From: Roland Häder <roland@mxchange.org>
Date: Thu, 11 Jul 2019 21:27:36 +0000 (+0200)
Subject: Continued:
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=71c88c1de47f8e9911b28ead8bb7d48b8790c22e;p=ctracker.git

Continued:
- ops, UA blacklist was double initialized?!
- added set_time_limit() PHP function for being blocked, should never be done
  over GET or UA string

Signed-off-by: Roland Häder <roland@mxchange.org>
---

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index 1134d36..fa47682 100644
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -103,7 +103,7 @@ function initCrackerTrackerArrays () {
 		// PHP commands/scripts
 		'fopen', 'fwrite', 'phpinfo()', '\<?', '?\>', 'base64_decode', 'file_put_contents',
 		'set_magic_quotes_runtime', 'set_magic_quotes_runtime', 'display_errors', 'passthru',
-		'call_user_func',
+		'call_user_func', 'set_time_limit',
 
 		// Typical PHP script remote-inclusions and typical include file names
 		'.inc.php', '.lib.php', '.class.php', 'config.php', '.inc', '_php',
@@ -181,34 +181,7 @@ function initCrackerTrackerArrays () {
 		// PHP commands/scripts
 		'fopen', 'fwrite', 'phpinfo()', '\<?', '?\>', 'base64_decode', 'file_put_contents',
 		'set_magic_quotes_runtime', 'set_magic_quotes_runtime', 'display_errors', 'passthru',
-
-		// Typical PHP script remote-inclusions and typical include file names
-		'.inc.php', '.lib.php', '.class.php', 'config.php', '.inc', '_php',
-		'php_', 'class_', '_class.php', 'db_mysql.inc',
-
-		// PHP arrays
-		'_phplib', '__callbackparam',
-
-		// Request header being inserted
-		'content-type',
-
-		// /proc/ and other forbidden paths
-		'proc/self/environ',
-	];
-
-	// BLock these words found in User-Agent
-	$GLOBALS['ctracker_ua_blacklist'] = array(
-		// Compiler/interpreter
-		'bin/g++ ', 'bin/c++ ', 'cc ', 'bin/python', 'bin/python', 'bin/tclsh',
-		'bin/tclsh', 'bin/nasm', '/perl', 'cmd.exe',
-		'nc.exe', 'ftp.exe', 'wget ', 'system(', 'curl ',
-
-		// php.ini settings
-		'allow_url_fopen', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'safe_mode',
-
-		// PHP commands/scripts
-		'fopen', 'fwrite', 'phpinfo()', '\<?', '?\>', 'base64_decode', 'file_put_contents',
-		'set_magic_quotes_runtime', 'set_magic_quotes_runtime', 'display_errors', 'passthru',
+		'set_time_limit',
 
 		// Server configuration (e.g. Apache)
 		'application/x-httpd-php',
@@ -225,7 +198,7 @@ function initCrackerTrackerArrays () {
 
 		// /proc/ and other forbidden paths
 		'proc/self/environ',
-	);
+	];
 
 	// Block these words found in POST requests
 	$GLOBALS['ctracker_post_blacklist'] = [