[tip] Using mx_errordocs to log other events.
 
 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.   printer-friendly view    phpMiX.org Forum Index -> mxBB Modules -> mxBB Module: mx_errordocs
View previous topic :: View next topic  
Author Message
markus
[Administrator]
[Administrator]


Joined: 28 Jul 2003
Posts: 1124

PostPosted: Fri Jul 30, 2004 5:01 pm    Post subject: [tip] Using mx_errordocs to log other events. Reply with quote

Purpose of this TIP is show you how easy it is use mx_errordocs to log, not only HTTP Errors, but also other events.

The method shown in this article requires you to modify some files from other modules. So, please, make backups before trying anything. Also, keep in mind that this is published in an "as-is" basis, that means if you use any of the following information, you do so at your own risk. Wink

For instance, in the following example, we are going to log unauthorized accesses to download a file detected mx_pafileDB module.

Code:
#
# ---[ OPEN ]----------
#
mxroot/common.php

#
# ---[ FIND ]----------
#
?>

#
# ---[ BEFORE, ADD ]----------
#
//-----------------
//+errordocs add-on
//
if( !defined('IN_ADMIN') && !function_exists('errordocs_and_message_die') )
{
   $module_root_save = $module_root_path;
   $module_root_path = $mx_root_path.'modules/mx_errordocs/';
   $errdoc_common = $module_root_path."includes/common.$phpEx";
   @include_once($errdoc_common);
   $module_root_path = $module_root_save;

   function errordocs_and_message_die($msg_code, $msg_text = '', $msg_title = '', $err_line = '', $err_file = '', $sql = '')
   {
      global $lang;

      if( isset($lang['ErrorDocs_Logged']) )
      {
         $errdoc = new clsErrorDocs(10000);
         $errdoc->capture_error_info(600);
         $errdoc->write_log();
         $msg_text .= '<br /><br />' . $lang['ErrorDocs_Logged'].' IP: '.decode_ip($errdoc->user_ip);
      }
      message_die($msg_code, $msg_text, $msg_title, $err_line, $err_file, $sql);
   }
}
//
//-errordocs add-on
//-----------------

#
# ---[ OPEN ]----------
#
mxroot/modules/mx_pafiledb/pafiledb/modules/pa_download.php

#
# ---[ FIND ]----------
#
$message = sprintf($lang['Sorry_auth_download'], $this->auth[$file_data['file_catid']]['auth_download_type']);
message_die(GENERAL_MESSAGE, $message);

#
# ---[ REPLACE WITH ]----------
#
$message = sprintf($lang['Sorry_auth_download'], $this->auth[$file_data['file_catid']]['auth_download_type']);
errordocs_and_message_die(GENERAL_MESSAGE, $message);

#
# ---[ FIND ]----------
#
message_die(GENERAL_MESSAGE, $lang['Directly_linked']);

#
# ---[ REPLACE WITH ]----------
#
errordocs_and_message_die(GENERAL_MESSAGE, $lang['Directly_linked']);

#
# ---[ SAVE/CLOSE ALL FILES ]----------
#


Note the method presented herein could be applied to other modules (mx_smartor's hotlink prevention, etc.), even the MX-Core (unauthorized page accesses, etc.).


Enjoy!

 
 
_________________
http://www.phpmix.org
 
Back to top
View user's profile Send private message
markus
[Administrator]
[Administrator]


Joined: 28 Jul 2003
Posts: 1124

PostPosted: Mon Oct 11, 2004 6:25 am    Post subject: [tip] Logging Denied Hotlinking Attempts Reply with quote

Here we go again with another nice example. Wink

Logging Hotlink Prevention

How to use errordocs module to log denied hotlinking attempts to your images?

ok, create an .htaccess file or edit it if you already have one in your webroot folder and paste the following code:

Code:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*png$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !yourdomain\.com [NC]
RewriteCond %{HTTP_REFERER} !myfriend\.com [NC]
RewriteCond %{HTTP_REFERER} !anotherfriend\.com [NC]
RewriteCond %{HTTP_REFERER} !google\. [NC]
RewriteRule (.*) /modules/mx_errordocs/errordocs.php?errno=700&errlog=yes

Please note, this is only valid for Apache webserver. Also, you should adapt it to your own needs. Let's see what each line does:

Code:
RewriteEngine On

This RewriteEngine directive enables the runtime rewriting engine. You can use this directive to disable the module instead of commenting out all the RewriteRule directives. Wink


Code:
RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*png$ [NC]

The first condition selects file names with the specified extensions. Of course, you can add or remove extensions. For instance, you might want to add wav, mp3, vid, mpg, etc. if you're hosting multimedia files on your server.

The follwing conditions are meant to filter which domains are allowed to hotlink our images. Wink


Code:
RewriteCond %{HTTP_REFERER} !^$

First one is an empty referer. This might happen on some browsers or when directly invoking the URL from the browser address bar. Also, the HTTP_REFERER field could be removed by a proxy or simply empty for whatever other reason. We should allow this kind of requests.


Code:
RewriteCond %{HTTP_REFERER} !yourdomain\.com [NC]

Next and most important, it might be a good idea to allow our own domain to hot link our own images. Laughing


Code:
RewriteCond %{HTTP_REFERER} !myfriend\.com [NC]
RewriteCond %{HTTP_REFERER} !anotherfriend\.com [NC]

Now, we can add as many lines like above to allow friend sites to hotlink our images.


Code:
RewriteCond %{HTTP_REFERER} !google\. [NC]

Also, you could consider Google a friend ...or not. Cool


Code:
RewriteRule (.*) /modules/mx_errordocs/errordocs.php?errno=700&errlog=yes

Finally, the last statement, if ALL above conditions were TRUE, it will perform a silent redirection to the mx_errordocs module. So, we can use it to log denied requests (errlog=yes).

Hint: We're using here a different error code (700). So, we can easilly identify such records in the log (from the ACP). No problem, we can create a new error message for this new error code as in the following example:

Code:
#
#---[ OPEN ]----------
#
modules/mx_errordocs/languages/lang_english/lang_main.php
#
#---[ FIND ]----------
#
//
// That's all Folks!
// -------------------------------------------------
?>
#
#---[ BEFORE ADD ]----------
#
//
// User Defined Errors...
//
$lang['ErrorDocs_Error'][700]['short'] = "Hotlinking Denied";
$lang['ErrorDocs_Error'][700]['long'] = "The site you were browsing was trying to show you in their page an image hosted in our server, thus consuming our bandwidth without permission.<br /><br />Please, help us avoid these kind of situations contacting the webmaster of the referring site. Thank you.";
#
#---[ SAVE ]----------
#


...and that's it!

Oh, feel free to post any question regarding this tips on the forum. Wink


Enjoy!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
References:
* Apache module: mod_rewrite
* Apache 1.3 URL Rewriting Guide
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 
 
_________________
http://www.phpmix.org
 
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.   printer-friendly view    phpMiX.org Forum Index -> mxBB Modules -> mxBB Module: mx_errordocs All times are GMT + 1 Hour
 
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum