From 7136865ca398b41614a80d57ae397bc1fff63c10 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Tue, 2 Apr 2019 01:38:55 +0200 Subject: [PATCH] Continued: - added "vuln.php" which seem to be a remote-inclusion attack --- libs/lib_detector.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libs/lib_detector.php b/libs/lib_detector.php index 3b6dd58..1a932ba 100644 --- a/libs/lib_detector.php +++ b/libs/lib_detector.php @@ -154,6 +154,9 @@ function initCrackerTrackerArrays () { // Server configuration (e.g. Apache) 'application/x-httpd-php', 'addtype', 'server-info', 'server-status', + // Annoying script name + 'vuln.php', + // @TODO Misc/unsorted 'cgi-', '.eml', '$_request', '$_get', '$request', '$get', '.system', '&aim', 'new_password', '&icq', '.conf', 'motd ', 'HTTP/1.', @@ -235,6 +238,9 @@ function initCrackerTrackerArrays () { // Server configuration (e.g. Apache) 'application/x-httpd-php', + // Annoying script name + 'vuln.php', + // "Common" login names from VHCS exploiters 'starhack', 'DeLiMehmet', 'hisset', 'Hisset', 'delimert', 'MecTruy' ]; -- 2.39.5