// Checks for worms
function isCrackerTrackerWormDetected () {
// Check against the whole list
- $GLOBALS['ctracker_checkworm'] = str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', urldecode(crackerTrackerQueryString()));
+ $GLOBALS['ctracker_checkworm'] = urldecode(str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', crackerTrackerQueryString()));
// If it differs to original and the *whole* request string is not in whitelist
// then blog the attempt
// Checks POST data
function isCrackerTrackerPostAttackDetected () {
// Implode recursive the whole $_POST array
- $GLOBALS['ctracker_post_track'] = implode_r('', $_POST);
+ $GLOBALS['ctracker_post_track'] = urldecode(implode_r('', $_POST));
// Check for suspicious POST data
$GLOBALS['ctracker_check_post'] = str_ireplace($GLOBALS['ctracker_post_blacklist'], '*', $GLOBALS['ctracker_post_track']);
// Mail content
$mail = "Attack detected:
-----------------------------------------------------
-Remote-IP : ".determineCrackerTrackerRealRemoteAddress()."
-User-Agent : ".crackerTrackerUserAgent()."
-Request-string : ".crackerTrackerQueryString()."
-Filtered string : ".$GLOBALS['ctracker_checkworm']."
-Server : ".crackerTrackerServerName()."
-Script : ".crackerTrackerScriptName()."
-Referrer : ".crackerTrackerReferer()."
+Remote-IP : " . determineCrackerTrackerRealRemoteAddress() . "
+User-Agent : " . crackerTrackerUserAgent() . "
+Request-string : " . crackerTrackerQueryString() . "
+Filtered string : " . $GLOBALS['ctracker_checkworm'] . "
+Server : " . crackerTrackerServerName() . "
+Script : " . crackerTrackerScriptName() . "
+Referrer : " . crackerTrackerReferer() . "
-----------------------------------------------------
";
projects / ctracker.git / blobdiff