3 * Cracker Tracker Protection System - Enhanced Edition
4 * Initially created by Christian Knerr - www.cback.de
5 * Enhanced by: Roland Haeder - www.ship-simu.org
7 * @author Roland Haeder <webmaster@ship-simu.org>
9 * @copyright Copyright (c) 2009 - 2011 Cracker Tracker Team
10 * @license GNU GPL 3.0 or any newer version
11 * @link http://www.ship-simu.org
13 * This program is based on Cracker Tracker Protection System - Stand-Alone
14 * which has been written by Christian Knerr and is heavily enhanced in
15 * detectection, logging and reporting of suspicious traffic.
17 * This program is free software: you can redistribute it and/or modify
18 * it under the terms of the GNU General Public License as published by
19 * the Free Software Foundation, either version 3 of the License, or
20 * (at your option) any later version.
22 * This program is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
25 * GNU General Public License for more details.
27 * You should have received a copy of the GNU General Public License
28 * along with this program. If not, see <http://www.gnu.org/licenses/>.
32 include('config/db_config.php');
33 include('libs/lib_general.php');
34 include('libs/lib_detector.php');
35 include('libs/lib_connect.php');
36 include('libs/lib_updates.php');
39 initCrackerTrackerArrays();
41 // Get a database link
42 aquireCrackerTrackerDatabaseLink();
44 // Update database scheme
45 crackerTrackerUpdateDatabaseScheme();
47 // If it differs to original and the *whole* request string is not in whitelist
48 // then block the attempt
49 if (isCrackerTrackerWormDetected()) {
50 // Send the email, this must be the last line in this if() block because it contains a exit()
51 sendCrackerTrackerMail();
54 // Suspicious POST data detected?
55 if (isCrackerTrackerPostAttackDetected()) {
56 // Send the email, this must be the last line in this if() block because it contains a exit()
57 sendCrackerTrackerPostMail();
60 // Does the current IP produce some blocked requests but not now?
61 if ((getCrackerTrackerConfig('ctracker_alert_user') == 'Y') && (isCrackerTrackerIpSuspicious())) {
62 // This IP is suspicious, so we alert him/her
63 crackerTrackerAlertCurrentUser();
66 // Close any open database links
67 crackerTrackerCloseDatabaseLink();