From d32bed6716147f435c0de022377397fe0703ce5e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Wed, 22 Aug 2018 20:19:44 +0200 Subject: [PATCH] Continued: - added INSERT_RANDOM_NUMBER_HERE, typical for incompletely configured OpenX/revive Ad Server - changed to "new" array style - renamed ctracker_blocked_requests -> ctracker_blocked_methods as they are the request methods that should always be blocked - updated .gitattributes --- .gitattributes | 33 ++++++++++++++++++++++++++++++++- libs/lib_connect.php | 12 ++++++------ libs/lib_detector.php | 32 +++++++++++++++++--------------- libs/lib_general.php | 18 +++++++++--------- libs/lib_updates.php | 4 ++-- 5 files changed, 66 insertions(+), 33 deletions(-) diff --git a/.gitattributes b/.gitattributes index dfe0770..72184ce 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,33 @@ -# Auto detect text files and perform LF normalization +# +### Distribute this file on all GIT projects! +# +# Autodetect text files * text=auto + +# Force the following filetypes to have unix eols, so Windows does not break them +*.* text eol=lf + +# Force images/fonts to be handled as binaries +*.jpg binary +*.jpeg binary +*.gif binary +*.png binary +*.t3x binary +*.t3d binary +*.exe binary +*.data binary +*.ttf binary +*.eof binary +*.eot binary +*.swf binary +*.mov binary +*.mp4 binary +*.mp3 binary +*.ogg binary +*.flv binary +*.jar binary +*.pdf binary +*.woff* binary +*.otf binary +*.z binary +*.docx binary diff --git a/libs/lib_connect.php b/libs/lib_connect.php index 4885b2f..e21af93 100644 --- a/libs/lib_connect.php +++ b/libs/lib_connect.php @@ -46,9 +46,9 @@ function aquireCrackerTrackerDatabaseLink () { // Inits a fake configurtation function crackerTrackerInitFakeConfig () { // Set the array - $GLOBALS['ctracker_config'] = array( + $GLOBALS['ctracker_config'] = [ 'ctracker_alert_user' => 'Y', - ); + ]; } // Checks if the link is up @@ -367,14 +367,14 @@ function ifCrackerTrackerIpHasTicket () { // Adds a ticket based on given (mostly $_POST) data function addCrackerTrackerTicket (array $data) { // Prepare the array - $GLOBALS['ctracker_last_ticket'] = array( + $GLOBALS['ctracker_last_ticket'] = [ 'ctracker_ticket_remote_addr' => determineCrackerTrackerRealRemoteAddress(), 'ctracker_ticket_proxy_addr' => getenv('REMOTE_ADDR'), 'ctracker_ticket_user_agent' => crackerTrackerUserAgent(), 'ctracker_ticket_name' => crackerTrackerSecureString($data['name']), 'ctracker_ticket_email' => crackerTrackerSecureString($data['email']), 'ctracker_ticket_comment' => crackerTrackerSecureString($data['comment']) - ); + ]; // Insert it crackerTrackerInsertArray('ctracker_ticket', $GLOBALS['ctracker_last_ticket']); @@ -382,10 +382,10 @@ function addCrackerTrackerTicket (array $data) { // Is there an entry? if ((isset($GLOBALS['ctracker_last_insert_id'])) && ($GLOBALS['ctracker_last_insert_id'] > 0)) { // All fine, so prepare the link between ticket<->data - $data = array( + $data = [ 'ctracker_ticket_id' => $GLOBALS['ctracker_last_insert_id'], 'ctracker_data_id' => $GLOBALS['ctracker_last_suspicious_entry']['id'] - ); + ]; // And insert it as well crackerTrackerInsertArray('ctracker_ticket_data', $data); diff --git a/libs/lib_detector.php b/libs/lib_detector.php index c008a2f..21a15d8 100644 --- a/libs/lib_detector.php +++ b/libs/lib_detector.php @@ -37,17 +37,17 @@ function initCrackerTrackerArrays () { $GLOBALS['ctracker_base_path'] = dirname(dirname(__FILE__)); // Whitelist some absolute query strings (see below) - $GLOBALS['ctracker_whitelist'] = array( + $GLOBALS['ctracker_whitelist'] = [ 'cmd=new', // LinPHA 'cmd=edit', // LinPHA 'cmd=lostpw', // LinPHA '/css/status_config.php', // MantisBT '/css/common_config.php', // MantisBT '/javascript_config.php', // MantisBT - ); + ]; // Attacks we should detect and block - $GLOBALS['ctracker_get_blacklist'] = array( + $GLOBALS['ctracker_get_blacklist'] = [ // SQL injections 'union ', ' union', 'insert ', 'select ', ' like', 'like ', 'drop ', 'update ', @@ -154,11 +154,11 @@ function initCrackerTrackerArrays () { 'window.open', 'img src', 'img src', '.jsp', 'servlet', 'org.apache', 'wwwacl', 'server-info', 'server-status', '/servlet/con', 'http_', 'secure_site, ok', 'chunked', '