Updated to allow database-less operation

[ctracker.git] / libs / lib_detector.php

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index c9ea38d027f9cf18741a341e9d65a2c4b89b436e..1c16b54588cb31df37fbe97d857bc3952aca121a 100644 (file)
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -67,7 +67,7 @@ function initCrackerTrackerArrays () {
                'div style=', 'overflow: auto', 'height: 1px', 'cc%20', 'admin_action=', 'path=', 'action=http',
                'page=http', 'module=http', 'op=http', 'id=http', 'id%3Dhttp', 'action%3Dhttp', 'page%3Dhttp',
                'module%3Dhttp', 'op%3Dhttp', 'starhack', '../../', 'directory=http', 'dir=http', 'busca', 'uol.com',
-               '=http://', '=https://','=ftp://'
+               '=http://', '=https://','=ftp://','_SESSION'
        );
 
        // Block these words found in POST requests
@@ -160,7 +160,7 @@ function crackerTrackerSendMail ($mail, $recipient = null, $subject = null) {
                // Send the email out only in non-debug mode
                if (isCrackerTrackerDebug()) {
                        // Output message
-                       print 'Recipient='.$recipient.'<br />Subject='.$subject.'<br />Text=<pre>' . $mail . '</pre>';
+                       print 'Recipient=' . $recipient . '<br />Subject=' . $subject . '<br />Text=<pre>' . $mail . '</pre>';
 
                        // All fine
                        return true;
@@ -174,7 +174,13 @@ function crackerTrackerSendMail ($mail, $recipient = null, $subject = null) {
                        // Send it the deprecated way with constant
                        return mail(constant('__CTRACKER_EMAIL'), 'CTracker: Attack detected!', $mail, $GLOBALS['ctracker_header']);
                }
-       } // END - if
+       } elseif (isCrackerTrackerDebug()) {
+               // Output message
+               print 'Recipient=' . $recipient . '<br />Subject=' . $subject . '<br />Text=<pre>' . $mail . '</pre>';
+
+               // All fine
+               return true;
+       }
 }
 
 // Sends a detected POST attack mail
@@ -241,20 +247,21 @@ function crackerTrackerLogAttack () {
 
        // Prepare array for database insert
        $rowData = array(
-               'remote_addr' => determineCrackerTrackerRealRemoteAddress(),
-               'user_agent'  => crackerTrackerUserAgent(),
-               'get_data'    => crackerTrackerQueryString(),
-               'post_data'   => $GLOBALS['ctracker_post_track'],
-               'check_worm'  => $GLOBALS['ctracker_checkworm'],
-               'check_post'  => $GLOBALS['ctracker_check_post'],
-               'server_name' => crackerTrackerServerName(),
-               'script_name' => crackerTrackerScriptName(),
-               'referer'     => crackerTrackerReferer(),
-               'proxy_used'  => $proxyUsed
+               'remote_addr'   => determineCrackerTrackerRealRemoteAddress(),
+               'user_agent'    => crackerTrackerUserAgent(),
+               'get_data'      => crackerTrackerQueryString(),
+               'post_data'     => $GLOBALS['ctracker_post_track'],
+               'check_worm'    => $GLOBALS['ctracker_checkworm'],
+               'check_post'    => $GLOBALS['ctracker_check_post'],
+               'server_name'   => crackerTrackerServerName(),
+               'script_name'   => crackerTrackerScriptName(),
+               'referer'       => crackerTrackerReferer(),
+               'proxy_used'    => $proxyUsed,
+               'first_attempt' => 'NOW()'
        );
 
        // Insert the array in database
-       crackerTrackerInsertArray($rowData);
+       crackerTrackerInsertArray('ctracker_data', $rowData);
 }
 
 // Alerts the current user about malicious/suspicious traffic