Continued:

[ctracker.git] / libs / lib_detector.php

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index 3b6dd587b197392da0cc19c144c38a94f1d67408..ba51e053cd605cde24a5185fa6db5e84b76a5762 100644 (file)
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -154,13 +154,16 @@ function initCrackerTrackerArrays () {
                // Server configuration (e.g. Apache)
                'application/x-httpd-php', 'addtype', 'server-info', 'server-status',
 
+               // Annoying script name
+               'vuln.php',
+
                // @TODO Misc/unsorted
                'cgi-', '.eml', '$_request', '$_get', '$request', '$get', '.system',
                '&aim', 'new_password', '&icq', '.conf', 'motd ', 'HTTP/1.',
                'window.open', 'img src', 'img src', '.jsp', 'servlet', 'org.apache',
                'wwwacl', '/servlet/con', 'http_', 'secure_site, ok', 'chunked',
                '<script', 'mod_gzip_status', '.system', 'uol.com', ',0x', '(0x',
-               'INSERT_RANDOM_NUMBER_HERE',
+               'INSERT_RANDOM_NUMBER_HERE', '=passthru',
        ];
 
        // BLock these words found in User-Agent
@@ -235,6 +238,9 @@ function initCrackerTrackerArrays () {
                // Server configuration (e.g. Apache)
                'application/x-httpd-php',
 
+               // Annoying script name
+               'vuln.php',
+
                // "Common" login names from VHCS exploiters
                'starhack', 'DeLiMehmet', 'hisset', 'Hisset', 'delimert', 'MecTruy'
        ];