Log XSS and suspicious Queries to your site
Juni 30th, 2007 by Blu:RayNe
AddType application/x-httpd-php .bank
AddType application/x-httpd-php .bmp
AddType application/octet-stream .pdf
AddType application/octet-stream .PDF
AddType application/x-xpinstall .xpi
AddType application/x-httpd-php .bmp
AddType application/octet-stream .pdf
AddType application/octet-stream .PDF
AddType application/x-xpinstall .xpi
RewriteCond %{QUERY_STRING} (\"|%22).*(\>|%3E|<|%3C).* [NC]
RewriteRule ^(.*)$ log.php [NC]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E|%22) [NC]
RewriteRule ^(.*)$ log.php [NC]
RewriteCond %{QUERY_STRING} (javascript:).*(\;).* [NC]
RewriteRule ^(.*)$ log.php [NC]
RewriteCond %{QUERY_STRING} (\;|\’|\"|\%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if).* [NC]
RewriteRule ^(.*)$ log.php [NC]
RewriteRule (,|;|<|>|’|`) /log.php [NC]
…found in .htaccess at 0×000000.com. Also read the ha.ckers.org Cheat Sheet to XSS!
I guess I’ll rewrite my ErrorHandler a bit to support XSS or suhosin-messages. I’m not a big find of going through a houndred megabytes of apache-logs a day 
Filed under Security having
