]>
git.mxchange.org Git - ctracker.git/log
Roland Häder [Wed, 28 Oct 2020 09:38:07 +0000 (10:38 +0100)]
Continued:
- should be "AND"
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Wed, 28 Oct 2020 09:21:03 +0000 (10:21 +0100)]
Continued:
- should be behind remote_addr
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Wed, 28 Oct 2020 09:16:38 +0000 (10:16 +0100)]
Continued:
- added spam_bot_dectections field to allow counting spambot attacks
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Wed, 28 Oct 2020 09:05:56 +0000 (10:05 +0100)]
Continued:
- changed all <?php print foo; ?> to <?= foo; ?>
- added hidden anti-spam field as I'm done with these spammers
abusing my well-intended email form
- also included a message to those spammers
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Wed, 21 Oct 2020 08:27:37 +0000 (10:27 +0200)]
Continued:
- ignore any console request
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Tue, 11 Aug 2020 23:09:33 +0000 (01:09 +0200)]
Continued:
- maybe lame but those statements shall never happen in a user-agent string
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Sat, 6 Jun 2020 11:40:11 +0000 (13:40 +0200)]
Continued:
- added a few strings that are uncommon in URLs and should not be allowed:
+ urlencode() is a PHP function
+ invokefunction should not be possible from remote
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Tue, 13 Aug 2019 20:27:15 +0000 (22:27 +0200)]
Continued:
- blocked %systemroot% (search is case-insensitive)
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Thu, 11 Jul 2019 21:27:36 +0000 (23:27 +0200)]
Continued:
- ops, UA blacklist was double initialized?!
- added set_time_limit() PHP function for being blocked, should never be done
over GET or UA string
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Thu, 16 May 2019 00:37:09 +0000 (02:37 +0200)]
Continued:
- blocked information_schema as this is an internal MySQL/MariaDB table
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Wed, 3 Apr 2019 16:01:44 +0000 (18:01 +0200)]
Continued:
- "=passthru" is also a strange/uncommon name for actions, modules, et cetera
- also it is a PHP command for executing commands ...
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Mon, 1 Apr 2019 23:38:55 +0000 (01:38 +0200)]
Continued:
- added "vuln.php" which seem to be a remote-inclusion attack
Roland Häder [Mon, 1 Apr 2019 16:22:37 +0000 (18:22 +0200)]
Continued:
- uh, last commit was UA, now POST data
- moved out server-config related to own "category"
- added application/x-httpd-php as this is not ment to be placed in URL, UA
and POST data
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Mon, 1 Apr 2019 16:19:28 +0000 (18:19 +0200)]
Continued:
- moved Windows-related strings to own "category"
- added system.net.webclient and powershell, both not wanted in URLs
- ... and POST data as well
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Mon, 1 Apr 2019 14:43:20 +0000 (16:43 +0200)]
Continued:
- call_user_func(_array) does never belong into URLs, if your script requires
this, please reconsider the security implications!
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Mon, 1 Apr 2019 12:20:36 +0000 (14:20 +0200)]
Continued:
- added "AddType" which has been recently used in a code-injection attack
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Thu, 28 Jul 2016 11:00:39 +0000 (13:00 +0200)]
Also __CALLBACKPARAM needs blocking
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Thu, 28 Jul 2016 10:57:49 +0000 (12:57 +0200)]
Checking against GET parameters is for the user-agent string not possible as
ordinary UAs may get blocked.
