From: Roland Haeder Date: Tue, 27 Sep 2011 18:27:44 +0000 (+0000) Subject: 'cmd=' broke to many legtime requests, cmd.exe should kill Windozer attacks a little... X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=3960f1ef5ca145697e9a4d52be4102b24b57983e;p=ctracker.git 'cmd=' broke to many legtime requests, cmd.exe should kill Windozer attacks a little more --- diff --git a/libs/lib_detector.php b/libs/lib_detector.php index b4044d9..c8e4463 100644 --- a/libs/lib_detector.php +++ b/libs/lib_detector.php @@ -43,7 +43,7 @@ function initCrackerTrackerArrays () { // Attacks we should detect and block $GLOBALS['ctracker_get_blacklist'] = array( 'chr(', 'chr=', 'chr%20', '%20chr', 'wget%20', '%20wget', 'wget(', - 'cmd=', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20', + 'cmd.exe', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20', 'union%20', '%20union', 'union(', 'union=', 'echr(', '%20echr', 'echr%20', 'echr=', 'esystem(', 'esystem%20', 'cp%20', '%20cp', 'cp(', 'mdir%20', '%20mdir', 'mdir(', 'mcd%20', 'mrd%20', 'rm%20', '%20mcd', '%20mrd', '%20rm', @@ -56,7 +56,7 @@ function initCrackerTrackerArrays () { 'new_password', '&icq','/etc/passwd','/etc/shadow', '/etc/groups', '/etc/gshadow', 'HTTP_USER_AGENT', 'HTTP_HOST', 'wget%20', 'uname\x20-', 'uname%20-', 'bin/id', '/bin/', '/chgrp', '/chown', '/usr/bin', 'g\+\+', 'bin/python', 'bin/tclsh', 'bin/nasm', 'perl%20', 'traceroute%20', - 'ping%20', 'bin/xterm', 'lsof%20', '.conf', 'motd%20', 'HTTP/1.', '.inc.php', '.lib.php', + 'ping%20', 'bin/xterm', 'lsof%20', '.conf', 'motd%20', 'HTTP/1.', '.inc.php', '.lib.php', '.class.php', 'config.php', 'file\://', 'window.open', '