]> git.mxchange.org Git - ctracker.git/log
ctracker.git
6 years agoContinued:
Roland Häder [Wed, 22 Aug 2018 18:19:44 +0000 (20:19 +0200)]
Continued:
- added INSERT_RANDOM_NUMBER_HERE, typical for incompletely configured OpenX/revive Ad Server
- changed to "new" array style
- renamed ctracker_blocked_requests -> ctracker_blocked_methods as they are the
  request methods that should always be blocked
- updated .gitattributes

8 years agoMantisBT need these being white-listed.
Roland Häder [Fri, 23 Sep 2016 15:14:27 +0000 (17:14 +0200)]
MantisBT need these being white-listed.

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoMust be id to have NULL counted, too.
Roland Häder [Wed, 31 Aug 2016 07:17:27 +0000 (09:17 +0200)]
Must be id to have NULL counted, too.

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoAdded view for request methods
Roland Häder [Wed, 31 Aug 2016 07:11:18 +0000 (09:11 +0200)]
Added view for request methods

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoAdded "detection" of open_basedir and php:// protocol:
Roland Häder [Tue, 30 Aug 2016 07:04:17 +0000 (09:04 +0200)]
Added "detection" of open_basedir and php:// protocol:
- common way to inject php.ini settings which overrides them and then try to
  inject external code (remote inclusion)
- don't do such things as http://host.example/script.php?bla=php://input

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoFixed parser error
Roland Häder [Mon, 22 Aug 2016 08:58:54 +0000 (10:58 +0200)]
Fixed parser error

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoSorted a bit + removed '.js' as this was to much and kicked out .json, too.
Roland Häder [Mon, 22 Aug 2016 07:52:19 +0000 (09:52 +0200)]
Sorted a bit + removed '.js' as this was to much and kicked out .json, too.

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoSome fixes:
Roland Häder [Wed, 10 Aug 2016 07:47:09 +0000 (09:47 +0200)]
Some fixes:
- also check REQUEST_URI array element as QUERY_STRING may not be always set
- only sanitize when string is not empty

Signed-off-by: Roland Häder <rhaeder@cho-time.de>
8 years agoAlso block request methods such as CONNECT as they can be used for proxying
Roland Häder [Fri, 5 Aug 2016 08:58:46 +0000 (10:58 +0200)]
Also block request methods such as CONNECT as they can be used for proxying
(means "hiding") other requests such as SMTP (spam) or POP3 (people try to read
their mails but wasting your bandwidth).

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoAlso __CALLBACKPARAM needs blocking
Roland Häder [Thu, 28 Jul 2016 11:00:39 +0000 (13:00 +0200)]
Also __CALLBACKPARAM needs blocking

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoChecking against GET parameters is for the user-agent string not possible as
Roland Häder [Thu, 28 Jul 2016 10:57:49 +0000 (12:57 +0200)]
Checking against GET parameters is for the user-agent string not possible as
ordinary UAs may get blocked.

Signed-off-by: Roland Häder <rhaeder@cho-time.de>
8 years agoOnly for testing purposes the string is being sanitized, else http:// becomes http...
Roland Häder [Thu, 28 Jul 2016 09:53:13 +0000 (11:53 +0200)]
Only for testing purposes the string is being sanitized, else http:// becomes http:/ and cannot be compared with http:// anymore

Signed-off-by: Roland Häder <rhaeder@cho-time.de>
8 years agoUpdated database
Roland Häder [Thu, 28 Jul 2016 08:21:46 +0000 (10:21 +0200)]
Updated database

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoRenaming season has started:
Roland Häder [Thu, 28 Jul 2016 08:18:13 +0000 (10:18 +0200)]
Renaming season has started:
- renamed $F -> $function
- renamed $L -> $line
- renamed $SQL -> $sqlString
- added type-hint for arrays

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoSanitize request strings (also serialized POST data) from trickery like '//'
Roland Häder [Thu, 28 Jul 2016 08:02:50 +0000 (10:02 +0200)]
Sanitize request strings (also serialized POST data) from trickery like '//'
and '/./' where the attacker tries to circumvent checks.

