]> git.mxchange.org Git - ctracker.git/log
ctracker.git
4 years agoContinued:
Roland Häder [Wed, 28 Oct 2020 09:38:07 +0000 (10:38 +0100)]
Continued:
- should be "AND"

Signed-off-by: Roland Häder <roland@mxchange.org>
4 years agoContinued:
Roland Häder [Wed, 28 Oct 2020 09:21:03 +0000 (10:21 +0100)]
Continued:
- should be behind remote_addr

Signed-off-by: Roland Häder <roland@mxchange.org>
4 years agoContinued:
Roland Häder [Wed, 28 Oct 2020 09:16:38 +0000 (10:16 +0100)]
Continued:
- added spam_bot_dectections field to allow counting spambot attacks

Signed-off-by: Roland Häder <roland@mxchange.org>
4 years agoContinued:
Roland Häder [Wed, 28 Oct 2020 09:05:56 +0000 (10:05 +0100)]
Continued:
- changed all <?php print foo; ?> to <?= foo; ?>
- added hidden anti-spam field as I'm done with these spammers
  abusing my well-intended email form
- also included a message to those spammers

Signed-off-by: Roland Häder <roland@mxchange.org>
4 years agoContinued:
Roland Häder [Wed, 21 Oct 2020 08:27:37 +0000 (10:27 +0200)]
Continued:
- ignore any console request

Signed-off-by: Roland Häder <roland@mxchange.org>
4 years agoContinued:
Roland Häder [Tue, 11 Aug 2020 23:09:33 +0000 (01:09 +0200)]
Continued:
- maybe lame but those statements shall never happen in a user-agent string

Signed-off-by: Roland Häder <roland@mxchange.org>
4 years agoContinued:
Roland Häder [Sat, 6 Jun 2020 11:40:11 +0000 (13:40 +0200)]
Continued:
- added a few strings that are uncommon in URLs and should not be allowed:
  + urlencode() is a PHP function
  + invokefunction should not be possible from remote

Signed-off-by: Roland Häder <roland@mxchange.org>
5 years agoContinued:
Roland Häder [Tue, 13 Aug 2019 20:27:15 +0000 (22:27 +0200)]
Continued:
- blocked %systemroot% (search is case-insensitive)

Signed-off-by: Roland Häder <roland@mxchange.org>
5 years agoContinued:
Roland Häder [Thu, 11 Jul 2019 21:27:36 +0000 (23:27 +0200)]
Continued:
- ops, UA blacklist was double initialized?!
- added set_time_limit() PHP function for being blocked, should never be done
  over GET or UA string

Signed-off-by: Roland Häder <roland@mxchange.org>
5 years agoContinued:
Roland Häder [Thu, 16 May 2019 00:37:09 +0000 (02:37 +0200)]
Continued:
- blocked information_schema as this is an internal MySQL/MariaDB table

Signed-off-by: Roland Häder <roland@mxchange.org>
5 years agoContinued:
Roland Häder [Wed, 3 Apr 2019 16:01:44 +0000 (18:01 +0200)]
Continued:
- "=passthru" is also a strange/uncommon name for actions, modules, et cetera
- also it is a PHP command for executing commands ...

Signed-off-by: Roland Häder <roland@mxchange.org>
5 years agoContinued:
Roland Häder [Mon, 1 Apr 2019 23:38:55 +0000 (01:38 +0200)]
Continued:
- added "vuln.php" which seem to be a remote-inclusion attack

5 years agoContinued:
Roland Häder [Mon, 1 Apr 2019 16:22:37 +0000 (18:22 +0200)]
Continued:
- uh, last commit was UA, now POST data
- moved out server-config related to own "category"
- added application/x-httpd-php as this is not ment to be placed in URL, UA
  and POST data

Signed-off-by: Roland Häder <roland@mxchange.org>
5 years agoContinued:
Roland Häder [Mon, 1 Apr 2019 16:19:28 +0000 (18:19 +0200)]
Continued:
- moved Windows-related strings to own "category"
- added system.net.webclient and powershell, both not wanted in URLs
- ... and POST data as well

Signed-off-by: Roland Häder <roland@mxchange.org>
5 years agoContinued:
Roland Häder [Mon, 1 Apr 2019 14:43:20 +0000 (16:43 +0200)]
Continued:
- call_user_func(_array) does never belong into URLs, if your script requires
  this, please reconsider the security implications!

