From 50ac34ba3bc0f1983078d25486ce0b94ff26e347 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 5 Aug 2016 10:58:46 +0200 Subject: [PATCH] Also block request methods such as CONNECT as they can be used for proxying (means "hiding") other requests such as SMTP (spam) or POP3 (people try to read their mails but wasting your bandwidth). MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Roland Häder --- libs/lib_detector.php | 5 +++++ libs/lib_general.php | 1 + 2 files changed, 6 insertions(+) diff --git a/libs/lib_detector.php b/libs/lib_detector.php index bb71733..0ebdf4d 100644 --- a/libs/lib_detector.php +++ b/libs/lib_detector.php @@ -191,6 +191,9 @@ function initCrackerTrackerArrays () { 'starhack', 'DeLiMehmet', 'hisset', 'Hisset', 'delimert', 'MecTruy' ); + // Also block these requests (mostly you don't want CONNECT to some SMTP sites) + $GLOBALS['ctracker_blocked_requests'] = array('CONNECT' => TRUE); + // Init more elements $GLOBALS['ctracker_post_track'] = ''; $GLOBALS['ctracker_checked_get'] = ''; @@ -213,6 +216,8 @@ function isCrackerTrackerWormDetected () { $GLOBALS['ctracker_checked_get'] != crackerTrackerQueryString(TRUE) && (!in_array(crackerTrackerQueryString(TRUE), $GLOBALS['ctracker_whitelist'])) ) || ( $GLOBALS['ctracker_checked_ua'] != crackerTrackerUserAgent(TRUE) + ) || ( + isset($GLOBALS['ctracker_blocked_requests'][crackerTrackerRequestMethod()]) ) ); //* DEBUG-DIE: */ die('isWorm='.intval($isWorm).PHP_EOL.'get='.PHP_EOL.'"'.$GLOBALS['ctracker_checked_get'].'"'.PHP_EOL.'"'.crackerTrackerQueryString().'"'.PHP_EOL.'ua='.PHP_EOL.'"'.$GLOBALS['ctracker_checked_ua'].'"'.PHP_EOL.'"'.crackerTrackerUserAgent().'"'.PHP_EOL); diff --git a/libs/lib_general.php b/libs/lib_general.php index c13a569..f4b956e 100644 --- a/libs/lib_general.php +++ b/libs/lib_general.php @@ -578,6 +578,7 @@ function unsetCtrackerData () { 'ctracker_language', 'ctracker_localized', 'ctracker_link', + 'ctracker_blocked_requests', ) as $key) { // Unset it unset($GLOBALS[$key]); -- 2.39.5