Jan 5, 2001, 9:42 PM
Post #1 of 1
I run a small (100 user) members-only website. Due to it's nature, I recieve the occasional hack attempt, but lately the attempts have been on the increase. Since most of these attempts occur through the use of insecured wingates and proxies (socks 4 and 5) I would like to use a perl script to test the user's IP address to see if an unsecured wingate or proxy is running on that IP. I used to simply ban the addresses as part of the .htaccess, but that method is quickly becoming unwieldy, especially since there's a lag of several hours from the time the attempt takes place, until I check the IP's in the log. So what I really need is the following:
Checking for unsecured proxies
Get the user's IP (easy part)
Attempt to connect to common socks ports on the machine (1080, etc)
Don't delay too long, as the connection attempt should usually fail
If a connection is made, check to see if the proxy requires a password, or is unsecured
Create a redirect based on the results (another easy part)
I've searched and searched for something like this, but all I've come up with are various scripts that check for other common protocol ports (FTP, telnet, finger). I'm surprised something like this doesn't already exist in a generic form somewhere, as it seems like it would be a standard tool for secure, or access sensitive sites to use.
If anyone out there could offer advice on where to look, what modules I might need, suggestions on querying proxy servers to see if they're secured or not I'd really appreciate it! Otherwise, I'm completely clueless as to how to write this particular bit of code, since I've never written anything in perl that uses sockets.
Hope someone can help!