Signed-off-by: Roland Häder <rhaeder@cho-time.de>
8 years agoContinued:
Roland Häder [Thu, 28 Jul 2016 07:57:30 +0000 (09:57 +0200)]
Continued:
- esystem is, well, system is better to look for
- block content-type header-insertion

Signed-off-by: Roland Häder <rhaeder@cho-time.de>
8 years agoContinued improving:
Roland Häder [Thu, 28 Jul 2016 07:50:24 +0000 (09:50 +0200)]
Continued improving:
- introduced crackerTrackerRequestMethod() to encapsulate $_SERVER['REQUEST_METHOD'] retrival
- this allows the script being used on console now
- check also user-agent string for bad occurrences (difference not yet logged)

Signed-off-by: Roland Häder <rhaeder@cho-time.de>
8 years agoUpdated a lot:
Roland Häder [Wed, 27 Jul 2016 08:35:57 +0000 (10:35 +0200)]
Updated a lot:
- fixed domain as the one with dash is gone
- loading config is now done correctly after general array is being initialized
- fixed loading of header template

Signed-off-by: Roland Häder <rhaeder@cho-time.de>
8 years agoIndex on count column to improve SUM queries
Roland Häder [Tue, 26 Jul 2016 08:11:57 +0000 (10:11 +0200)]
Index on count column to improve SUM queries

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoThis column should be after remote_addr to have both side by side
Roland Häder [Tue, 26 Jul 2016 07:55:32 +0000 (09:55 +0200)]
This column should be after remote_addr to have both side by side

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoCan be combined and makes code look nicer.
Roland Häder [Tue, 26 Jul 2016 07:35:00 +0000 (09:35 +0200)]
Can be combined and makes code look nicer.

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoAdded MySQL internal-use-only function
Roland Häder [Mon, 25 Jul 2016 09:15:57 +0000 (11:15 +0200)]
Added MySQL internal-use-only function

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoAlso log request method
Roland Häder [Mon, 25 Jul 2016 07:59:45 +0000 (09:59 +0200)]
Also log request method

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoOne to much ...
Roland Häder [Wed, 20 Jul 2016 08:40:11 +0000 (10:40 +0200)]
One to much ...

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoMore PHP function calls (I don't like such RPCs) blocked
Roland Häder [Wed, 20 Jul 2016 08:26:41 +0000 (10:26 +0200)]
More PHP function calls (I don't like such RPCs) blocked

Signed-off-by: Roland Häder <roland@mxchange.org>
8 years agoAdded .gitattributes
Roland Haeder [Sat, 13 Feb 2016 20:56:17 +0000 (21:56 +0100)]
Added .gitattributes

Signed-off-by: Roland Häder <roland@mxchange.org>
9 years agoOpps ...
Roland Haeder [Sat, 12 Sep 2015 21:38:08 +0000 (23:38 +0200)]
Opps ...

Signed-off-by: Roland Häder <roland@mxchange.org>
9 years agoRewrote to MySQLi
Roland Haeder [Sat, 12 Sep 2015 21:36:46 +0000 (23:36 +0200)]
Rewrote to MySQLi

Signed-off-by: Roland Häder <roland@mxchange.org>
10 years agoFixed
Roland Häder [Mon, 3 Nov 2014 09:53:26 +0000 (10:53 +0100)]
Fixed

Signed-off-by: Roland Häder <haeder@hmmdeutschland.de>
10 years agoAdded proc/self/environ
Roland Haeder [Sat, 1 Nov 2014 11:05:59 +0000 (12:05 +0100)]
Added proc/self/environ

Signed-off-by: Roland Häder <roland@mxchange.org>
10 years agoAdded 'safe_mode' (php.ini setting).
Roland Haeder [Sat, 1 Nov 2014 10:46:41 +0000 (11:46 +0100)]
Added 'safe_mode' (php.ini setting).

Signed-off-by: Roland Häder <roland@mxchange.org>
10 years agoDon't continue if the cookie has been set + ticket has created. 'unknown' was found...
Roland Haeder [Sat, 1 Nov 2014 10:30:26 +0000 (11:30 +0100)]
Don't continue if the cookie has been set + ticket has created. 'unknown' was found as IP address.

Signed-off-by: Roland Häder <roland@mxchange.org>
11 years agoAdded some php.ini settings to block
Roland Haeder [Fri, 18 Oct 2013 20:29:05 +0000 (20:29 +0000)]
Added some php.ini settings to block

11 years agoOpps, did forget the fetch :(
Roland Haeder [Mon, 12 Aug 2013 18:45:59 +0000 (18:45 +0000)]
Opps, did forget the fetch :(

11 years agoNo more ORDER BY required, cool.
Roland Haeder [Mon, 12 Aug 2013 18:38:24 +0000 (18:38 +0000)]
No more ORDER BY required, cool.

