', 'javascript\://','img src', 'img%20src','.jsp','ftp.exe', 'xp_enumdsn', 'xp_availablemedia', 'xp_filelist', 'xp_cmdshell', 'nc.exe', '.htpasswd', 'servlet', '/etc/passwd', 'wwwacl', '~root', '~ftp', '.js', '.jsp', 'admin_', '.history', 'bash_history', '.bash_history', '~nobody', 'server-info', 'server-status', 'reboot%20', 'halt%20', 'powerdown%20', '/home/ftp', '/home/www', 'secure_site, ok', 'chunked', 'org.apache', '/servlet/con', '', 'sql='); $checkworm = str_replace($wormprotector, '*', $cracktrack); if ($cracktrack != $checkworm) { $cremotead = $_SERVER['REMOTE_ADDR']; $cuseragent = $_SERVER['HTTP_USER_AGENT']; // // Collecting information about the Attack and the Attacker // $ctl_pmeld = 1; $ctl_stamp = date("d.m.Y, H:i",time()); $ctl_remotead = $_SERVER['REMOTE_ADDR']; $ctl_query = $_SERVER['QUERY_STRING']; $ctl_referrer = $_SERVER['HTTP_REFERER']; $ctl_agent = $_SERVER['HTTP_USER_AGENT']; $ctl_filename = $_SERVER['SCRIPT_FILENAME']; // // Now we built the Line for the Message // $ctr_message = "Angriff abgewehrt auf: " . $ctl_filename . "\n\n" . $ctl_stamp . ' IP: ' . $ctl_remotead . ' Query: ' . $ctl_query . ' => ' . $checkworm . ' ' . $ctl_referrer . ' ' . $ctl_agent; // // We send the Message per Email // mail("odysseetheater@aon.at","Angriff auf www.odysseetheater.com",$ctr_message); // // Now we stop the script with a warning message // die( "

Attack detected!



Dieser Angriff wurde erkannt und blockiert:
$cremotead - $cuseragent" ); } // // End CrackerTracker StandAlone // Function statistik ($link){ /* $linker=strtolower($link); $linker= str_replace ("https://","", $linker); $linker= str_replace ("/","", $linker); $linker= str_replace ('.',"", $linker); $linker= str_replace ('?',"", $linker); $linker= str_replace ('=',"", $linker); $linker= str_replace (';',"", $linker); if(file_exists("../../data_d/".$linker)) { $fn=fopen("../../data_d/".$linker,"r"); $statis=file("../../data_d/".$linker); $stat=explode("|", $statis[0]); fclose($fn); } else { $stat[0]=0; } */ //Extract FileName from pictures and .zip $files = explode("=",$link); if ($files[1] != ""){ $files[1] = eregi_replace("https://www.odysseetheater.org/ftp","",$files[1]); $link = "https://www.odysseetheater.org/ftp".$files[1]; #echo $link; } // Database authorization $conf['host'] = 'localhost'; $conf['base'] = 'odysseet_odysseetheater'; $conf['login'] = 'root'; $conf['password'] = 'evapeter'; $request = "select * FROM files WHERE nom LIKE '$link'"; $db = mysql_connect($conf['host'], $conf['login'], $conf['password']); mysql_select_db($conf['base'],$db); $req = mysql_query($request); $records = @mysql_fetch_array($req); $rec_download = ($records['downloads']); $stat[0] = $rec_download; return $stat[0]; } Function fncLinkDir( $dirname ) { $target = "_blank"; if ( is_file( $_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI'] ) ) { $_SERVER['REQUEST_URI'] = ereg_replace( $mefile = strrchr( $_SERVER['REQUEST_URI'], "/" ), "/", $_SERVER['REQUEST_URI'] ); }; /* Open Current Working Directory for reading. */ if( !$dirid = @opendir( $dirname.$recurse ) ) { print "

Das Verzeichnis kann nicht geöffnet werden!

