From a6363a77b01403ce6073c12d294d7b9249c0f305 Mon Sep 17 00:00:00 2001 From: Roland Haeder Date: Thu, 31 Dec 2009 13:51:25 +0000 Subject: [PATCH] Some nice improvements: - Mail headers and receipient address configurable (the constant __CTRACKER_EMAIL is deprecated) - Domain is now included in check (see function isCrackerTrackerEntryFound()) - Last attempt wasn't logged correctly (bad SQL) - Minor improvements --- config/db_config.php.dist | 6 ++++++ install/install.sql | 2 +- libs/lib_connect.php | 4 ++-- libs/lib_detector.php | 7 +++++-- 4 files changed, 14 insertions(+), 5 deletions(-) diff --git a/config/db_config.php.dist b/config/db_config.php.dist index 4a4c683..8821b7f 100644 --- a/config/db_config.php.dist +++ b/config/db_config.php.dist @@ -37,5 +37,11 @@ $GLOBALS['ctracker_password'] = ''; // Debugging should be disabled by default // $GLOBALS['ctracker_debug'] = true; +// Mail headers +$GLOBALS['ctracker_header'] = 'From: ctracker@domain.invalid'; + +// Email recipient for all emails +$GLOBALS['ctracker_email'] = 'you@domain.invalid'; + // [EOF] ?> diff --git a/install/install.sql b/install/install.sql index eb3ce77..aef3d90 100644 --- a/install/install.sql +++ b/install/install.sql @@ -10,7 +10,7 @@ CREATE TABLE IF NOT EXISTS `ctracker_data` ( `script_name` varchar(255) NOT NULL COMMENT 'Full script name', `referer` varchar(255) NOT NULL COMMENT 'Referer', `first_attempt` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00' COMMENT 'First attempt', - `last_attempt` timestamp NOT NULL COMMENT 'Last attempt', + `last_attempt` TIMESTAMP ON UPDATE CURRENT_TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT 'Last attempt', `count` bigint(20) unsigned NOT NULL DEFAULT '0' COMMENT 'Counter', PRIMARY KEY (`id`), KEY `remote_addr` (`remote_addr`) diff --git a/libs/lib_connect.php b/libs/lib_connect.php index 800b07e..b4f3772 100644 --- a/libs/lib_connect.php +++ b/libs/lib_connect.php @@ -103,10 +103,10 @@ function updateCrackerTrackerEntry ($rowData) { runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__); } -// Checks if an entry with IP/check_worm combination is there +// Checks if an entry with IP/check_worm/domain combination is there function isCrackerTrackerEntryFound ($rowData) { // Construct the SELECT query - $SQL = 'SELECT `id` FROM `ctracker_data` WHERE `remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" AND `check_worm` = "' . crackerTrackerEscapeString($rowData['check_worm']) . '" LIMIT 1'; + $SQL = 'SELECT `id` FROM `ctracker_data` WHERE `remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" AND `check_worm` = "' . crackerTrackerEscapeString($rowData['check_worm']) . '" AND `server_name`="' . crackerTrackerEscapeString($rowData['server_name']) . '" LIMIT 1'; // Run the SQL and check if we have one line return (mysql_num_rows(runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__)) == 1); diff --git a/libs/lib_detector.php b/libs/lib_detector.php index eb9ed1d..60c9f85 100644 --- a/libs/lib_detector.php +++ b/libs/lib_detector.php @@ -144,9 +144,12 @@ function crackerTrackerSendMail ($mail) { // All fine return true; - } else { + } elseif (isset($GLOBALS['ctracker_email'])) { // Send it - return mail(constant('__CTRACKER_EMAIL'), 'CTracker: Attack detected!', $mail, 'From: ctracker@mxchange.org'); + return mail($GLOBALS['ctracker_email'], 'CTracker: Attack detected!', $mail, $GLOBALS['ctracker_header']); + } else { + // Send it the deprecated way with constant + return mail(constant('__CTRACKER_EMAIL'), 'CTracker: Attack detected!', $mail, $GLOBALS['ctracker_header']); } } // END - if } -- 2.39.5