11 years agoAdded index + optimized query
Roland Haeder [Mon, 12 Aug 2013 18:20:27 +0000 (18:20 +0000)]
Added index + optimized query

11 years agoReverted removal, maybe now working?
Roland Haeder [Sun, 11 Aug 2013 12:32:43 +0000 (12:32 +0000)]
Reverted removal, maybe now working?

11 years agoOpps :(
Roland Haeder [Sun, 11 Aug 2013 12:23:57 +0000 (12:23 +0000)]
Opps :(

11 years ago:( Not good enough
Roland Haeder [Sun, 11 Aug 2013 12:17:01 +0000 (12:17 +0000)]
:( Not good enough

11 years agoAdded logging/detection of proxy IP address
Roland Haeder [Sun, 11 Aug 2013 12:15:49 +0000 (12:15 +0000)]
Added logging/detection of proxy IP address

11 years agoserver_name and script_name can now be NULL and set all empty strings to NULL, added...
Roland Haeder [Sun, 11 Aug 2013 12:02:25 +0000 (12:02 +0000)]
server_name and script_name can now be NULL and set all empty strings to NULL, added %3E%3C (><) which indicates an attempt to insert a HTML link into a badly secured URL

11 years ago%20 was to much here
Roland Haeder [Fri, 9 Aug 2013 18:25:05 +0000 (18:25 +0000)]
%20 was to much here

11 years agoJust '/group' was to restrictive (e.g. breaks StatusNet)
Roland Haeder [Fri, 26 Jul 2013 19:22:10 +0000 (19:22 +0000)]
Just '/group' was to restrictive (e.g. breaks StatusNet)

11 years agoAdded 'Autocomplete' as known-incompatible plugin
Roland Haeder [Thu, 25 Jul 2013 04:43:40 +0000 (04:43 +0000)]
Added 'Autocomplete' as known-incompatible plugin

11 years agoUpdated TODOs.txt
Roland Haeder [Sat, 20 Jul 2013 14:42:37 +0000 (14:42 +0000)]
Updated TODOs.txt

11 years agoFix for parser error :(
Roland Haeder [Sat, 20 Jul 2013 14:24:44 +0000 (14:24 +0000)]
Fix for parser error :(

11 years agoResorted almost all pattern checks + used more single-quotes than double
Roland Haeder [Sat, 20 Jul 2013 14:24:06 +0000 (14:24 +0000)]
Resorted almost all pattern checks + used more single-quotes than double

11 years agoWrappers like data://, tcp:// et cetera now blacklisted
Roland Haeder [Sat, 20 Jul 2013 13:30:14 +0000 (13:30 +0000)]
Wrappers like data://, tcp:// et cetera now blacklisted

11 years agoUse constants instead of keywords
Roland Haeder [Sat, 20 Jul 2013 13:07:03 +0000 (13:07 +0000)]
Use constants instead of keywords

11 years agoFixes (opps) for bad check, blocked all
Roland Haeder [Thu, 18 Jul 2013 00:53:17 +0000 (00:53 +0000)]
Fixes (opps) for bad check, blocked all

11 years agoExperimental commit:
Roland Haeder [Thu, 18 Jul 2013 00:07:58 +0000 (00:07 +0000)]
Experimental commit:
decode URL before checking to avoid something like this: q=%2FopenFooBar which
would be converted to q=%2fopenfoobar and then blocked as 'fopen' is then found.

This happens with StatusNet 1.1.1

11 years agoAdded incompatible notice
Roland Haeder [Thu, 27 Jun 2013 20:22:57 +0000 (20:22 +0000)]
Added incompatible notice

11 years agoExcluded secure_session=1 from mantis
Roland Haeder [Tue, 4 Jun 2013 13:57:14 +0000 (13:57 +0000)]
Excluded secure_session=1 from mantis

11 years agoNow use str_ireplace()
Roland Haeder [Thu, 18 Apr 2013 22:00:32 +0000 (22:00 +0000)]
Now use str_ireplace()

11 years agoBetter use this?
Roland Haeder [Sat, 30 Mar 2013 06:01:32 +0000 (06:01 +0000)]
Better use this?

