'div style=', 'overflow: auto', 'height: 1px', 'cc%20', 'admin_action=', 'path=', 'action=http',
'page=http', 'module=http', 'op=http', 'id=http', 'id%3Dhttp', 'action%3Dhttp', 'page%3Dhttp',
'module%3Dhttp', 'op%3Dhttp', 'starhack', '../../', 'directory=http', 'dir=http', 'busca', 'uol.com',
- '=http://', '=https://','=ftp://'
+ '=http://', '=https://','=ftp://','_SESSION'
);
// Block these words found in POST requests
// Send the email out only in non-debug mode
if (isCrackerTrackerDebug()) {
// Output message
- print 'Recipient='.$recipient.'<br />Subject='.$subject.'<br />Text=<pre>' . $mail . '</pre>';
+ print 'Recipient=' . $recipient . '<br />Subject=' . $subject . '<br />Text=<pre>' . $mail . '</pre>';
// All fine
return true;
// Send it the deprecated way with constant
return mail(constant('__CTRACKER_EMAIL'), 'CTracker: Attack detected!', $mail, $GLOBALS['ctracker_header']);
}
- } // END - if
+ } elseif (isCrackerTrackerDebug()) {
+ // Output message
+ print 'Recipient=' . $recipient . '<br />Subject=' . $subject . '<br />Text=<pre>' . $mail . '</pre>';
+
+ // All fine
+ return true;
+ }
}
// Sends a detected POST attack mail
// Prepare array for database insert
$rowData = array(
- 'remote_addr' => determineCrackerTrackerRealRemoteAddress(),
- 'user_agent' => crackerTrackerUserAgent(),
- 'get_data' => crackerTrackerQueryString(),
- 'post_data' => $GLOBALS['ctracker_post_track'],
- 'check_worm' => $GLOBALS['ctracker_checkworm'],
- 'check_post' => $GLOBALS['ctracker_check_post'],
- 'server_name' => crackerTrackerServerName(),
- 'script_name' => crackerTrackerScriptName(),
- 'referer' => crackerTrackerReferer(),
- 'proxy_used' => $proxyUsed
+ 'remote_addr' => determineCrackerTrackerRealRemoteAddress(),
+ 'user_agent' => crackerTrackerUserAgent(),
+ 'get_data' => crackerTrackerQueryString(),
+ 'post_data' => $GLOBALS['ctracker_post_track'],
+ 'check_worm' => $GLOBALS['ctracker_checkworm'],
+ 'check_post' => $GLOBALS['ctracker_check_post'],
+ 'server_name' => crackerTrackerServerName(),
+ 'script_name' => crackerTrackerScriptName(),
+ 'referer' => crackerTrackerReferer(),
+ 'proxy_used' => $proxyUsed,
+ 'first_attempt' => 'NOW()'
);
// Insert the array in database
- crackerTrackerInsertArray($rowData);
+ crackerTrackerInsertArray('ctracker_data', $rowData);
}
// Alerts the current user about malicious/suspicious traffic