Signed-off-by: Roland Häder <roland@mxchange.org>
5 years agoContinued:
Roland Häder [Mon, 1 Apr 2019 12:20:36 +0000 (14:20 +0200)]
Continued:
- added "AddType" which has been recently used in a code-injection attack

Signed-off-by: Roland Häder <roland@mxchange.org>
5 years agoAlso __CALLBACKPARAM needs blocking
Roland Häder [Thu, 28 Jul 2016 11:00:39 +0000 (13:00 +0200)]
Also __CALLBACKPARAM needs blocking

Signed-off-by: Roland Häder <roland@mxchange.org>
5 years agoChecking against GET parameters is for the user-agent string not possible as
Roland Häder [Thu, 28 Jul 2016 10:57:49 +0000 (12:57 +0200)]
Checking against GET parameters is for the user-agent string not possible as
ordinary UAs may get blocked.

Signed-off-by: Roland Häder <rhaeder@cho-time.de>
6 years agoContinued:
Roland Häder [Tue, 28 Aug 2018 19:17:33 +0000 (21:17 +0200)]
Continued:
- replace old array() style with []
- really no need for array keys as they are auto-generated anyway

6 years agoContinued:
Roland Häder [Tue, 28 Aug 2018 19:14:55 +0000 (21:14 +0200)]
Continued:
- let's also include request method in mails
- ops, also need to distinguish between different request methods but with same remaining data

6 years agoCRLF->LF
Roland Häder [Tue, 28 Aug 2018 07:41:48 +0000 (09:41 +0200)]
CRLF->LF

Signed-off-by: Roland Häder <roland@mxchange.org>
6 years agoMerge branch 'master' of mx:/var/cache/git/repos/ctracker
Roland Häder [Tue, 28 Aug 2018 07:41:14 +0000 (09:41 +0200)]
Merge branch 'master' of mx:/var/cache/git/repos/ctracker

6 years agoContinued:
Roland Häder [Wed, 22 Aug 2018 18:28:29 +0000 (20:28 +0200)]
Continued:
- banned suhosin entirely from GET parameters (makes really no sense)
- also banned some other php.ini settings

6 years agoContinued:
Roland Häder [Wed, 22 Aug 2018 18:19:44 +0000 (20:19 +0200)]
Continued:
- added INSERT_RANDOM_NUMBER_HERE, typical for incompletely configured OpenX/revive Ad Server
- changed to "new" array style
- renamed ctracker_blocked_requests -> ctracker_blocked_methods as they are the
  request methods that should always be blocked
- updated .gitattributes

7 years agoproject name set
Roland Häder [Tue, 18 Jul 2017 15:56:21 +0000 (17:56 +0200)]
project name set

Signed-off-by: Roland Häder <roland@mxchange.org>
7 years agoupdated (c)
Roland Häder [Tue, 18 Jul 2017 15:55:36 +0000 (17:55 +0200)]
updated (c)

Signed-off-by: Roland Häder <roland@mxchange.org>
7 years agoIt is okay to have this NetBeans project around + ignored private data
Roland Häder [Tue, 18 Jul 2017 15:51:36 +0000 (17:51 +0200)]
It is okay to have this NetBeans project around + ignored private data

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoMantisBT need these being white-listed.
Roland Häder [Fri, 23 Sep 2016 15:14:27 +0000 (17:14 +0200)]
MantisBT need these being white-listed.

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoMust be id to have NULL counted, too.
Roland Häder [Wed, 31 Aug 2016 07:17:27 +0000 (09:17 +0200)]
Must be id to have NULL counted, too.