Signed-off-by: Roland Häder <rhaeder@cho-time.de>
Roland Häder [Tue, 28 Aug 2018 19:17:33 +0000 (21:17 +0200)]
Continued:
- replace old array() style with []
- really no need for array keys as they are auto-generated anyway
Roland Häder [Tue, 28 Aug 2018 19:14:55 +0000 (21:14 +0200)]
Continued:
- let's also include request method in mails
- ops, also need to distinguish between different request methods but with same remaining data
Roland Häder [Tue, 28 Aug 2018 07:41:48 +0000 (09:41 +0200)]
CRLF->LF
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Tue, 28 Aug 2018 07:41:14 +0000 (09:41 +0200)]
Merge branch 'master' of mx:/var/cache/git/repos/ctracker
Roland Häder [Wed, 22 Aug 2018 18:28:29 +0000 (20:28 +0200)]
Continued:
- banned suhosin entirely from GET parameters (makes really no sense)
- also banned some other php.ini settings
Roland Häder [Wed, 22 Aug 2018 18:19:44 +0000 (20:19 +0200)]
Continued:
- added INSERT_RANDOM_NUMBER_HERE, typical for incompletely configured OpenX/revive Ad Server
- changed to "new" array style
- renamed ctracker_blocked_requests -> ctracker_blocked_methods as they are the
request methods that should always be blocked
- updated .gitattributes
Roland Häder [Tue, 18 Jul 2017 15:56:21 +0000 (17:56 +0200)]
project name set
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Tue, 18 Jul 2017 15:55:36 +0000 (17:55 +0200)]
updated (c)
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Tue, 18 Jul 2017 15:51:36 +0000 (17:51 +0200)]
It is okay to have this NetBeans project around + ignored private data
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Fri, 23 Sep 2016 15:14:27 +0000 (17:14 +0200)]
MantisBT need these being white-listed.
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Wed, 31 Aug 2016 07:17:27 +0000 (09:17 +0200)]
Must be id to have NULL counted, too.
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Wed, 31 Aug 2016 07:11:18 +0000 (09:11 +0200)]
Added view for request methods
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Tue, 30 Aug 2016 07:04:17 +0000 (09:04 +0200)]
Added "detection" of open_basedir and php:// protocol:
- common way to inject php.ini settings which overrides them and then try to
inject external code (remote inclusion)
- don't do such things as http://host.example/script.php?bla=php://input
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Mon, 22 Aug 2016 08:58:54 +0000 (10:58 +0200)]
Fixed parser error
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Mon, 22 Aug 2016 07:52:19 +0000 (09:52 +0200)]
Sorted a bit + removed '.js' as this was to much and kicked out .json, too.
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Wed, 10 Aug 2016 07:47:09 +0000 (09:47 +0200)]
Some fixes:
- also check REQUEST_URI array element as QUERY_STRING may not be always set
- only sanitize when string is not empty
Signed-off-by: Roland Häder <rhaeder@cho-time.de>
Roland Häder [Fri, 5 Aug 2016 08:58:46 +0000 (10:58 +0200)]
Also block request methods such as CONNECT as they can be used for proxying
(means "hiding") other requests such as SMTP (spam) or POP3 (people try to read
their mails but wasting your bandwidth).
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Thu, 28 Jul 2016 11:00:39 +0000 (13:00 +0200)]
Also __CALLBACKPARAM needs blocking
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Thu, 28 Jul 2016 10:57:49 +0000 (12:57 +0200)]
Checking against GET parameters is for the user-agent string not possible as
ordinary UAs may get blocked.
Signed-off-by: Roland Häder <rhaeder@cho-time.de>
Roland Häder [Thu, 28 Jul 2016 09:53:13 +0000 (11:53 +0200)]
Only for testing purposes the string is being sanitized, else http:// becomes http:/ and cannot be compared with http:// anymore
Signed-off-by: Roland Häder <rhaeder@cho-time.de>
Roland Häder [Thu, 28 Jul 2016 08:21:46 +0000 (10:21 +0200)]
Updated database
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Thu, 28 Jul 2016 08:18:13 +0000 (10:18 +0200)]
Renaming season has started:
- renamed $F -> $function
- renamed $L -> $line
- renamed $SQL -> $sqlString
- added type-hint for arrays
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Thu, 28 Jul 2016 08:02:50 +0000 (10:02 +0200)]
Sanitize request strings (also serialized POST data) from trickery like '//'
and '/./' where the attacker tries to circumvent checks.
Signed-off-by: Roland Häder <rhaeder@cho-time.de>
Roland Häder [Thu, 28 Jul 2016 07:57:30 +0000 (09:57 +0200)]
Continued:
- esystem is, well, system is better to look for
- block content-type header-insertion
Signed-off-by: Roland Häder <rhaeder@cho-time.de>
Roland Häder [Thu, 28 Jul 2016 07:50:24 +0000 (09:50 +0200)]
Continued improving:
- introduced crackerTrackerRequestMethod() to encapsulate $_SERVER['REQUEST_METHOD'] retrival
- this allows the script being used on console now
- check also user-agent string for bad occurrences (difference not yet logged)
Signed-off-by: Roland Häder <rhaeder@cho-time.de>
Roland Häder [Wed, 27 Jul 2016 08:35:57 +0000 (10:35 +0200)]
Updated a lot:
- fixed domain as the one with dash is gone
- loading config is now done correctly after general array is being initialized
- fixed loading of header template
Signed-off-by: Roland Häder <rhaeder@cho-time.de>
Roland Häder [Tue, 26 Jul 2016 08:11:57 +0000 (10:11 +0200)]
Index on count column to improve SUM queries
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Tue, 26 Jul 2016 07:55:32 +0000 (09:55 +0200)]
This column should be after remote_addr to have both side by side
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Tue, 26 Jul 2016 07:35:00 +0000 (09:35 +0200)]
Can be combined and makes code look nicer.
