From fe7975be01524ab92c888ede62e0ed1ab186f006 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Thu, 28 Jul 2016 10:18:13 +0200 Subject: [PATCH] Renaming season has started: - renamed $F -> $function - renamed $L -> $line - renamed $SQL -> $sqlString - added type-hint for arrays MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Roland Häder --- libs/lib_connect.php | 40 ++++++++++++++++++++-------------------- libs/lib_detector.php | 23 ++++++++++++----------- libs/lib_updates.php | 8 ++++++++ 3 files changed, 40 insertions(+), 31 deletions(-) diff --git a/libs/lib_connect.php b/libs/lib_connect.php index 533ad55..05a7de9 100644 --- a/libs/lib_connect.php +++ b/libs/lib_connect.php @@ -96,7 +96,7 @@ function crackerTrackerCloseDatabaseLink () { } // END - if } -// Inserts given array, if IP/check_worm combination was not found +// Inserts given array, if IP/check_get combination was not found function crackerTrackerInsertArray ($table, $rowData) { // Is there a link up? if (!isCrackerTrackerDatabaseLinkUp()) { @@ -107,13 +107,13 @@ function crackerTrackerInsertArray ($table, $rowData) { // Is it found? if (!isCrackerTrackerEntryFound($rowData)) { // Prepare SQL - $SQL = 'INSERT INTO `' . $table . '` (`' . implode('`,`', array_keys($rowData)) . '`) VALUES(' . implode_secure($rowData) . ')'; + $sqlString = 'INSERT INTO `' . $table . '` (`' . implode('`,`', array_keys($rowData)) . '`) VALUES(' . implode_secure($rowData) . ')'; // Reset insert id $GLOBALS['ctracker_last_insert_id'] = FALSE; // Run it - runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__); + runCrackerTrackerSql($sqlString, __FUNCTION__, __LINE__); // Remember the last insert id $GLOBALS['ctracker_last_insert_id'] = mysqli_insert_id($GLOBALS['ctracker_link']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); @@ -124,21 +124,21 @@ function crackerTrackerInsertArray ($table, $rowData) { } // Updates a given entry by just counting it up -function updateCrackerTrackerEntry ($rowData) { +function updateCrackerTrackerEntry (array $rowData) { // Construct the SELECT query - $SQL = 'UPDATE `ctracker_data` SET `count`=`count`+1 WHERE (`remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" OR `proxy_addr`="' . crackerTrackerEscapeString($rowData['proxy_addr']) . '") AND `check_worm` = "' . crackerTrackerEscapeString($rowData['check_worm']) . '" LIMIT 1'; + $sqlString = 'UPDATE `ctracker_data` SET `count`=`count`+1 WHERE (`remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" OR `proxy_addr`="' . crackerTrackerEscapeString($rowData['proxy_addr']) . '") AND `` = "' . crackerTrackerEscapeString($rowData['']) . '" LIMIT 1'; // Run the SQL and check if we have one line - runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__); + runCrackerTrackerSql($sqlString, __FUNCTION__, __LINE__); } -// Checks if an entry with IP/check_worm/domain combination is there -function isCrackerTrackerEntryFound ($rowData) { +// Checks if an entry with IP/check_get/domain combination is there +function isCrackerTrackerEntryFound (array $rowData) { // Construct the SELECT query - $SQL = 'SELECT `id` FROM `ctracker_data` WHERE (`remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" OR `proxy_addr`="' . crackerTrackerEscapeString($rowData['proxy_addr']) . '") AND `check_worm` = "' . crackerTrackerEscapeString($rowData['check_worm']) . '" AND `server_name`="' . crackerTrackerEscapeString($rowData['server_name']) . '" LIMIT 1'; + $sqlString = 'SELECT `id` FROM `ctracker_data` WHERE (`remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" OR `proxy_addr`="' . crackerTrackerEscapeString($rowData['proxy_addr']) . '") AND `check_get` = "' . crackerTrackerEscapeString($rowData['check_get']) . '" AND `server_name`="' . crackerTrackerEscapeString($rowData['server_name']) . '" LIMIT 1'; // Run the SQL and check if we have one line - return ((isCrackerTrackerDatabaseLinkUp()) && (mysqli_num_rows(runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__)) == 1)); + return ((isCrackerTrackerDatabaseLinkUp()) && (mysqli_num_rows(runCrackerTrackerSql($sqlString, __FUNCTION__, __LINE__)) == 1)); } // Escapes the string @@ -160,7 +160,7 @@ function crackerTrackerEscapeString ($string) { } // END - if // Runs an SQL query and checks for errors -function runCrackerTrackerSql ($SQL, $F, $L) { +function runCrackerTrackerSql ($sqlString, $function, $line) { // Is the link up? if (!isCrackerTrackerDatabaseLinkUp()) { // Abort here @@ -168,10 +168,10 @@ function runCrackerTrackerSql ($SQL, $F, $L) { } // END - if // Remember last SQL - $GLOBALS['ctracker_last_sql'] = $SQL; + $GLOBALS['ctracker_last_sql'] = $sqlString; // Run