This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # apply this rule on any location that’s an image using Regexp | |
| location ~* \.(png|gif|jpg|jpeg|swf|ico)(\?[0-9]+)?$ { | |
| # block empty blocked or whiteliste referers | |
| valid_referers none blocked horrorblog.org www.horrorblog.org; | |
| if ($invalid_referer) { | |
| return 403; | |
| } | |
| } |
Ephigenia
/ gist:1175209
Created
August 27, 2011 10:08
— forked from FabianBeiner/gist:1169049
Simple function to check for the "Apache Killer" (see http://lists.grok.org.uk/pipermail/full-disclosure/2011-August/082299.html)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env php | |
| <?php | |
| function testForExploit($url = NULL) { | |
| $oCurl = curl_init($url); | |
| curl_setopt_array($oCurl, array (CURLOPT_HTTPHEADER => array('Range: bytes=0-4') | |
| ,CURLOPT_RETURNTRANSFER => 1 | |
| ,CURLOPT_TIMEOUT => 15 | |
| ,CURLOPT_CONNECTTIMEOUT => 0 | |
| ,CURLOPT_SSL_VERIFYHOST => 0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RewriteCond %{REQUEST_FILENAME} !-f | |
| RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g|png)$ [NC] | |
| RewriteRule ^(.*)$ thumbnailer.php?image=$1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $imageRoot = 'img/'; | |
| $requestedFilename = $_GET['image']; | |
| $formatRegexp = '@^'.$imageRoot. | |
| '(?P<hash>[a-z0-9]{8})\/'. | |
| '(?P<width>\d+|auto)x(?P<height>\d+|auto)\/'. | |
| '(?P<filename>[a-z0-9_.]+\.(jpg|gif|png))@i'; | |
| if (!preg_match($formatRegexp, $requestedFilename, $found)) { | |
| die('IMAGE NOT FOUND'); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # somewhere in the server section of any nginx config | |
| location ~* \.(png|gif|jpg|jpeg)(\?[0-9]+)?$ { | |
| # try existing files, or put request to index.php | |
| try_files $uri /thumbnailer.php?image=$uri; | |
| # old method when try_files did not exist | |
| # if (!-f $request_filename) { | |
| # rewrite ^/(.*)$ /thumbnailer.php?image=$1 last; | |
| # break; | |
| # } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // assume you embed your youtube videos in a container with the class ".youtube-video" | |
| // like this | |
| // <div class="youtube-video" id="youtube-VIDEOID"> | |
| // <img src="thumbnailurl" /> | |
| // </div> | |
| // and don’t forget the youtube jsapi js embed in your page and the google "pageTracker" | |
| // must also be available | |
| // | |
| window.onYouTubePlayerAPIReady = function() { | |
| $('.youtube-video').each(function(index, elm) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| CTL_CMD="apachectl"; | |
| REQUESTS_MAX="2"; | |
| SHOUT_GROUP="wesc"; | |
| SLEEP=1 | |
| echo "Press CTRL+C to stop"; | |
| while [ "$end" != "end" ] | |
| do |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| {to: from: cc:} | |
| horrorblog.org | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| from: | |
| @getsatisfaction.com | |
| @facebookmail | |
| @postmaster.twitter.com | |
| [email protected] | |
| [email protected] | |
| @foursquare | |
| [email protected] | |
| @imdb |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| to: horrorblog.org | |
| from: horrorblog.org | |
| cc: horrorblog.org | |
| } |