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoAdded view for request methods
Roland Häder [Wed, 31 Aug 2016 07:11:18 +0000 (09:11 +0200)]
Added view for request methods

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoAdded "detection" of open_basedir and php:// protocol:
Roland Häder [Tue, 30 Aug 2016 07:04:17 +0000 (09:04 +0200)]
Added "detection" of open_basedir and php:// protocol:
- common way to inject php.ini settings which overrides them and then try to
  inject external code (remote inclusion)
- don't do such things as http://host.example/script.php?bla=php://input

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoFixed parser error
Roland Häder [Mon, 22 Aug 2016 08:58:54 +0000 (10:58 +0200)]
Fixed parser error

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoSorted a bit + removed '.js' as this was to much and kicked out .json, too.
Roland Häder [Mon, 22 Aug 2016 07:52:19 +0000 (09:52 +0200)]
Sorted a bit + removed '.js' as this was to much and kicked out .json, too.

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoSome fixes:
Roland Häder [Wed, 10 Aug 2016 07:47:09 +0000 (09:47 +0200)]
Some fixes:
- also check REQUEST_URI array element as QUERY_STRING may not be always set
- only sanitize when string is not empty

Signed-off-by: Roland Häder <rhaeder@cho-time.de>
8 years agoAlso block request methods such as CONNECT as they can be used for proxying
Roland Häder [Fri, 5 Aug 2016 08:58:46 +0000 (10:58 +0200)]
Also block request methods such as CONNECT as they can be used for proxying
(means "hiding") other requests such as SMTP (spam) or POP3 (people try to read
their mails but wasting your bandwidth).

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoAlso __CALLBACKPARAM needs blocking
Roland Häder [Thu, 28 Jul 2016 11:00:39 +0000 (13:00 +0200)]
Also __CALLBACKPARAM needs blocking

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoChecking against GET parameters is for the user-agent string not possible as
Roland Häder [Thu, 28 Jul 2016 10:57:49 +0000 (12:57 +0200)]
Checking against GET parameters is for the user-agent string not possible as
ordinary UAs may get blocked.

Signed-off-by: Roland Häder <rhaeder@cho-time.de>
8 years agoOnly for testing purposes the string is being sanitized, else http:// becomes http...
Roland Häder [Thu, 28 Jul 2016 09:53:13 +0000 (11:53 +0200)]
Only for testing purposes the string is being sanitized, else http:// becomes http:/ and cannot be compared with http:// anymore

Signed-off-by: Roland Häder <rhaeder@cho-time.de>
8 years agoUpdated database
Roland Häder [Thu, 28 Jul 2016 08:21:46 +0000 (10:21 +0200)]
Updated database

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoRenaming season has started:
Roland Häder [Thu, 28 Jul 2016 08:18:13 +0000 (10:18 +0200)]
Renaming season has started:
- renamed $F -> $function
- renamed $L -> $line
- renamed $SQL -> $sqlString
- added type-hint for arrays

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoSanitize request strings (also serialized POST data) from trickery like '//'
Roland Häder [Thu, 28 Jul 2016 08:02:50 +0000 (10:02 +0200)]
Sanitize request strings (also serialized POST data) from trickery like '//'
and '/./' where the attacker tries to circumvent checks.

Signed-off-by: Roland Häder <rhaeder@cho-time.de>
8 years agoContinued:
Roland Häder [Thu, 28 Jul 2016 07:57:30 +0000 (09:57 +0200)]
Continued:
- esystem is, well, system is better to look for
- block content-type header-insertion

Signed-off-by: Roland Häder <rhaeder@cho-time.de>
8 years agoContinued improving:
Roland Häder [Thu, 28 Jul 2016 07:50:24 +0000 (09:50 +0200)]
Continued improving:
- introduced crackerTrackerRequestMethod() to encapsulate $_SERVER['REQUEST_METHOD'] retrival
- this allows the script being used on console now
- check also user-agent string for bad occurrences (difference not yet logged)

