From 1ef6ef24e20e22adec3f1084ea40e7902e6c333e Mon Sep 17 00:00:00 2001 From: Roland Haeder Date: Fri, 20 Aug 2010 08:27:38 +0000 Subject: [PATCH] 'Based on' added, /proc/ will now be detected, do not use it in your scripts --- ctracker.php | 7 +++++-- libs/lib_detector.php | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ctracker.php b/ctracker.php index 1f071e3..568e6a8 100644 --- a/ctracker.php +++ b/ctracker.php @@ -1,9 +1,8 @@ * @version 3.0.0 @@ -11,6 +10,10 @@ * @license GNU GPL 3.0 or any newer version * @link http://www.ship-simu.org * + * This program is based on Cracker Tracker Protection System - Stand-Alone + * which has been written by Christian Knerr and is heavily enhanced in + * detectection, logging and reporting of suspicious traffic. + * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or diff --git a/libs/lib_detector.php b/libs/lib_detector.php index 1c16b54..6c95c81 100644 --- a/libs/lib_detector.php +++ b/libs/lib_detector.php @@ -67,7 +67,7 @@ function initCrackerTrackerArrays () { 'div style=', 'overflow: auto', 'height: 1px', 'cc%20', 'admin_action=', 'path=', 'action=http', 'page=http', 'module=http', 'op=http', 'id=http', 'id%3Dhttp', 'action%3Dhttp', 'page%3Dhttp', 'module%3Dhttp', 'op%3Dhttp', 'starhack', '../../', 'directory=http', 'dir=http', 'busca', 'uol.com', - '=http://', '=https://','=ftp://','_SESSION' + '=http://', '=https://','=ftp://','_SESSION','CFG_ROOT','/proc/' ); // Block these words found in POST requests -- 2.39.5