]> git.mxchange.org Git - ctracker.git/log
ctracker.git
8 years agoAdded MySQL internal-use-only function
Roland Häder [Mon, 25 Jul 2016 09:15:57 +0000 (11:15 +0200)]
Added MySQL internal-use-only function

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoAlso log request method
Roland Häder [Mon, 25 Jul 2016 07:59:45 +0000 (09:59 +0200)]
Also log request method

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoOne to much ...
Roland Häder [Wed, 20 Jul 2016 08:40:11 +0000 (10:40 +0200)]
One to much ...

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoMore PHP function calls (I don't like such RPCs) blocked
Roland Häder [Wed, 20 Jul 2016 08:26:41 +0000 (10:26 +0200)]
More PHP function calls (I don't like such RPCs) blocked

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoAdded .gitattributes
Roland Haeder [Sat, 13 Feb 2016 20:56:17 +0000 (21:56 +0100)]
Added .gitattributes

Signed-off-by: Roland Häder <roland@mxchange.org>
9 years agoOpps ...
Roland Haeder [Sat, 12 Sep 2015 21:38:08 +0000 (23:38 +0200)]
Opps ...

Signed-off-by: Roland Häder <roland@mxchange.org>
9 years agoRewrote to MySQLi
Roland Haeder [Sat, 12 Sep 2015 21:36:46 +0000 (23:36 +0200)]
Rewrote to MySQLi

Signed-off-by: Roland Häder <roland@mxchange.org>
10 years agoFixed
Roland Häder [Mon, 3 Nov 2014 09:53:26 +0000 (10:53 +0100)]
Fixed

Signed-off-by: Roland Häder <haeder@hmmdeutschland.de>
10 years agoAdded proc/self/environ
Roland Haeder [Sat, 1 Nov 2014 11:05:59 +0000 (12:05 +0100)]
Added proc/self/environ

Signed-off-by: Roland Häder <roland@mxchange.org>
10 years agoAdded 'safe_mode' (php.ini setting).
Roland Haeder [Sat, 1 Nov 2014 10:46:41 +0000 (11:46 +0100)]
Added 'safe_mode' (php.ini setting).

Signed-off-by: Roland Häder <roland@mxchange.org>
10 years agoDon't continue if the cookie has been set + ticket has created. 'unknown' was found...
Roland Haeder [Sat, 1 Nov 2014 10:30:26 +0000 (11:30 +0100)]
Don't continue if the cookie has been set + ticket has created. 'unknown' was found as IP address.

Signed-off-by: Roland Häder <roland@mxchange.org>
11 years agoAdded some php.ini settings to block
Roland Haeder [Fri, 18 Oct 2013 20:29:05 +0000 (20:29 +0000)]
Added some php.ini settings to block

11 years agoOpps, did forget the fetch :(
Roland Haeder [Mon, 12 Aug 2013 18:45:59 +0000 (18:45 +0000)]
Opps, did forget the fetch :(

11 years agoNo more ORDER BY required, cool.
Roland Haeder [Mon, 12 Aug 2013 18:38:24 +0000 (18:38 +0000)]
No more ORDER BY required, cool.

11 years agoAdded index + optimized query
Roland Haeder [Mon, 12 Aug 2013 18:20:27 +0000 (18:20 +0000)]
Added index + optimized query

11 years agoReverted removal, maybe now working?
Roland Haeder [Sun, 11 Aug 2013 12:32:43 +0000 (12:32 +0000)]
Reverted removal, maybe now working?

11 years agoOpps :(
Roland Haeder [Sun, 11 Aug 2013 12:23:57 +0000 (12:23 +0000)]
Opps :(

11 years ago:( Not good enough
Roland Haeder [Sun, 11 Aug 2013 12:17:01 +0000 (12:17 +0000)]
:( Not good enough

11 years agoAdded logging/detection of proxy IP address
Roland Haeder [Sun, 11 Aug 2013 12:15:49 +0000 (12:15 +0000)]
Added logging/detection of proxy IP address

11 years agoserver_name and script_name can now be NULL and set all empty strings to NULL, added...
Roland Haeder [Sun, 11 Aug 2013 12:02:25 +0000 (12:02 +0000)]
server_name and script_name can now be NULL and set all empty strings to NULL, added %3E%3C (><) which indicates an attempt to insert a HTML link into a badly secured URL

11 years ago%20 was to much here
Roland Haeder [Fri, 9 Aug 2013 18:25:05 +0000 (18:25 +0000)]
%20 was to much here

11 years agoJust '/group' was to restrictive (e.g. breaks StatusNet)
Roland Haeder [Fri, 26 Jul 2013 19:22:10 +0000 (19:22 +0000)]
Just '/group' was to restrictive (e.g. breaks StatusNet)

