XSS Police: Block accesses attempting to perform XSS attacks

Recommend this page to a friend!

Download .zip

Info

View files (5)

Download .zip

Reputation

Support forum (2)

Blog

Links

Ratings				Unique User Downloads		Download Rankings
Not enough user ratings				Total: 1,104		All time: 3,398 This week: 182

Version		License		PHP version		Categories
`xss-attack-police` 1		Artistic License		3		Databases, Security

Description

Author

omid zarifi

This class can block accesses attempting to perform cross-site scripting attacks.

It can look at a given request variable value and detect character sequences that can be used in cross-site scripting attacks.

If an eventual attack is detected, the class can add a record to a MySQL database table to mark the current access IP address to be blocked in future accesses.

Innovation Award

August 2011
Number 4

Cross-site scripting attacks can be dangerous to a site, as they can be used to steal cookies of users accessing a site and eventually allow a malicious person to access the site as if he was one of the other users.

This class can be used to prevent causing greater damage to a site by detecting eventual attempts to perform cross-site scripting attacks and blocking the accesses of computers that were used to perform such kind of attack attempts.

Manuel Lemos

omid zarifi

Name:	omid zarifi `<contact>`
Classes:	4 packages by omid zarifi
Country:	United States
Age:	33
All time rank:	1269	184 in United States
Week rank:	641	75 in United States

Innovation award

Nominee: 2x

Files

File	Role	Description
`attack.sql`	Data	mysql db file
`class.xss.police.php`	Class	class file
`config.php`	Conf.	config db
`index.php`	Example	index page for test
`police.html`	Data	suspend page for attacker