StrikeTracker is a lightweight, self-contained security system designed for Evo Xtreme CMS that detects and responds to SQL injection (SQLi) attempts. It works by scanning all incoming request URIs and query strings for suspicious keywords and patterns. This proactive scanning helps prevent malicious queries from reaching your backend logic or database.
One of StrikeTracker’s standout features is that it does not require a database to function. It operates entirely off the file system, storing its logs and ban lists in flat files. This design makes it extremely easy to implement, with minimal resource overhead. It also ensures that the security mechanism remains active even if your database is under attack or compromised.
If a query matches known SQLi attack patterns, the visitor’s IP is logged along with a timestamp, their browser user agent, and the exact query. On the third recorded offense from the same IP, StrikeTracker can either permanently ban the user via
.htaccess (on Apache servers) or update a custom local ban list for non-Apache environments. This ensures persistent blocking of repeat offenders, reducing risk over time.
Log management is also built in. StrikeTracker will automatically rotate its main log file once it exceeds 1MB in size, preserving older data with timestamped filenames. A cleanup system also ensures logs older than a certain threshold are purged, keeping the storage lean. Administrators can review incidents through a styled admin panel that parses and formats the log entries for clarity.
Beyond Evo Xtreme, StrikeTracker can be easily modified to run on nearly any PHP-based website. Since it doesn't rely on a specific CMS structure or database, it can be plugged into various systems with only small changes to file paths or integration points. This makes it a flexible, zero-database security option for developers looking to add a layer of protection to their projects.
- Scans all incoming query strings for SQL injection patterns
- Requires no database — works entirely with flat files
- Logs IP, user agent, timestamp, and the exact query
- Auto-bans IPs on the third offense (Apache and non-Apache compatible)
- Rotates logs automatically and removes old ones for performance
- Includes an admin panel to review attacks easily
- Easily portable to non-Evo Xtreme sites with minor tweaks
|
![[HSX] HeadShot Xtreme is officially recognized by the Central Outpost as a genuine gaming organization.](https://www.headshotdomain.net/files/coRpSE/cnopseal_X74-MEW1.png "[HSX] HeadShot Xtreme is officially recognized by the Central Outpost as a genuine gaming organization.")