>> The portals were unsafe to start with.
>>
>> Regards,
>> Erwin Moller
>
> Yes, I have made a mistake with saying that they are hacked via curl.
> I meant that how to prevent from hacking by using curl.
>
> What things should I apply to make my site safe and be sure that nobody
> who uses curl will not hacked my site?
>
> Please answer.
> I will be very grateful for help
> M.
>
>
>

You can't. You can't even tell if the user is using cURL, unless he
tells you.

Make your site safe and no one will be able to hack it - with or without
cURL. But if it isn't safe, it can be hacked - with or without cURL.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: curl attack prevention

Hello,

on 01/30/2008 09:13 AM K. said the following:
> Hello all!
>
> Can you write me some code which let me sleep calm during the night
> and what should I do to prevent some attackers from using curl function?
>
> In Poland there is a big portal which become famous and some attackers
> attacked it by using curl function and get all data about users.
>
> Can you wirte me what should I do to prevent my portal from such attack?
>
> Maybe id session regenerating is one of the thing which I should apply after
> new login?

I don't think session regeneration will prevent any user from automating
the login access with Curl or any kind of HTTP client that emulates a
browser.

I think a good CAPTCHA solution in the user contact pages, or the login
form page, and probably make it also appears once in a while, would make
the hackerks life more difficult, if possible at all.

Some time ago I had to start using CAPTCHA to protect the author contact
pages, and also to avoid excessive load caused by people that use site
mirroring tools. I wrote about it here:

http://www.phpclasses.org/blog/post/43-Site-growing-pains.ht ml


Here you may find several CAPTCHA solutions that you may want to try.
Some are very nifty, and they use sophisticated animated or Flash CAPTCHAs.

http://www.phpclasses.org/searchtag/CAPTCHA/by/package/tag/C APTCHA/

--

Regards,
Manuel Lemos

PHP professionals looking for PHP jobs
http://www.phpclasses.org/professionals/

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/