Signed-off-by: Roland Häder <rhaeder@cho-time.de>
8 years agoUpdated a lot:
Roland Häder [Wed, 27 Jul 2016 08:35:57 +0000 (10:35 +0200)]
Updated a lot:
- fixed domain as the one with dash is gone
- loading config is now done correctly after general array is being initialized
- fixed loading of header template

Signed-off-by: Roland Häder <rhaeder@cho-time.de>
8 years agoIndex on count column to improve SUM queries
Roland Häder [Tue, 26 Jul 2016 08:11:57 +0000 (10:11 +0200)]
Index on count column to improve SUM queries

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoThis column should be after remote_addr to have both side by side
Roland Häder [Tue, 26 Jul 2016 07:55:32 +0000 (09:55 +0200)]
This column should be after remote_addr to have both side by side

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoCan be combined and makes code look nicer.
Roland Häder [Tue, 26 Jul 2016 07:35:00 +0000 (09:35 +0200)]
Can be combined and makes code look nicer.

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoAdded MySQL internal-use-only function
Roland Häder [Mon, 25 Jul 2016 09:15:57 +0000 (11:15 +0200)]
Added MySQL internal-use-only function

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoAlso log request method
Roland Häder [Mon, 25 Jul 2016 07:59:45 +0000 (09:59 +0200)]
Also log request method

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoOne to much ...
Roland Häder [Wed, 20 Jul 2016 08:40:11 +0000 (10:40 +0200)]
One to much ...

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoMore PHP function calls (I don't like such RPCs) blocked
Roland Häder [Wed, 20 Jul 2016 08:26:41 +0000 (10:26 +0200)]
More PHP function calls (I don't like such RPCs) blocked

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoAdded .gitattributes
Roland Haeder [Sat, 13 Feb 2016 20:56:17 +0000 (21:56 +0100)]
Added .gitattributes

Signed-off-by: Roland Häder <roland@mxchange.org>
9 years agoOpps ...
Roland Haeder [Sat, 12 Sep 2015 21:38:08 +0000 (23:38 +0200)]
Opps ...

Signed-off-by: Roland Häder <roland@mxchange.org>
9 years agoRewrote to MySQLi
Roland Haeder [Sat, 12 Sep 2015 21:36:46 +0000 (23:36 +0200)]
Rewrote to MySQLi

Signed-off-by: Roland Häder <roland@mxchange.org>
10 years agoFixed
Roland Häder [Mon, 3 Nov 2014 09:53:26 +0000 (10:53 +0100)]
Fixed

Signed-off-by: Roland Häder <haeder@hmmdeutschland.de>
10 years agoAdded proc/self/environ
Roland Haeder [Sat, 1 Nov 2014 11:05:59 +0000 (12:05 +0100)]
Added proc/self/environ

Signed-off-by: Roland Häder <roland@mxchange.org>
10 years agoAdded 'safe_mode' (php.ini setting).
Roland Haeder [Sat, 1 Nov 2014 10:46:41 +0000 (11:46 +0100)]
Added 'safe_mode' (php.ini setting).

Signed-off-by: Roland Häder <roland@mxchange.org>
10 years agoDon't continue if the cookie has been set + ticket has created. 'unknown' was found...
Roland Haeder [Sat, 1 Nov 2014 10:30:26 +0000 (11:30 +0100)]
Don't continue if the cookie has been set + ticket has created. 'unknown' was found as IP address.

Signed-off-by: Roland Häder <roland@mxchange.org>
11 years agoAdded some php.ini settings to block
Roland Haeder [Fri, 18 Oct 2013 20:29:05 +0000 (20:29 +0000)]
Added some php.ini settings to block

11 years agoOpps, did forget the fetch :(
Roland Haeder [Mon, 12 Aug 2013 18:45:59 +0000 (18:45 +0000)]
Opps, did forget the fetch :(

11 years agoNo more ORDER BY required, cool.
Roland Haeder [Mon, 12 Aug 2013 18:38:24 +0000 (18:38 +0000)]
No more ORDER BY required, cool.

