From 7136865ca398b41614a80d57ae397bc1fff63c10 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Tue, 2 Apr 2019 01:38:55 +0200
Subject: [PATCH] Continued: - added "vuln.php" which seem to be a
 remote-inclusion attack

---
 libs/lib_detector.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index 3b6dd58..1a932ba 100644
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -154,6 +154,9 @@ function initCrackerTrackerArrays () {
 		// Server configuration (e.g. Apache)
 		'application/x-httpd-php', 'addtype', 'server-info', 'server-status',
 
+		// Annoying script name
+		'vuln.php',
+
 		// @TODO Misc/unsorted
 		'cgi-', '.eml', '$_request', '$_get', '$request', '$get', '.system',
 		'&aim', 'new_password', '&icq', '.conf', 'motd ', 'HTTP/1.',
@@ -235,6 +238,9 @@ function initCrackerTrackerArrays () {
 		// Server configuration (e.g. Apache)
 		'application/x-httpd-php',
 
+		// Annoying script name
+		'vuln.php',
+
 		// "Common" login names from VHCS exploiters
 		'starhack', 'DeLiMehmet', 'hisset', 'Hisset', 'delimert', 'MecTruy'
 	];
-- 
2.39.2