the query - $GLOBALS['ctracker_last_result'] = mysqli_query($GLOBALS['ctracker_link'], $SQL) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + $GLOBALS['ctracker_last_result'] = mysqli_query($GLOBALS['ctracker_link'], $sqlString) or crackerTrackerDatabaseError($function, $line); // And return it return $GLOBALS['ctracker_last_result']; @@ -208,31 +208,31 @@ function isCrackerTrackerTableCreated ($table) { // Creates the given table with columns function crackerTrackerCreateTable ($table, array $columns, array $keys) { // Begin the SQL - $SQL = 'CREATE TABLE IF NOT EXISTS `' . $table . '` ('; + $sqlString = 'CREATE TABLE IF NOT EXISTS `' . $table . '` ('; // Add table name as first column - $SQL .= '`' . $table . '` BIGINT ( 20 ) UNSIGNED NOT NULL AUTO_INCREMENT, '; + $sqlString .= '`' . $table . '` BIGINT ( 20 ) UNSIGNED NOT NULL AUTO_INCREMENT, '; // Add all columns foreach ($columns as $column=>$type) { // Add this entry - $SQL .= '`' . $column . '` ' . $type . ', '; + $sqlString .= '`' . $column . '` ' . $type . ', '; } // END - foreach // Add table name as primary key - $SQL .= 'PRIMARY KEY (`' . $table . '`), '; + $sqlString .= 'PRIMARY KEY (`' . $table . '`), '; // Add keys foreach ($keys as $key=>$type) { // Add this entry - $SQL .= '' . $type . ' (`' . $key . '`), '; + $sqlString .= '' . $type . ' (`' . $key . '`), '; } // END - foreach // Finish SQL - $SQL = substr($SQL, 0, -2) . ') TYPE=InnoDB'; + $sqlString = substr($sqlString, 0, -2) . ') TYPE=InnoDB'; // And run it - runCrackerTrackerSql($SQL); + runCrackerTrackerSql($sqlString); } // Inits a table by inserting diff --git a/libs/lib_detector.php b/libs/lib_detector.php index a59ae07..49b3976 100644 --- a/libs/lib_detector.php +++ b/libs/lib_detector.php @@ -251,7 +251,7 @@ function crackerTrackerSendMail ($mail, $recipient = NULL, $subject = NULL) { $rowData = array( 'remote_addr' => determineCrackerTrackerRealRemoteAddress(), 'proxy_addr' => getenv('REMOTE_ADDR'), - 'check_worm' => $GLOBALS['ctracker_checked_get'], + 'check_get' => $GLOBALS['ctracker_checked_get'], 'server_name' => crackerTrackerServerName() ); @@ -291,16 +291,16 @@ function sendCrackerTrackerPostMail () { // Mail text $mail = 'POST-Attack detected: ----------------------------------------------------- -Remote-IP : '.determineCrackerTrackerRealRemoteAddress().' -User-Agent : '.crackerTrackerUserAgent().' -Request-string : '.crackerTrackerQueryString().' -Filtered string : '.$GLOBALS['ctracker_checked_get'].' -Server : '.crackerTrackerServerName().' -Script : '.crackerTrackerScriptName().' -Referrer : '.crackerTrackerReferer().' +Remote-IP : ' . determineCrackerTrackerRealRemoteAddress() . ' +User-Agent : ' . crackerTrackerUserAgent() . ' +Request-string : ' . crackerTrackerQueryString() . ' +Filtered string : ' . $GLOBALS['ctracker_checked_get'] . ' +Server : ' . crackerTrackerServerName() . ' +Script : ' . crackerTrackerScriptName() . ' +Referrer : ' . crackerTrackerReferer() . ' ----------------------------------------------------- -POST string : '.$GLOBALS['ctracker_post_track'].' -Filtered POST string : '.$GLOBALS['ctracker_checked_post'].' +POST string : ' . $GLOBALS['ctracker_post_track'] . ' +Filtered POST string : ' . $GLOBALS['ctracker_checked_post'] . ' ----------------------------------------------------- '; @@ -355,7 +355,8 @@ function crackerTrackerLogAttack () { 'user_agent' => crackerTrackerUserAgent(), 'get_data' => crackerTrackerQueryString(), 'post_data' => $GLOBALS['ctracker_post_track'], - 'check_worm' => $GLOBALS['ctracker_checked_get'], + 'check_ua' => $GLOBALS['ctracker_checked_ua'], + 'check_get' => $GLOBALS['ctracker_checked_get'], 'check_post' => $GLOBALS['ctracker_checked_post'], 'server_name' => crackerTrackerServerName(), 'script_name' => crackerTrackerScriptName(), diff --git a/libs/lib_updates.php b/libs/lib_updates.php index 73944a7..dc0cd67 100644 --- a/libs/lib_updates.php +++ b/libs/lib_updates.php @@ -82,6 +82,14 @@ FOREIGN KEY ( `ctracker_data_id` ) REFERENCES `' . $GLOBALS['ctracker_dbname'] . 6 => array( 'ALTER TABLE `ctracker_data` ADD INDEX `count` (`count`)', ), + + // Log also UA after check + 7 => array( + "ALTER TABLE `ctracker_data` + ADD `check_ua` tinytext COLLATE 'utf8_general_ci' NULL COMMENT 'User agent after check' AFTER `post_data`, + CHANGE `check_worm` `check_get` tinytext COLLATE 'utf8_general_ci' NOT NULL COMMENT 'GET data after check' AFTER `check_ua`, + CHANGE `check_post` `check_post` tinytext COLLATE 'utf8_general_ci' NOT NULL COMMENT 'POST data after check' AFTER `check_worm`", + ), ); } -- 2.39.2