Continued:

- added "vuln.php" which seem to be a remote-inclusion attack

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index 3b6dd587b197392da0cc19c144c38a94f1d67408..1a932ba40a253422b1f4722204704cff098c57cd 100644 (file)
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -154,6 +154,9 @@ function initCrackerTrackerArrays () {
                // Server configuration (e.g. Apache)
                'application/x-httpd-php', 'addtype', 'server-info', 'server-status',
 
+               // Annoying script name
+               'vuln.php',
+
                // @TODO Misc/unsorted
                'cgi-', '.eml', '$_request', '$_get', '$request', '$get', '.system',
                '&aim', 'new_password', '&icq', '.conf', 'motd ', 'HTTP/1.',
@@ -235,6 +238,9 @@ function initCrackerTrackerArrays () {
                // Server configuration (e.g. Apache)
                'application/x-httpd-php',
 
+               // Annoying script name
+               'vuln.php',
+
                // "Common" login names from VHCS exploiters
                'starhack', 'DeLiMehmet', 'hisset', 'Hisset', 'delimert', 'MecTruy'
        ];