11 years agoAdded index + optimized query
Roland Haeder [Mon, 12 Aug 2013 18:20:27 +0000 (18:20 +0000)]
Added index + optimized query

11 years agoReverted removal, maybe now working?
Roland Haeder [Sun, 11 Aug 2013 12:32:43 +0000 (12:32 +0000)]
Reverted removal, maybe now working?

11 years agoOpps :(
Roland Haeder [Sun, 11 Aug 2013 12:23:57 +0000 (12:23 +0000)]
Opps :(

11 years ago:( Not good enough
Roland Haeder [Sun, 11 Aug 2013 12:17:01 +0000 (12:17 +0000)]
:( Not good enough

11 years agoAdded logging/detection of proxy IP address
Roland Haeder [Sun, 11 Aug 2013 12:15:49 +0000 (12:15 +0000)]
Added logging/detection of proxy IP address

11 years agoserver_name and script_name can now be NULL and set all empty strings to NULL, added...
Roland Haeder [Sun, 11 Aug 2013 12:02:25 +0000 (12:02 +0000)]
server_name and script_name can now be NULL and set all empty strings to NULL, added %3E%3C (><) which indicates an attempt to insert a HTML link into a badly secured URL

11 years ago%20 was to much here
Roland Haeder [Fri, 9 Aug 2013 18:25:05 +0000 (18:25 +0000)]
%20 was to much here

11 years agoJust '/group' was to restrictive (e.g. breaks StatusNet)
Roland Haeder [Fri, 26 Jul 2013 19:22:10 +0000 (19:22 +0000)]
Just '/group' was to restrictive (e.g. breaks StatusNet)

11 years agoAdded 'Autocomplete' as known-incompatible plugin
Roland Haeder [Thu, 25 Jul 2013 04:43:40 +0000 (04:43 +0000)]
Added 'Autocomplete' as known-incompatible plugin

11 years agoUpdated TODOs.txt
Roland Haeder [Sat, 20 Jul 2013 14:42:37 +0000 (14:42 +0000)]
Updated TODOs.txt

11 years agoFix for parser error :(
Roland Haeder [Sat, 20 Jul 2013 14:24:44 +0000 (14:24 +0000)]
Fix for parser error :(

11 years agoResorted almost all pattern checks + used more single-quotes than double
Roland Haeder [Sat, 20 Jul 2013 14:24:06 +0000 (14:24 +0000)]
Resorted almost all pattern checks + used more single-quotes than double

11 years agoWrappers like data://, tcp:// et cetera now blacklisted
Roland Haeder [Sat, 20 Jul 2013 13:30:14 +0000 (13:30 +0000)]
Wrappers like data://, tcp:// et cetera now blacklisted

11 years agoUse constants instead of keywords
Roland Haeder [Sat, 20 Jul 2013 13:07:03 +0000 (13:07 +0000)]
Use constants instead of keywords

11 years agoFixes (opps) for bad check, blocked all
Roland Haeder [Thu, 18 Jul 2013 00:53:17 +0000 (00:53 +0000)]
Fixes (opps) for bad check, blocked all

11 years agoExperimental commit:
Roland Haeder [Thu, 18 Jul 2013 00:07:58 +0000 (00:07 +0000)]
Experimental commit:
decode URL before checking to avoid something like this: q=%2FopenFooBar which
would be converted to q=%2fopenfoobar and then blocked as 'fopen' is then found.

This happens with StatusNet 1.1.1

11 years agoAdded incompatible notice
Roland Haeder [Thu, 27 Jun 2013 20:22:57 +0000 (20:22 +0000)]
Added incompatible notice

11 years agoExcluded secure_session=1 from mantis
Roland Haeder [Tue, 4 Jun 2013 13:57:14 +0000 (13:57 +0000)]
Excluded secure_session=1 from mantis

11 years agoNow use str_ireplace()
Roland Haeder [Thu, 18 Apr 2013 22:00:32 +0000 (22:00 +0000)]
Now use str_ireplace()

11 years agoBetter use this?
Roland Haeder [Sat, 30 Mar 2013 06:01:32 +0000 (06:01 +0000)]
Better use this?

