From 7fa424e2fb3bb33a79ba1d793f1785809f99c508 Mon Sep 17 00:00:00 2001 From: Roland Haeder Date: Thu, 7 Jan 2010 16:17:25 +0000 Subject: [PATCH] Renamed to bypass naming conflicts --- libs/lib_detector.php | 42 +++++++++++++++++++++--------------------- libs/lib_general.php | 4 ++-- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/libs/lib_detector.php b/libs/lib_detector.php index 4459a58..7d7836e 100644 --- a/libs/lib_detector.php +++ b/libs/lib_detector.php @@ -34,14 +34,14 @@ function initCrackerTrackerArrays () { } // Whitelist some absolute query strings (see below) - $GLOBALS['whitelist'] = array( + $GLOBALS['ctracker_whitelist'] = array( 'cmd=new', // LinPHA 'cmd=edit', // LinPHA 'cmd=lostpw' // LinPHA ); // Attacks we should detect and blok - $GLOBALS['wormprotector'] = array( + $GLOBALS['ctracker_wormprotector'] = array( 'chr(', 'chr=', 'chr%20', '%20chr', 'wget%20', '%20wget', 'wget(', 'cmd=', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20', 'union%20', '%20union', 'union(', 'union=', 'echr(', '%20echr', 'echr%20', 'echr=', @@ -70,7 +70,7 @@ function initCrackerTrackerArrays () { ); // Block these words found in POST requests - $GLOBALS['post_blacklist'] = array( + $GLOBALS['ctracker_post_blacklist'] = array( // These two lines are for detecting hidden link spam in wikis, forums, guestbooks, etc. 'div style=', 'overflow:auto', 'height:1px', 'width:1px', 'display:hidden', 'overflow: auto', 'height: 1px', 'display: hidden', @@ -83,23 +83,23 @@ function initCrackerTrackerArrays () { // Checks for worms function isCrackerTrackerWormDetected () { // Check against the whole list - $GLOBALS['checkworm'] = str_replace($GLOBALS['wormprotector'], '*', $_SERVER['QUERY_STRING']); + $GLOBALS['ctracker_checkworm'] = str_replace($GLOBALS['ctracker_wormprotector'], '*', $_SERVER['QUERY_STRING']); // If it differs to original and the *whole* request string is not in whitelist // then blog the attempt - return ($GLOBALS['checkworm'] != $_SERVER['QUERY_STRING'] && (!in_array($_SERVER['QUERY_STRING'], $GLOBALS['whitelist']))); + return ($GLOBALS['ctracker_checkworm'] != $_SERVER['QUERY_STRING'] && (!in_array($_SERVER['QUERY_STRING'], $GLOBALS['ctracker_whitelist']))); } // Checks POST data function isCrackerTrackerPostAttackDetected () { // Implode recursive the whole $_POST array - $GLOBALS['post_track'] = implode_r('', $_POST); + $GLOBALS['ctracker_post_track'] = implode_r('', $_POST); // Check for suspicious POST data - $GLOBALS['check_post'] = str_replace($GLOBALS['post_blacklist'], '*', $GLOBALS['post_track']); + $GLOBALS['ctracker_check_post'] = str_replace($GLOBALS['ctracker_post_blacklist'], '*', $GLOBALS['ctracker_post_track']); // Is it detected? - return ((isCrackerTrackerWormDetected()) || ($GLOBALS['check_post'] != $GLOBALS['post_track'])); + return ((isCrackerTrackerWormDetected()) || ($GLOBALS['ctracker_check_post'] != $GLOBALS['ctracker_post_track'])); } // Prepares a mail and send it out @@ -107,10 +107,10 @@ function sendCrackerTrackerMail () { // Mail content $mail = "Attack detected: ----------------------------------------------------- -Remote-IP : ".determineRealRemoteAddress()." +Remote-IP : ".determineCrackerTrackerRealRemoteAddress()." User-Agent : ".