11 years agoExtended is correct
Roland Haeder [Mon, 11 Mar 2013 23:04:23 +0000 (23:04 +0000)]
Extended is correct

11 years agoRemove even more
Roland Haeder [Tue, 26 Feb 2013 22:08:17 +0000 (22:08 +0000)]
Remove even more

11 years agounsetCtrackerData() introduced
Roland Haeder [Tue, 26 Feb 2013 21:46:56 +0000 (21:46 +0000)]
unsetCtrackerData() introduced

11 years agoDocu updated, detection array resorted a little
Roland Haeder [Thu, 20 Dec 2012 20:46:07 +0000 (20:46 +0000)]
Docu updated, detection array resorted a little

12 years agoBlocked also %27 (')
Roland Haeder [Wed, 24 Oct 2012 22:46:51 +0000 (22:46 +0000)]
Blocked also %27 (')

12 years agoDetection of attempt of SQL injections added
Roland Haeder [Wed, 24 Oct 2012 22:16:00 +0000 (22:16 +0000)]
Detection of attempt of SQL injections added

12 years agoTaken care of possible missing elements
Roland Haeder [Sat, 29 Sep 2012 22:06:08 +0000 (22:06 +0000)]
Taken care of possible missing elements

13 years ago'cmd=' broke to many legtime requests, cmd.exe should kill Windozer attacks a little...
Roland Haeder [Tue, 27 Sep 2011 18:27:44 +0000 (18:27 +0000)]
'cmd=' broke to many legtime requests, cmd.exe should kill Windozer attacks a little more

13 years ago.pl harms also legitime requests
Roland Haeder [Wed, 14 Sep 2011 10:59:31 +0000 (10:59 +0000)]
.pl harms also legitime requests

13 years agoNow all forms of '0x' are detected
Roland Haeder [Sat, 27 Aug 2011 23:10:59 +0000 (23:10 +0000)]
Now all forms of '0x' are detected

13 years agoDOCUMENT_ROOT and _SERVER added (avoid these things please)
Roland Haeder [Sat, 27 Aug 2011 23:05:40 +0000 (23:05 +0000)]
DOCUMENT_ROOT and _SERVER added (avoid these things please)

13 years agoBlock also these
Roland Haeder [Fri, 29 Jul 2011 09:43:07 +0000 (09:43 +0000)]
Block also these

13 years agoinit also this
Roland Haeder [Fri, 29 Jul 2011 05:18:51 +0000 (05:18 +0000)]
init also this

13 years agoFix for missing 'ctracker_post_track'
Roland Haeder [Fri, 29 Jul 2011 05:05:41 +0000 (05:05 +0000)]
Fix for missing 'ctracker_post_track'

13 years agoDetection of hexa-decimal encoded (0xXXXXX) strings added
Roland Haeder [Fri, 24 Jun 2011 12:47:17 +0000 (12:47 +0000)]
Detection of hexa-decimal encoded (0xXXXXX) strings added

13 years agosvn:eol-style set to 'native'
Roland Haeder [Wed, 20 Apr 2011 04:55:37 +0000 (04:55 +0000)]
svn:eol-style set to 'native'

13 years agoDuplicate entries removed, typo fixed
Roland Haeder [Sun, 10 Apr 2011 21:03:41 +0000 (21:03 +0000)]
Duplicate entries removed, typo fixed

13 years agoCopyright updated
Roland Haeder [Sun, 6 Mar 2011 11:29:30 +0000 (11:29 +0000)]
Copyright updated

13 years agoSome obsolete comment removed
Roland Haeder [Sun, 6 Mar 2011 11:28:32 +0000 (11:28 +0000)]
Some obsolete comment removed

13 years agoFixed error reporting for debug mode
Roland Haeder [Wed, 9 Feb 2011 14:19:14 +0000 (14:19 +0000)]
Fixed error reporting for debug mode

14 years agoDefault value of 'count' needs to be 1
Roland Haeder [Fri, 26 Nov 2010 15:30:03 +0000 (15:30 +0000)]
Default value of 'count' needs to be 1

14 years agoConfiguration entry 'ctracker_debug' renamed to 'ctracker_debug_enabled' to make...
Roland Haeder [Tue, 5 Oct 2010 11:43:54 +0000 (11:43 +0000)]
Configuration entry 'ctracker_debug' renamed to 'ctracker_debug_enabled' to make clear this is a boolean config

14 years agoSome code blocks moved, detection of '..//' added, user-agent is now securely used
Roland Haeder [Thu, 23 Sep 2010 12:09:23 +0000 (12:09 +0000)]
Some code blocks moved, detection of '..//' added, user-agent is now securely used

14 years agoSVN properties globally set
Roland Haeder [Tue, 14 Sep 2010 14:19:35 +0000 (14:19 +0000)]
SVN properties globally set

14 years ago'Based on' added, /proc/ will now be detected, do not use it in your scripts
Roland Haeder [Fri, 20 Aug 2010 08:27:38 +0000 (08:27 +0000)]
'Based on' added, /proc/ will now be detected, do not use it in your scripts

14 years agoFixes for missing config if no database link is provided
Roland Haeder [Sun, 18 Jul 2010 12:03:51 +0000 (12:03 +0000)]
Fixes for missing config if no database link is provided

14 years agoTODOs.txt updated ...
Roland Haeder [Thu, 8 Jul 2010 22:19:09 +0000 (22:19 +0000)]
TODOs.txt updated ...