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Mon, 25 Jul 2016 09:15:57 +0000 (11:15 +0200)]
Added MySQL internal-use-only function
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Mon, 25 Jul 2016 07:59:45 +0000 (09:59 +0200)]
Also log request method
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Wed, 20 Jul 2016 08:40:11 +0000 (10:40 +0200)]
One to much ...
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Wed, 20 Jul 2016 08:26:41 +0000 (10:26 +0200)]
More PHP function calls (I don't like such RPCs) blocked
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Haeder [Sat, 13 Feb 2016 20:56:17 +0000 (21:56 +0100)]
Added .gitattributes
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Haeder [Sat, 12 Sep 2015 21:38:08 +0000 (23:38 +0200)]
Opps ...
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Haeder [Sat, 12 Sep 2015 21:36:46 +0000 (23:36 +0200)]
Rewrote to MySQLi
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Häder [Mon, 3 Nov 2014 09:53:26 +0000 (10:53 +0100)]
Fixed
Signed-off-by: Roland Häder <haeder@hmmdeutschland.de>
Roland Haeder [Sat, 1 Nov 2014 11:05:59 +0000 (12:05 +0100)]
Added proc/self/environ
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Haeder [Sat, 1 Nov 2014 10:46:41 +0000 (11:46 +0100)]
Added 'safe_mode' (php.ini setting).
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Haeder [Sat, 1 Nov 2014 10:30:26 +0000 (11:30 +0100)]
Don't continue if the cookie has been set + ticket has created. 'unknown' was found as IP address.
Signed-off-by: Roland Häder <roland@mxchange.org>
Roland Haeder [Fri, 18 Oct 2013 20:29:05 +0000 (20:29 +0000)]
Added some php.ini settings to block
Roland Haeder [Mon, 12 Aug 2013 18:45:59 +0000 (18:45 +0000)]
Opps, did forget the fetch :(
Roland Haeder [Mon, 12 Aug 2013 18:38:24 +0000 (18:38 +0000)]
No more ORDER BY required, cool.
Roland Haeder [Mon, 12 Aug 2013 18:20:27 +0000 (18:20 +0000)]
Added index + optimized query
Roland Haeder [Sun, 11 Aug 2013 12:32:43 +0000 (12:32 +0000)]
Reverted removal, maybe now working?
Roland Haeder [Sun, 11 Aug 2013 12:23:57 +0000 (12:23 +0000)]
Opps :(
Roland Haeder [Sun, 11 Aug 2013 12:17:01 +0000 (12:17 +0000)]
:( Not good enough
Roland Haeder [Sun, 11 Aug 2013 12:15:49 +0000 (12:15 +0000)]
Added logging/detection of proxy IP address
Roland Haeder [Sun, 11 Aug 2013 12:02:25 +0000 (12:02 +0000)]
server_name and script_name can now be NULL and set all empty strings to NULL, added %3E%3C (><) which indicates an attempt to insert a HTML link into a badly secured URL
Roland Haeder [Fri, 9 Aug 2013 18:25:05 +0000 (18:25 +0000)]
%20 was to much here
Roland Haeder [Fri, 26 Jul 2013 19:22:10 +0000 (19:22 +0000)]
Just '/group' was to restrictive (e.g. breaks StatusNet)
Roland Haeder [Thu, 25 Jul 2013 04:43:40 +0000 (04:43 +0000)]
Added 'Autocomplete' as known-incompatible plugin
Roland Haeder [Sat, 20 Jul 2013 14:42:37 +0000 (14:42 +0000)]
Updated TODOs.txt
Roland Haeder [Sat, 20 Jul 2013 14:24:44 +0000 (14:24 +0000)]
Fix for parser error :(
Roland Haeder [Sat, 20 Jul 2013 14:24:06 +0000 (14:24 +0000)]
Resorted almost all pattern checks + used more single-quotes than double
Roland Haeder [Sat, 20 Jul 2013 13:30:14 +0000 (13:30 +0000)]
Wrappers like data://, tcp:// et cetera now blacklisted
Roland Haeder [Sat, 20 Jul 2013 13:07:03 +0000 (13:07 +0000)]
Use constants instead of keywords
Roland Haeder [Thu, 18 Jul 2013 00:53:17 +0000 (00:53 +0000)]
Fixes (opps) for bad check, blocked all
Roland Haeder [Thu, 18 Jul 2013 00:07:58 +0000 (00:07 +0000)]
Experimental commit:
decode URL before checking to avoid something like this: q=%2FopenFooBar which
would be converted to q=%2fopenfoobar and then blocked as 'fopen' is then found.