11 years agoExtended is correct
Roland Haeder [Mon, 11 Mar 2013 23:04:23 +0000 (23:04 +0000)]
Extended is correct

11 years agoRemove even more
Roland Haeder [Tue, 26 Feb 2013 22:08:17 +0000 (22:08 +0000)]
Remove even more

11 years agounsetCtrackerData() introduced
Roland Haeder [Tue, 26 Feb 2013 21:46:56 +0000 (21:46 +0000)]
unsetCtrackerData() introduced

11 years agoDocu updated, detection array resorted a little
Roland Haeder [Thu, 20 Dec 2012 20:46:07 +0000 (20:46 +0000)]
Docu updated, detection array resorted a little

12 years agoBlocked also %27 (')
Roland Haeder [Wed, 24 Oct 2012 22:46:51 +0000 (22:46 +0000)]
Blocked also %27 (')

12 years agoDetection of attempt of SQL injections added
Roland Haeder [Wed, 24 Oct 2012 22:16:00 +0000 (22:16 +0000)]
Detection of attempt of SQL injections added

12 years agoTaken care of possible missing elements
Roland Haeder [Sat, 29 Sep 2012 22:06:08 +0000 (22:06 +0000)]
Taken care of possible missing elements

13 years ago'cmd=' broke to many legtime requests, cmd.exe should kill Windozer attacks a little...
Roland Haeder [Tue, 27 Sep 2011 18:27:44 +0000 (18:27 +0000)]
'cmd=' broke to many legtime requests, cmd.exe should kill Windozer attacks a little more

13 years ago.pl harms also legitime requests
Roland Haeder [Wed, 14 Sep 2011 10:59:31 +0000 (10:59 +0000)]
.pl harms also legitime requests

13 years agoNow all forms of '0x' are detected
Roland Haeder [Sat, 27 Aug 2011 23:10:59 +0000 (23:10 +0000)]
Now all forms of '0x' are detected

13 years agoDOCUMENT_ROOT and _SERVER added (avoid these things please)
Roland Haeder [Sat, 27 Aug 2011 23:05:40 +0000 (23:05 +0000)]
DOCUMENT_ROOT and _SERVER added (avoid these things please)

13 years agoBlock also these
Roland Haeder [Fri, 29 Jul 2011 09:43:07 +0000 (09:43 +0000)]
Block also these

13 years agoinit also this
Roland Haeder [Fri, 29 Jul 2011 05:18:51 +0000 (05:18 +0000)]
init also this

13 years agoFix for missing 'ctracker_post_track'
Roland Haeder [Fri, 29 Jul 2011 05:05:41 +0000 (05:05 +0000)]
Fix for missing 'ctracker_post_track'

13 years agoDetection of hexa-decimal encoded (0xXXXXX) strings added
Roland Haeder [Fri, 24 Jun 2011 12:47:17 +0000 (12:47 +0000)]
Detection of hexa-decimal encoded (0xXXXXX) strings added

13 years agosvn:eol-style set to 'native'
Roland Haeder [Wed, 20 Apr 2011 04:55:37 +0000 (04:55 +0000)]
svn:eol-style set to 'native'

13 years agoDuplicate entries removed, typo fixed
Roland Haeder [Sun, 10 Apr 2011 21:03:41 +0000 (21:03 +0000)]
Duplicate entries removed, typo fixed

13 years agoCopyright updated
Roland Haeder [Sun, 6 Mar 2011 11:29:30 +0000 (11:29 +0000)]
Copyright updated

13 years agoSome obsolete comment removed
Roland Haeder [Sun, 6 Mar 2011 11:28:32 +0000 (11:28 +0000)]
Some obsolete comment removed