'allow_url_fopen', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'safe_mode',
// PHP commands/scripts
- 'fopen', 'fwrite', 'phpinfo()', '\<?', '?\>',
+ 'fopen', 'fwrite', 'phpinfo()', '\<?', '?\>', 'base64_decode', 'file_put_contents',
+ 'set_magic_quotes_runtime', 'set_magic_quotes_runtime', 'display_errors', 'passthru',
// Typical PHP script remote-inclusions and typical include file names
'.inc.php', '.lib.php', '.class.php', 'config.php', '.inc', '_php',
'php_', 'class_', '_class.php', 'db_mysql.inc',
+ // PHP arrays
+ '_PHPLIB',
+
// Generic remote inclusion
'=http://', '=https://',
'path=', 'sql=',
// Prepare array for database insert
$rowData = array(
- 'remote_addr' => determineCrackerTrackerRealRemoteAddress(),
- 'proxy_addr' => getenv('REMOTE_ADDR'),
- 'user_agent' => crackerTrackerUserAgent(),
- 'get_data' => crackerTrackerQueryString(),
- 'post_data' => $GLOBALS['ctracker_post_track'],
- 'check_worm' => $GLOBALS['ctracker_checkworm'],
- 'check_post' => $GLOBALS['ctracker_check_post'],
- 'server_name' => crackerTrackerServerName(),
- 'script_name' => crackerTrackerScriptName(),
- 'referer' => crackerTrackerReferer(),
- 'proxy_used' => $proxyUsed,
- 'first_attempt' => 'NOW()'
+ 'remote_addr' => determineCrackerTrackerRealRemoteAddress(),
+ 'proxy_addr' => getenv('REMOTE_ADDR'),
+ 'user_agent' => crackerTrackerUserAgent(),
+ 'get_data' => crackerTrackerQueryString(),
+ 'post_data' => $GLOBALS['ctracker_post_track'],
+ 'check_worm' => $GLOBALS['ctracker_checkworm'],
+ 'check_post' => $GLOBALS['ctracker_check_post'],
+ 'server_name' => crackerTrackerServerName(),
+ 'script_name' => crackerTrackerScriptName(),
+ 'referer' => crackerTrackerReferer(),
+ 'request_method' => $_SERVER['REQUEST_METHOD'],
+ 'proxy_used' => $proxyUsed,
+ 'first_attempt' => 'NOW()'
);
// Insert the array in database