Detection of hexa-decimal encoded (0xXXXXX) strings added

[ctracker.git] / libs / lib_detector.php

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index b8116e3246a74964236a909ff076d8646ca2fda1..1a18062bea46613155be2f5cc3af51a58710baa7 100644 (file)
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -40,7 +40,7 @@ function initCrackerTrackerArrays () {
                'cmd=lostpw' // LinPHA
        );
 
-       // Attacks we should detect and blok
+       // Attacks we should detect and block
        $GLOBALS['ctracker_get_blacklist'] = array(
                'chr(', 'chr=', 'chr%20', '%20chr', 'wget%20', '%20wget', 'wget(',
                'cmd=', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20',
@@ -67,14 +67,13 @@ function initCrackerTrackerArrays () {
                'div style=', 'overflow: auto', 'height: 1px', 'cc%20', 'admin_action=', 'path=', 'action=http',
                'page=http', 'module=http', 'op=http', 'id=http', 'id%3Dhttp', 'action%3Dhttp', 'page%3Dhttp',
                'module%3Dhttp', 'op%3Dhttp', 'starhack', '../../','..//', 'directory=http', 'dir=http', 'busca',
-               'uol.com', '=http://', '=https://','=ftp://','=file://','_SESSION','CFG_ROOT','/proc/'
+               'uol.com', '=http://', '=https://','=ftp://','=file://','_SESSION','CFG_ROOT','/proc/',',0x5'
        );
 
        // Block these words found in POST requests
        $GLOBALS['ctracker_post_blacklist'] = array(
-               // These two lines are for detecting hidden link spam in wikis, forums, guestbooks, etc.
+               // This line is for detecting hidden link spam in wikis, forums, guestbooks, etc.
                'div style=', 'overflow:auto', 'height:1px', 'width:1px', 'display:hidden',
-               'overflow: auto', 'height: 1px', 'display: hidden',
                // "Common" login name from VHCS exploiters ;-)
                'starhack', 'DeLiMehmet', 'hisset', 'Hisset', 'delimert', 'MecTruy',
                'busca'