3 * Cracker Tracker Protection System - Extended Edition
4 * Initially created by Christian Knerr - www.cback.de
6 * Extended by: Roland Haeder - www.ship-simu.org
8 * @author Roland Haeder <webmaster@ship-simu.org>
10 * @copyright Copyright (c) 2009 - 2011 Cracker Tracker Team
11 * @license GNU GPL 3.0 or any newer version
12 * @link http://www.ship-simu.org
14 * This program is based on Cracker Tracker Protection System - Stand-Alone
15 * which has been written by Christian Knerr and is heavily enhanced in
16 * detectection, logging and reporting of suspicious traffic.
18 * This program is free software: you can redistribute it and/or modify
19 * it under the terms of the GNU General Public License as published by
20 * the Free Software Foundation, either version 3 of the License, or
21 * (at your option) any later version.
23 * This program is distributed in the hope that it will be useful,
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
26 * GNU General Public License for more details.
28 * You should have received a copy of the GNU General Public License
29 * along with this program. If not, see <http://www.gnu.org/licenses/>.
33 include('config/db_config.php');
34 include('libs/lib_general.php');
35 include('libs/lib_detector.php');
36 include('libs/lib_connect.php');
37 include('libs/lib_updates.php');
40 initCrackerTrackerArrays();
42 // Get a database link
43 aquireCrackerTrackerDatabaseLink();
45 // Update database scheme
46 crackerTrackerUpdateDatabaseScheme();
48 // If it differs to original and the *whole* request string is not in whitelist
49 // then block the attempt
50 if (isCrackerTrackerWormDetected()) {
51 // Send the email, this must be the last line in this if() block because it contains a exit()
52 sendCrackerTrackerMail();
55 // Suspicious POST data detected?
56 if (isCrackerTrackerPostAttackDetected()) {
57 // Send the email, this must be the last line in this if() block because it contains a exit()
58 sendCrackerTrackerPostMail();
61 // Does the current IP produce some blocked requests but not now?
62 if ((getCrackerTrackerConfig('ctracker_alert_user') == 'Y') && (isCrackerTrackerIpSuspicious())) {
63 // This IP is suspicious, so we alert him/her
64 crackerTrackerAlertCurrentUser();
67 // Close any open database links
68 crackerTrackerCloseDatabaseLink();