This happens with StatusNet 1.1.1
Roland Haeder [Thu, 27 Jun 2013 20:22:57 +0000 (20:22 +0000)]
Added incompatible notice
Roland Haeder [Tue, 4 Jun 2013 13:57:14 +0000 (13:57 +0000)]
Excluded secure_session=1 from mantis
Roland Haeder [Thu, 18 Apr 2013 22:00:32 +0000 (22:00 +0000)]
Now use str_ireplace()
Roland Haeder [Sat, 30 Mar 2013 06:01:32 +0000 (06:01 +0000)]
Better use this?
Roland Haeder [Mon, 11 Mar 2013 23:04:23 +0000 (23:04 +0000)]
Extended is correct
Roland Haeder [Tue, 26 Feb 2013 22:08:17 +0000 (22:08 +0000)]
Remove even more
Roland Haeder [Tue, 26 Feb 2013 21:46:56 +0000 (21:46 +0000)]
unsetCtrackerData() introduced
Roland Haeder [Thu, 20 Dec 2012 20:46:07 +0000 (20:46 +0000)]
Docu updated, detection array resorted a little
Roland Haeder [Wed, 24 Oct 2012 22:46:51 +0000 (22:46 +0000)]
Blocked also %27 (')
Roland Haeder [Wed, 24 Oct 2012 22:16:00 +0000 (22:16 +0000)]
Detection of attempt of SQL injections added
Roland Haeder [Sat, 29 Sep 2012 22:06:08 +0000 (22:06 +0000)]
Taken care of possible missing elements
Roland Haeder [Tue, 27 Sep 2011 18:27:44 +0000 (18:27 +0000)]
'cmd=' broke to many legtime requests, cmd.exe should kill Windozer attacks a little more
Roland Haeder [Wed, 14 Sep 2011 10:59:31 +0000 (10:59 +0000)]
.pl harms also legitime requests
Roland Haeder [Sat, 27 Aug 2011 23:10:59 +0000 (23:10 +0000)]
Now all forms of '0x' are detected
Roland Haeder [Sat, 27 Aug 2011 23:05:40 +0000 (23:05 +0000)]
DOCUMENT_ROOT and _SERVER added (avoid these things please)
Roland Haeder [Fri, 29 Jul 2011 09:43:07 +0000 (09:43 +0000)]
Block also these
Roland Haeder [Fri, 29 Jul 2011 05:18:51 +0000 (05:18 +0000)]
init also this
Roland Haeder [Fri, 29 Jul 2011 05:05:41 +0000 (05:05 +0000)]
Fix for missing 'ctracker_post_track'
Roland Haeder [Fri, 24 Jun 2011 12:47:17 +0000 (12:47 +0000)]
Detection of hexa-decimal encoded (0xXXXXX) strings added
Roland Haeder [Wed, 20 Apr 2011 04:55:37 +0000 (04:55 +0000)]
svn:eol-style set to 'native'
Roland Haeder [Sun, 10 Apr 2011 21:03:41 +0000 (21:03 +0000)]
Duplicate entries removed, typo fixed
Roland Haeder [Sun, 6 Mar 2011 11:29:30 +0000 (11:29 +0000)]
Copyright updated
Roland Haeder [Sun, 6 Mar 2011 11:28:32 +0000 (11:28 +0000)]
Some obsolete comment removed