3 * Cracker Tracker Protection System - Extended Edition
4 * Initially created by Christian Knerr - www.cback.de
6 * Extended by: Roland Haeder - www.ship-simu.org
8 * @author Roland Haeder <webmaster@ship-simu.org>
10 * @copyright Copyright (c) 2009 - 2011 Cracker Tracker Team
11 * @license GNU GPL 3.0 or any newer version
12 * @link http://www.ship-simu.org
14 * This program is based on Cracker Tracker Protection System - Stand-Alone
15 * which has been written by Christian Knerr and is heavily enhanced in
16 * detectection, logging and reporting of suspicious traffic.
18 * This program is free software: you can redistribute it and/or modify
19 * it under the terms of the GNU General Public License as published by
20 * the Free Software Foundation, either version 3 of the License, or
21 * (at your option) any later version.
23 * This program is distributed in the hope that it will be useful,
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
26 * GNU General Public License for more details.
28 * You should have received a copy of the GNU General Public License
29 * along with this program. If not, see <http://www.gnu.org/licenses/>.
33 //* DEBUG: */ xdebug_start_trace();
36 require('config/db_config.php');
37 require('libs/lib_general.php');
38 require('libs/lib_detector.php');
39 require('libs/lib_connect.php');
40 require('libs/lib_updates.php');
43 initCrackerTrackerArrays();
45 // Get a database link
46 aquireCrackerTrackerDatabaseLink();
48 // Update database scheme
49 crackerTrackerUpdateDatabaseScheme();
51 // If it differs to original and the *whole* request string is not in whitelist
52 // then block the attempt
53 if (isCrackerTrackerWormDetected()) {
54 // Send the email, this must be the last line in this if() block because it contains a exit()
55 sendCrackerTrackerMail();
58 // Suspicious POST data detected?
59 if (isCrackerTrackerPostAttackDetected()) {
60 // Send the email, this must be the last line in this if() block because it contains a exit()
61 sendCrackerTrackerPostMail();
64 // Does the current IP produce some blocked requests but not now?
65 if ((getCrackerTrackerConfig('ctracker_alert_user') == 'Y') && (isCrackerTrackerIpSuspicious())) {
66 // This IP is suspicious, so we alert him/her
67 crackerTrackerAlertCurrentUser();
70 // Close any open database links
71 crackerTrackerCloseDatabaseLink();