11 years agoAdded 'Autocomplete' as known-incompatible plugin
Roland Haeder [Thu, 25 Jul 2013 04:43:40 +0000 (04:43 +0000)]
Added 'Autocomplete' as known-incompatible plugin

11 years agoUpdated TODOs.txt
Roland Haeder [Sat, 20 Jul 2013 14:42:37 +0000 (14:42 +0000)]
Updated TODOs.txt

11 years agoFix for parser error :(
Roland Haeder [Sat, 20 Jul 2013 14:24:44 +0000 (14:24 +0000)]
Fix for parser error :(

11 years agoResorted almost all pattern checks + used more single-quotes than double
Roland Haeder [Sat, 20 Jul 2013 14:24:06 +0000 (14:24 +0000)]
Resorted almost all pattern checks + used more single-quotes than double

11 years agoWrappers like data://, tcp:// et cetera now blacklisted
Roland Haeder [Sat, 20 Jul 2013 13:30:14 +0000 (13:30 +0000)]
Wrappers like data://, tcp:// et cetera now blacklisted

11 years agoUse constants instead of keywords
Roland Haeder [Sat, 20 Jul 2013 13:07:03 +0000 (13:07 +0000)]
Use constants instead of keywords

11 years agoFixes (opps) for bad check, blocked all
Roland Haeder [Thu, 18 Jul 2013 00:53:17 +0000 (00:53 +0000)]
Fixes (opps) for bad check, blocked all

11 years agoExperimental commit:
Roland Haeder [Thu, 18 Jul 2013 00:07:58 +0000 (00:07 +0000)]
Experimental commit:
decode URL before checking to avoid something like this: q=%2FopenFooBar which
would be converted to q=%2fopenfoobar and then blocked as 'fopen' is then found.

This happens with StatusNet 1.1.1

11 years agoAdded incompatible notice
Roland Haeder [Thu, 27 Jun 2013 20:22:57 +0000 (20:22 +0000)]
Added incompatible notice

11 years agoExcluded secure_session=1 from mantis
Roland Haeder [Tue, 4 Jun 2013 13:57:14 +0000 (13:57 +0000)]
Excluded secure_session=1 from mantis

11 years agoNow use str_ireplace()
Roland Haeder [Thu, 18 Apr 2013 22:00:32 +0000 (22:00 +0000)]
Now use str_ireplace()

11 years agoBetter use this?
Roland Haeder [Sat, 30 Mar 2013 06:01:32 +0000 (06:01 +0000)]
Better use this?

11 years agoExtended is correct
Roland Haeder [Mon, 11 Mar 2013 23:04:23 +0000 (23:04 +0000)]
Extended is correct

11 years agoRemove even more
Roland Haeder [Tue, 26 Feb 2013 22:08:17 +0000 (22:08 +0000)]
Remove even more

11 years agounsetCtrackerData() introduced
Roland Haeder [Tue, 26 Feb 2013 21:46:56 +0000 (21:46 +0000)]
unsetCtrackerData() introduced

11 years agoDocu updated, detection array resorted a little
Roland Haeder [Thu, 20 Dec 2012 20:46:07 +0000 (20:46 +0000)]
Docu updated, detection array resorted a little

12 years agoBlocked also %27 (')
Roland Haeder [Wed, 24 Oct 2012 22:46:51 +0000 (22:46 +0000)]
Blocked also %27 (')

12 years agoDetection of attempt of SQL injections added
Roland Haeder [Wed, 24 Oct 2012 22:16:00 +0000 (22:16 +0000)]
Detection of attempt of SQL injections added

12 years agoTaken care of possible missing elements
Roland Haeder [Sat, 29 Sep 2012 22:06:08 +0000 (22:06 +0000)]
Taken care of possible missing elements

13 years ago'cmd=' broke to many legtime requests, cmd.exe should kill Windozer attacks a little...
Roland Haeder [Tue, 27 Sep 2011 18:27:44 +0000 (18:27 +0000)]
'cmd=' broke to many legtime requests, cmd.exe should kill Windozer attacks a little more

13 years ago.pl harms also legitime requests
Roland Haeder [Wed, 14 Sep 2011 10:59:31 +0000 (10:59 +0000)]
.pl harms also legitime requests

13 years agoNow all forms of '0x' are detected
Roland Haeder [Sat, 27 Aug 2011 23:10:59 +0000 (23:10 +0000)]
Now all forms of '0x' are detected

13 years agoDOCUMENT_ROOT and _SERVER added (avoid these things please)
Roland Haeder [Sat, 27 Aug 2011 23:05:40 +0000 (23:05 +0000)]
DOCUMENT_ROOT and _SERVER added (avoid these things please)