"; return 1; }; /* Read the contents of the directory one by one */ while ($entry = @readdir($dirid)) { /* Begin File Exclusion; for long lists use an array and while loop to save you some editing time. PHP 4 races through loops. */ /* Do not list hidden files; begins with . Why: Indexing . will cause infinite loop and eventually a stack overfrow. */ if ( $entry == "." ) { continue; } if ( strpos( $entry, "." ) === 0 ) { continue; } /* Do not list Microsoft Frontpage junk. */ if ( strpos( $entry, "_vti_" ) === 0 ) { continue; } /* Do not list Dreamweaver junk. if ( strpos( $entry, "_notes" ) === 0 ) { continue; } /* Do not list _private. */ if ( strpos( $entry, "_private" ) === 0 ) { continue; } /* Do not list .htaccess. */ if ( strpos( $entry, ".htaccess" ) > 0 ) { continue; } /* Do not list _counter. */ if ( strpos( $entry, "counter" ) === 0 ) { continue; } /* Do not list cgi-bin. */ if ( strpos( $entry, "cgi-bin" ) === 0 ) { continue; } /* Do not list .log. */ if ( strpos( $entry, ".log" ) > 0 ) { continue; } /* Do not list error. */ if ( strpos( $entry, "error" ) === 0 ) { continue; } /* Do not list Thumbs.db */ if ( strpos( $entry, "Thumbs.db" ) === 0 ) { continue; } /* Do not list index.xml */ if ( strpos( $entry, "index.xml" ) === 0 ) { continue; } /* Do not list google. */ if ( strpos( $entry, "google" ) === 0 ) { continue; } /* Do not list _webstat. */ if ( strpos( $entry, "webstat" ) === 0 ) { continue; } /* Do not list _linkok. */ if ( strpos( $entry, "linkok" ) === 0 ) { continue; } /* Do not list _default. */ if ( strpos( $entry, "default" ) === 0 ) { continue; } /* Do not list _acounter. */ if ( strpos( $entry, "acounter" ) === 0 ) { continue; } /* Do not list _dir. */ if ( strpos( $entry, "dir" ) === 0 ) { continue; } /* Do not list _buttons. */ if ( eregi("header", $entry) ) { continue; } /* Do not list _errordocs. */ if ( strpos( $entry, "40" ) === 0 ) { continue; } /* Do not list _java script files. */ if ( eregi( ".js", $entry) ) { continue; } /* Do not list _php script files. */ if ( eregi( ".php", $entry) ) { continue; } /* End File Exclusion */ /* Add this entry to the listing */ $dirEntries[] = $entry; } /* Sort listing alphabetically then reset to start */ if ($dirEntries) { sort( $dirEntries ); reset( $dirEntries ); } /* HTML, Open a table */ print ""; print ""; /* Walk through the current directory */ $i = 0; while( $dirEntries[$i] ) { /* Assign a short name */ $fileName = $dirname . "/" . $dirEntries[$i]; $fileNameShort = $dirEntries[$i]; if( is_dir( $fileName ) ) /* It is a directory structure */ { /* HTML, Open directory list item */ $fsize = filesize($fileName); $fdate = date("d.m.Y H:i", filemtime($fileName)); print "\n"; /* Recurse into subdirectory */ //fncLinkDir( $fileName ); /* HTML, Close the directory list item */ } /* Increment the index else we loop forever, doh! */ $i ++; } /* Walk through the current directory: printing files*/ $i = 0; while( $dirEntries[$i] ) { /* Assign a short name */ $fileName = $dirname . "/" . $dirEntries[$i]; $fileNameLink = "https://www.odysseetheater.org/ftp" . substr($fileName,strlen($_SERVER['DOCUMENT_ROOT'] . "/ftp")); $fileNameShort = $dirEntries[$i]; if( !is_dir( $fileName ) ) /* It is a directory structure */ { /* HTML, Create a list item entry. */ $fsize = filesize($fileName); $fdate = date("d.m.Y H:i", filemtime($fileName)); /* if ($fsize < 500){ $filecontent = file_get_contents($fileName); if (substr($filecontent,0,7) == "https://"){ $fsize = filesize(ereg_replace("https://www.odysseetheater.org",$_SERVER['DOCUMENT_ROOT'],$filecontent)); if ($fsize == 0) $fsize = strlen(file_get_contents($filecontent)); } } */ if ($fsize == 0) $fsize = "?"; $icon = "_private/buttons/file_small.gif"; if (stristr($fileNameShort, ".pdf")){ $icon = "_private/buttons/adobepdf_small.gif";} if (stristr($fileNameShort, ".gif")){ $icon = "_private/buttons/image_gif_small.gif";} if (stristr($fileNameShort, ".png")){ $icon = "_private/buttons/image_gif_small.gif";} if (stristr($fileNameShort, ".ico")){ $icon = "_private/buttons/image_gif_small.gif";} if (stristr($fileNameShort, ".jpg") || stristr($fileNameShort, ".jpeg")){ $icon = "_private/buttons/image_jpg_small.gif";} if (stristr($fileNameShort, ".txt")){ $icon = "_private/buttons/text_small.gif";} if (stristr($fileNameShort, ".htm")){ $icon = "_private/buttons/HTML_small.gif";} if (stristr($fileNameShort, ".php")){ $icon = "_private/buttons/php_small.gif";} if (stristr($fileNameShort, ".rm")){ $icon = "_private/buttons/real_small.gif";} if (stristr($fileNameShort, ".mp3")){ $icon = "_private/buttons/mp3_small.gif";} if (stristr($fileNameShort, ".doc") || stristr($fileNameShort, ".rtf")){ $icon = "_private/buttons/word_small.gif";} if (stristr($fileNameShort, ".css")){ $icon = "_private/buttons/css_small.gif";} if (stristr($fileNameShort, ".xls")){ $icon = "_private/buttons/xls_small.gif";} if (stristr($fileNameShort, ".zip") || stristr($fileNameShort, ".tar") || stristr($fileNameShort, ".gz") || stristr($fileNameShort, ".rar")){ $icon = "_private/buttons/zip_small.gif";} if (stristr($fileNameShort, ".js")){ $icon = "_private/buttons/js_small.gif";} if (stristr($fileNameShort, ".ttf")){ $icon = "_private/buttons/TTF_small.gif";} if (stristr($fileNameShort, ".wmv") || stristr($fileNameShort, ".wma") || stristr($fileNameShort, ".mpg") || stristr($fileNameShort, ".avi") || stristr($fileNameShort, ".mov") || stristr($fileNameShort, ".mp4")){ $icon = "_private/buttons/windows_media_player_small.gif";} if (stristr($fileNameShort, ".vcf")){ $icon = "_private/buttons/vcard_small.gif";} // Statistik $count = statistik ("https://www.odysseetheater.org/ftp" . substr($fileName,strlen($_SERVER['DOCUMENT_ROOT'] . "/ftp"))) + statistik ("https://www.odysseetheater.com/ftp" . substr($fileName,strlen($_SERVER['DOCUMENT_ROOT'] . "/ftp"))); #$count_zip = statistik("https://www.odysseetheater.org/zip/index.php?file=".substr($fileName,strlen($_SERVER['DOCUMENT_ROOT'] . "/ftp"))); #$count_zip0 = statistik("https://www.odysseetheater.org/zip/index0.php?file=".substr($fileName,strlen($_SERVER['DOCUMENT_ROOT'] . "/ftp"))); #$count_zip1 = statistik("https://www.odysseetheater.org/zip/index1.php?file=".substr($fileName,strlen($_SERVER['DOCUMENT_ROOT'] . "/ftp"))); #$count_pic1 = statistik("https://www.odysseetheater.org/viewer.php?url=https://www.odysseetheater.org/ftp" . substr($fileName,strlen($_SERVER['DOCUMENT_ROOT'] . "/ftp"))); #$count_pic2 = statistik("https://www.anthroposophie.net/viewer.php?url=https://www.odysseetheater.org/ftp" . substr($fileName,strlen($_SERVER['DOCUMENT_ROOT'] . "/ftp"))); #$count_pic3 = statistik("https://www.odysseetheater.org/ftp/_private/viewer_odyssee.php?url=https://www.odysseetheater.org/ftp" . substr($fileName,strlen($_SERVER['DOCUMENT_ROOT'] . "/ftp"))); #$count_pic4 = statistik("https://www.odysseetheater.org/ftp/_private/viewer_anthroposophie.php?url=https://www.odysseetheater.org/ftp" . substr($fileName,strlen($_SERVER['DOCUMENT_ROOT'] . "/ftp"))); $count_all = $count + $count_zip + $count_zip0 + $count_zip1 + $count_pic1 + $count_pic2 + $count_pic3 + $count_pic4; // Ende Statistik if (stristr($fileNameShort, ".jpg") or stristr($fileNameShort, ".gif") or stristr($fileNameShort, ".png") or stristr($v, ".bmp")) print "\n"; else print "\n"; } /* Increment the index else we loop forever, doh! */ $i ++; } /* HTML, Close the unordered list */ //print "\n"; print "
GrößeDatumDownloads
$fileNameShort$fsize$fdate
$fileNameShort$fsize$fdate$count_all
$fileNameShort$fsize$fdate$count_all
"; /* Wait, we're finished? */ }; if (!stristr($dirname,$_SERVER['DOCUMENT_ROOT'] . "/ftp")) $dirname=$_SERVER['DOCUMENT_ROOT'] . "/ftp".$dirname; if (stristr($dirname,"/..")) $dirname=$dirname=$_SERVER['DOCUMENT_ROOT'] . "/ftp"; /* if (!$dirname) $dirname="/usr/local/psa/home/vhosts/anthrowiki.info/httpdocs/ftp"; */ $indexuri = explode("?", $_SERVER['REQUEST_URI']); print"

Inhalt von ".substr($dirname,strlen($_SERVER['DOCUMENT_ROOT']))."

"; print '

HTTP (1)      HTTP (2)

'; if (($dirname) && ($dirname != "." ) && eregi($_SERVER['DOCUMENT_ROOT'] . "/ftp/", $dirname)){ $up=substr($dirname,0,strrpos($dirname,"/")); print "\n"; fncLinkDir($dirname);} else { fncLinkDir($_SERVER['DOCUMENT_ROOT'] . "/ftp"); //fncLinkDir(".", $recurse, $_SERVER['REQUEST_URI'], $_SERVER['DOCUMENT_ROOT']); } ?>