BHS: Security & IP Control - triplei-group/SERP GitHub Wiki
BHS: Security & IP Control
Initial IP Filter in BHS Module | Lightweight, Secure, and Unbreakable
✳️ Introduction: The BHS Module (Black Hole Security) in the SERP Platform serves as the first line of defense—a quantum firewall that instantly absorbs, evaluates, and neutralizes any suspicious or malformed input.
Among the most commonly exploited vectors is the IP parameter. The initial IP filter in BHS is designed with the philosophy of being:
Lightweight (no external dependencies)
Fast (execution time under 1ms)
Fail-safe (returns secure default instead of raising errors)
Tamper-resistant (detects and neutralizes stealth injections)
This makes it ideal as a base-layer validator before any deeper analysis or database interaction takes place.
⚙️ Core Logic Overview: GET Parameter Detection The filter checks for the presence of a SERP parameter in the URL query string. If found, it is treated as the input IP; if not, a neutral default (1.1.1.1) is used to avoid empty or undefined input errors.
IP Structure Validation The string is split into parts using . and must result in exactly 4 segments—no more, no less. This enforces a proper IPv4 format.
Length Consistency Check Before and After Integer Conversion A key security feature: the string length of each IP segment is recorded before type-casting to integer, and compared to the length after. This prevents sneaky injections such as 001, 008, or leading-zero octets designed to trick the parser.
Safe Fallback on Mismatch If any part fails validation, the system defaults to a non-functional IP: 404.1.1.1 This is not a real address, and its use clearly signals to the system that the input was rejected silently.
🔐 Security Highlights: Level 1 (Structure Validation): Catches malformed inputs and abnormal separators
Level 2 (Injection Prevention): Filters stealthy octet manipulations using zero-padding or alphanumerics
Level 3 (Silent Rejection): Prevents information leakage or error messages for attackers
Level 4 (No Crash Logic): Ensures system stability even under malformed or missing input
🪶 Performance and Design Benefits: Zero Dependencies: Uses only native PHP functions: explode, count, strlen, intval, array_diff
Ultra-fast Execution: Ideal for high-traffic environments
Compatible with PHP 5.4+
Can be used as a standalone filter or embedded in broader firewall logic
✅ This script is not a complex antivirus or IDS system—it's a smart, always-on gatekeeper for the most common attack vectors, and the first shield in the SERP security stack.
📎 See full code at the end of this document.
🛰️ Click to expand the core PHP logic
session_start();
if ( isset( $_GET[ "SERP" ] ) ) {
$ip = $_GET[ "SERP" ];
} else {
$ip = "1.1.1.1";
}
$ip = explode( '.', $ip );
if ( count( $ip ) != 4 ) {
$s = "404";
$ip = "404.1.1.1";
}
$s = $ip[ 0 ];
$e = $ip[ 1 ];
$r = $ip[ 2 ];
$p = $ip[ 3 ];
$ip_cout = array( strlen( $s ), strlen( $e ), strlen( $r ), strlen( $p ) );
$s = (int)$s;
$e = (int)$e;
$r = (int)$r;
$p = (int)$p;
$serp_cout = array( strlen( $s ), strlen( $e ), strlen( $r ), strlen( $p ) );
$compair = array_diff( $ip_cout, $serp_cout );
if ( $compair == NULL && $s > 0 && $e > 0 && $r > 0 && $p > 0 ) {
$ip = ( "$s.$e.$r.$p" );
} else {
$s = "404";
$ip = "404.1.1.1";
};