14 years agoDocumentation does now make a notice about database-less operations
Roland Haeder [Thu, 8 Jul 2010 21:50:51 +0000 (21:50 +0000)]
Documentation does now make a notice about database-less operations

14 years agoUpdated to allow database-less operation
Roland Haeder [Thu, 8 Jul 2010 21:47:56 +0000 (21:47 +0000)]
Updated to allow database-less operation

14 years agoRenamed
Roland Haeder [Sun, 20 Jun 2010 16:10:13 +0000 (16:10 +0000)]
Renamed

14 years agoLog of first attempt fixed
Roland Haeder [Sun, 16 May 2010 02:20:40 +0000 (02:20 +0000)]
Log of first attempt fixed

14 years agoFix
Roland Haeder [Sun, 16 May 2010 02:17:39 +0000 (02:17 +0000)]
Fix

14 years agoThis should also not be used in URLs
Roland Haeder [Sat, 15 May 2010 07:37:33 +0000 (07:37 +0000)]
This should also not be used in URLs

14 years agoMissing form elements handled
Roland Haeder [Tue, 11 May 2010 09:19:49 +0000 (09:19 +0000)]
Missing form elements handled

14 years agoFix #4 from root...
Roland Häder [Tue, 11 May 2010 08:17:41 +0000 (08:17 +0000)]
Fix #4 from root...

14 years agoFix #3
Roland Haeder [Tue, 11 May 2010 08:12:54 +0000 (08:12 +0000)]
Fix #3

14 years agoFix #2
Roland Haeder [Tue, 11 May 2010 08:10:56 +0000 (08:10 +0000)]
Fix #2

14 years agoFixes... :(
Roland Haeder [Tue, 11 May 2010 08:09:48 +0000 (08:09 +0000)]
Fixes... :(

14 years agoComplete rewrite:
Roland Haeder [Tue, 11 May 2010 07:58:56 +0000 (07:58 +0000)]
Complete rewrite:
- Very simple and basic template system (HTML and email) added
- Templates are language-dependent or indepented, this depends on if you call
  crackerTrackerLoadTemplate() or crackerTrackerLoadLocalizedTemplate()
- Email templates are always language-depenent... :-)
- Flexible database auto-update added (please just call your secured script
  normally!)
- Language sub-system added (German and English language is complete)
- Suport ticket added which gives your users, if his IP has recent malicious
  activities on the secured server, a support ticket form where they can request
  help. After the form is sent, the user can fully disable that warning. This is
  done by the script sends him a cookie with his ticket id.
- This support ticket system can be switched off and a little configured in
  the database table 'ctracker_config'. You can currently change the following
  values there:
  + Minimum random delay in seconds (default: 10 seconds)
  + Maximum random delay in seconds (default: 30 seconds)
  + Wether the support ticket system is on/off (default: on)
  + Which language you prefer to read (default: en)
- README updated

14 years agoAdded more flexible options
Roland Haeder [Tue, 4 May 2010 18:31:12 +0000 (18:31 +0000)]
Added more flexible options

14 years agoUpdated
Roland Haeder [Tue, 4 May 2010 17:25:46 +0000 (17:25 +0000)]
Updated

14 years agoUpdated
Roland Haeder [Tue, 4 May 2010 17:08:27 +0000 (17:08 +0000)]
Updated

14 years agoRenamed to bypass naming conflicts
Roland Haeder [Thu, 7 Jan 2010 16:17:25 +0000 (16:17 +0000)]
Renamed to bypass naming conflicts

14 years agoNow detects proxy usage
Roland Haeder [Tue, 5 Jan 2010 02:33:20 +0000 (02:33 +0000)]
Now detects proxy usage

14 years agoMails updated
Roland Haeder [Thu, 31 Dec 2009 17:45:55 +0000 (17:45 +0000)]
Mails updated