13 years agoBlock also these
Roland Haeder [Fri, 29 Jul 2011 09:43:07 +0000 (09:43 +0000)]
Block also these

13 years agoinit also this
Roland Haeder [Fri, 29 Jul 2011 05:18:51 +0000 (05:18 +0000)]
init also this

13 years agoFix for missing 'ctracker_post_track'
Roland Haeder [Fri, 29 Jul 2011 05:05:41 +0000 (05:05 +0000)]
Fix for missing 'ctracker_post_track'

13 years agoDetection of hexa-decimal encoded (0xXXXXX) strings added
Roland Haeder [Fri, 24 Jun 2011 12:47:17 +0000 (12:47 +0000)]
Detection of hexa-decimal encoded (0xXXXXX) strings added

13 years agosvn:eol-style set to 'native'
Roland Haeder [Wed, 20 Apr 2011 04:55:37 +0000 (04:55 +0000)]
svn:eol-style set to 'native'

13 years agoDuplicate entries removed, typo fixed
Roland Haeder [Sun, 10 Apr 2011 21:03:41 +0000 (21:03 +0000)]
Duplicate entries removed, typo fixed

13 years agoCopyright updated
Roland Haeder [Sun, 6 Mar 2011 11:29:30 +0000 (11:29 +0000)]
Copyright updated

13 years agoSome obsolete comment removed
Roland Haeder [Sun, 6 Mar 2011 11:28:32 +0000 (11:28 +0000)]
Some obsolete comment removed

13 years agoFixed error reporting for debug mode
Roland Haeder [Wed, 9 Feb 2011 14:19:14 +0000 (14:19 +0000)]
Fixed error reporting for debug mode

14 years agoDefault value of 'count' needs to be 1
Roland Haeder [Fri, 26 Nov 2010 15:30:03 +0000 (15:30 +0000)]
Default value of 'count' needs to be 1

14 years agoConfiguration entry 'ctracker_debug' renamed to 'ctracker_debug_enabled' to make...
Roland Haeder [Tue, 5 Oct 2010 11:43:54 +0000 (11:43 +0000)]
Configuration entry 'ctracker_debug' renamed to 'ctracker_debug_enabled' to make clear this is a boolean config

14 years agoSome code blocks moved, detection of '..//' added, user-agent is now securely used
Roland Haeder [Thu, 23 Sep 2010 12:09:23 +0000 (12:09 +0000)]
Some code blocks moved, detection of '..//' added, user-agent is now securely used

14 years agoSVN properties globally set
Roland Haeder [Tue, 14 Sep 2010 14:19:35 +0000 (14:19 +0000)]
SVN properties globally set

14 years ago'Based on' added, /proc/ will now be detected, do not use it in your scripts
Roland Haeder [Fri, 20 Aug 2010 08:27:38 +0000 (08:27 +0000)]
'Based on' added, /proc/ will now be detected, do not use it in your scripts

14 years agoFixes for missing config if no database link is provided
Roland Haeder [Sun, 18 Jul 2010 12:03:51 +0000 (12:03 +0000)]
Fixes for missing config if no database link is provided

14 years agoTODOs.txt updated ...
Roland Haeder [Thu, 8 Jul 2010 22:19:09 +0000 (22:19 +0000)]
TODOs.txt updated ...

14 years agoDocumentation does now make a notice about database-less operations
Roland Haeder [Thu, 8 Jul 2010 21:50:51 +0000 (21:50 +0000)]
Documentation does now make a notice about database-less operations

14 years agoUpdated to allow database-less operation
Roland Haeder [Thu, 8 Jul 2010 21:47:56 +0000 (21:47 +0000)]
Updated to allow database-less operation

14 years agoRenamed
Roland Haeder [Sun, 20 Jun 2010 16:10:13 +0000 (16:10 +0000)]
Renamed

14 years agoLog of first attempt fixed
Roland Haeder [Sun, 16 May 2010 02:20:40 +0000 (02:20 +0000)]
Log of first attempt fixed

14 years agoFix
Roland Haeder [Sun, 16 May 2010 02:17:39 +0000 (02:17 +0000)]
Fix

14 years agoThis should also not be used in URLs
Roland Haeder [Sat, 15 May 2010 07:37:33 +0000 (07:37 +0000)]
This should also not be used in URLs

14 years agoMissing form elements handled
Roland Haeder [Tue, 11 May 2010 09:19:49 +0000 (09:19 +0000)]
Missing form elements handled

14 years agoFix #4 from root...
Roland Häder [Tue, 11 May 2010 08:17:41 +0000 (08:17 +0000)]
Fix #4 from root...

