Continued:

- added some php.ini keys as they where used for attacking my server (the later
  was intended to include a remote text file

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index 122f773c465a188479bb3c8ba5b0e65a6c6e40d5..c139b28370d9543dcdf62a1d28fd4f8cd98c4d22 100644 (file)
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -105,6 +105,9 @@ function initCrackerTrackerArrays () {
                'set_magic_quotes_runtime', 'set_magic_quotes_runtime', 'display_errors', 'passthru',
                'call_user_func', 'set_time_limit', 'urldecode',
 
                'set_magic_quotes_runtime', 'set_magic_quotes_runtime', 'display_errors', 'passthru',
                'call_user_func', 'set_time_limit', 'urldecode',
 

+               // php.ini variables
+               'disable_functions', 'safe_mode', 'allow_url_include', 'auto_prepend_file',
+

                // Typical PHP script remote-inclusions and typical include file names
                '.inc.php', '.lib.php', '.class.php', 'config.php', '.inc', '_php',
                'php_', 'class_', '_class.php', 'db_mysql.inc',
                // Typical PHP script remote-inclusions and typical include file names
                '.inc.php', '.lib.php', '.class.php', 'config.php', '.inc', '_php',
                'php_', 'class_', '_class.php', 'db_mysql.inc',