$_SERVER['HTTP_USER_AGENT']." Request-string : ".$_SERVER['QUERY_STRING']." -Filtered string : ".$GLOBALS['checkworm']." +Filtered string : ".$GLOBALS['ctracker_checkworm']." Server : ".$_SERVER['SERVER_NAME']." Script : ".$_SERVER['SCRIPT_NAME']." Referrer : ".$_SERVER['HTTP_REFERRER']." @@ -131,8 +131,8 @@ Referrer : ".$_SERVER['HTTP_REFERRER']." function crackerTrackerSendMail ($mail) { // Construct dummy array $rowData = array( - 'remote_addr' => determineRealRemoteAddress(), - 'check_worm' => $GLOBALS['checkworm'], + 'remote_addr' => determineCrackerTrackerRealRemoteAddress(), + 'check_worm' => $GLOBALS['ctracker_checkworm'], 'server_name' => $_SERVER['SERVER_NAME'] ); @@ -160,16 +160,16 @@ function sendCrackerTrackerPostMail () { // Mail text $mail = "POST-Attack detected: ----------------------------------------------------- -Remote-IP : ".determineRealRemoteAddress()." +Remote-IP : ".determineCrackerTrackerRealRemoteAddress()." User-Agent : ".$_SERVER['HTTP_USER_AGENT']." Request-string : ".$_SERVER['QUERY_STRING']." -Filtered string : ".$GLOBALS['checkworm']." +Filtered string : ".$GLOBALS['ctracker_checkworm']." Server : ".$_SERVER['SERVER_NAME']." Script : ".$_SERVER['SCRIPT_NAME']." Referrer : ".$_SERVER['HTTP_REFERRER']." ----------------------------------------------------- -POST string : ".$GLOBALS['post_track']." -Filtered POST string : ".$GLOBALS['check_post']." +POST string : ".$GLOBALS['ctracker_post_track']." +Filtered POST string : ".$GLOBALS['ctracker_check_post']." ----------------------------------------------------- "; @@ -204,19 +204,19 @@ function crackerTrackerLogAttack () { $proxyUsed = 'N'; // Did the attacker use a proxy? - if (isProxyUsed()) { + if (isCrackerTrackerProxyUsed()) { // Set it $proxyUsed = 'Y'; } // END - if // Prepare array for database insert $rowData = array( - 'remote_addr' => determineRealRemoteAddress(), + 'remote_addr' => determineCrackerTrackerRealRemoteAddress(), 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'get_data' => $_SERVER['QUERY_STRING'], - 'post_data' => $GLOBALS['post_track'], - 'check_worm' => $GLOBALS['checkworm'], - 'check_post' => $GLOBALS['check_post'], + 'post_data' => $GLOBALS['ctracker_post_track'], + 'check_worm' => $GLOBALS['ctracker_checkworm'], + 'check_post' => $GLOBALS['ctracker_check_post'], 'server_name' => $_SERVER['SERVER_NAME'], 'script_name' => $_SERVER['SCRIPT_NAME'], 'referer' => $_SERVER['HTTP_REFERER'], diff --git a/libs/lib_general.php b/libs/lib_general.php index b3db3ef..85fed70 100644 --- a/libs/lib_general.php +++ b/libs/lib_general.php @@ -80,7 +80,7 @@ function isCrackerTrackerDebug () { } // Determines the real remote address -function determineRealRemoteAddress () { +function determineCrackerTrackerRealRemoteAddress () { // Is a proxy in use? if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { // Proxy was used @@ -104,7 +104,7 @@ function determineRealRemoteAddress () { } // Determine if a proxy was used -function isProxyUsed () { +function isCrackerTrackerProxyUsed () { // Check if specific entries are set $proxyUsed = ((isset($_SERVER['HTTP_X_FORWARDED_FOR'])) || (isset($_SERVER['HTTP_CLIENT_IP']))); -- 2.39.5