14 years agoFix #3
Roland Haeder [Tue, 11 May 2010 08:12:54 +0000 (08:12 +0000)]
Fix #3

14 years agoFix #2
Roland Haeder [Tue, 11 May 2010 08:10:56 +0000 (08:10 +0000)]
Fix #2

14 years agoFixes... :(
Roland Haeder [Tue, 11 May 2010 08:09:48 +0000 (08:09 +0000)]
Fixes... :(

14 years agoComplete rewrite:
Roland Haeder [Tue, 11 May 2010 07:58:56 +0000 (07:58 +0000)]
Complete rewrite:
- Very simple and basic template system (HTML and email) added
- Templates are language-dependent or indepented, this depends on if you call
  crackerTrackerLoadTemplate() or crackerTrackerLoadLocalizedTemplate()
- Email templates are always language-depenent... :-)
- Flexible database auto-update added (please just call your secured script
  normally!)
- Language sub-system added (German and English language is complete)
- Suport ticket added which gives your users, if his IP has recent malicious
  activities on the secured server, a support ticket form where they can request
  help. After the form is sent, the user can fully disable that warning. This is
  done by the script sends him a cookie with his ticket id.
- This support ticket system can be switched off and a little configured in
  the database table 'ctracker_config'. You can currently change the following
  values there:
  + Minimum random delay in seconds (default: 10 seconds)
  + Maximum random delay in seconds (default: 30 seconds)
  + Wether the support ticket system is on/off (default: on)
  + Which language you prefer to read (default: en)
- README updated

14 years agoAdded more flexible options
Roland Haeder [Tue, 4 May 2010 18:31:12 +0000 (18:31 +0000)]
Added more flexible options

14 years agoUpdated
Roland Haeder [Tue, 4 May 2010 17:25:46 +0000 (17:25 +0000)]
Updated

14 years agoUpdated
Roland Haeder [Tue, 4 May 2010 17:08:27 +0000 (17:08 +0000)]
Updated

14 years agoRenamed to bypass naming conflicts
Roland Haeder [Thu, 7 Jan 2010 16:17:25 +0000 (16:17 +0000)]
Renamed to bypass naming conflicts

14 years agoNow detects proxy usage
Roland Haeder [Tue, 5 Jan 2010 02:33:20 +0000 (02:33 +0000)]
Now detects proxy usage

14 years agoMails updated
Roland Haeder [Thu, 31 Dec 2009 17:45:55 +0000 (17:45 +0000)]
Mails updated

14 years agoA lot spaces removed, array with server_name extended (SELECT query was extended...
Roland Haeder [Thu, 31 Dec 2009 17:42:57 +0000 (17:42 +0000)]
A lot spaces removed, array with server_name extended (SELECT query was extended, too)

14 years agoUnmodified GET data (query string) added
Roland Haeder [Thu, 31 Dec 2009 17:30:03 +0000 (17:30 +0000)]
Unmodified GET data (query string) added

14 years agoFix for warning
Roland Haeder [Thu, 31 Dec 2009 16:54:17 +0000 (16:54 +0000)]
Fix for warning

14 years agoSome nice improvements:
Roland Haeder [Thu, 31 Dec 2009 13:51:25 +0000 (13:51 +0000)]
Some nice improvements:
- Mail headers and receipient address configurable (the constant
  __CTRACKER_EMAIL is deprecated)
- Domain is now included in check (see function isCrackerTrackerEntryFound())
- Last attempt wasn't logged correctly (bad SQL)
- Minor improvements

14 years agoDatabase dump added
Roland Haeder [Thu, 31 Dec 2009 02:57:02 +0000 (02:57 +0000)]
Database dump added

14 years agoWe don't need an open database link after the work is done
Roland Haeder [Thu, 31 Dec 2009 02:53:13 +0000 (02:53 +0000)]
We don't need an open database link after the work is done

14 years agoFirst implemenation
Roland Haeder [Thu, 31 Dec 2009 02:36:49 +0000 (02:36 +0000)]
First implemenation

14 years agoEven more prepared
Roland Haeder [Wed, 30 Dec 2009 23:37:08 +0000 (23:37 +0000)]
Even more prepared

14 years agoAlso them... :(
Roland Haeder [Wed, 30 Dec 2009 23:34:36 +0000 (23:34 +0000)]
Also them... :(

14 years agoAll removed because this is a mini non-frameworked application
Roland Haeder [Wed, 30 Dec 2009 23:32:54 +0000 (23:32 +0000)]
All removed because this is a mini non-frameworked application

14 years agoInitial import with linked core from skeleton
Roland Haeder [Wed, 30 Dec 2009 23:30:36 +0000 (23:30 +0000)]
Initial import with linked core from skeleton