From 5b18df827bd26fd543ea878967aa2ac04330c0b2 Mon Sep 17 00:00:00 2001 From: Roland Haeder Date: Thu, 23 Sep 2010 12:09:23 +0000 Subject: [PATCH] Some code blocks moved, detection of '..//' added, user-agent is now securely used --- libs/lib_detector.php | 33 ++++++++++++++++++--------------- libs/lib_general.php | 4 ++-- 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/libs/lib_detector.php b/libs/lib_detector.php index 6c95c81..9659a40 100644 --- a/libs/lib_detector.php +++ b/libs/lib_detector.php @@ -41,7 +41,7 @@ function initCrackerTrackerArrays () { ); // Attacks we should detect and blok - $GLOBALS['ctracker_wormprotector'] = array( + $GLOBALS['ctracker_get_blacklist'] = array( 'chr(', 'chr=', 'chr%20', '%20chr', 'wget%20', '%20wget', 'wget(', 'cmd=', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20', 'union%20', '%20union', 'union(', 'union=', 'echr(', '%20echr', 'echr%20', 'echr=', @@ -54,7 +54,7 @@ function initCrackerTrackerArrays () { 'insert%20into', 'select%20', 'nigga(', '%20nigga', 'nigga%20', 'fopen', 'fwrite', '%20like', 'like%20', '$_request', '$_get', '$request', '$get', '.system', 'HTTP_PHP', '&aim', '%20getenv', 'getenv%20', 'new_password', '&icq','/etc/passwd','/etc/shadow', '/etc/groups', '/etc/gshadow', - 'HTTP_USER_AGENT', 'HTTP_HOST', 'wget%20', 'uname\x20-a', 'bin/id', '/bin/', '/chgrp', + 'HTTP_USER_AGENT', 'HTTP_HOST', 'wget%20', 'uname\x20-', 'uname%20-', 'bin/id', '/bin/', '/chgrp', '/chown', '/usr/bin', 'g\+\+', 'bin/python', 'bin/tclsh', 'bin/nasm', 'perl%20', 'traceroute%20', 'ping%20', '.pl', 'bin/xterm', 'lsof%20', '.conf', 'motd%20', 'HTTP/1.', '.inc.php', '.lib.php', 'config.php', 'file\://', 'window.open', '