-// if (preg_match("/^select/i",$sql) && (rand(0,1000)>MASTER2SLAVE) && $this->Master) {
-// every select query goes to onyx + opraveny regexp, aby matchoval vnorene selecty (br)
- if (preg_match('/^\(?select/i',$sql) && $this->Master) {
- $this->_linkId = false;
- $this->connect(SLAVE_HOST,SLAVE_USER,SLAVE_PASS,SLAVE_DATABASE);
- $this->Master = false;
-
- }
-
- elseif (!preg_match("/^select/i",$sql) && !$this->Master) {
- $this->_linkId = false;
- $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
- $this->Master = true;
- }
+ $this->_linkId = false;
+ $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
+ $this->Master = true;
+
+ // Simple IDS, against automats
+ // When possible attack is detected,
+ // query & session information is stored into log
+ // Looking for following string in SQL query:
+ // - "user()" (get cur. user)
+ // - "@@version" (get mysql version)
+ // - "AND 1=1" (blind sqli) (too many false positives?)
+ // - "information_schema" (for listing of tables, columns...)
+
+ // - "/*" (comment) (too many false positives?)
+ // - "--" (comment) (too many false positives?)
+
+ if (preg_match('/user\(\)/',$sql) || preg_match('/@@version/',$sql)
+ || preg_match('/information_schema/',$sql)|| preg_match('/AND 1=1/',$sql)
+ ) {
+ logger::log('SQL ALARM',$sql);
+
+ }