From aa998766455513fb3f6bc5b0aefefe016d3c72b1 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Fri, 10 Jan 2025 01:30:32 +0100
Subject: [PATCH] Continued: - added some php.ini keys as they where used for
 attacking my server (the later   was intended to include a remote text file

---
 libs/lib_detector.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index 122f773..c139b28 100644
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -105,6 +105,9 @@ function initCrackerTrackerArrays () {
 		'set_magic_quotes_runtime', 'set_magic_quotes_runtime', 'display_errors', 'passthru',
 		'call_user_func', 'set_time_limit', 'urldecode',
 
+		// php.ini variables
+		'disable_functions', 'safe_mode', 'allow_url_include', 'auto_prepend_file',
+
 		// Typical PHP script remote-inclusions and typical include file names
 		'.inc.php', '.lib.php', '.class.php', 'config.php', '.inc', '_php',
 		'php_', 'class_', '_class.php', 'db_mysql.inc',
-- 
2.39.5