Modules update.

Author: Maikuolan

modules/module_badhosts.php

@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: Bad hosts blocker module (last modified: 2025.07.27).
+ * This file: Bad hosts blocker module (last modified: 2025.08.11).
  *
  * False positive risk (an approximate, rough estimate only): « [ ]Low [x]Medium [ ]High »
  */
@@ -113,28 +113,22 @@
 
     $Trigger(preg_match('~shadowserver\.org$~', $HN), 'Regular unauthorised proxy tunnel attempts'); // 2023.09.15
 
-    $Trigger(preg_match(
-        '~(?:iweb|privatedns)\.com$|iweb\.ca$|^(?:www\.)?iweb~',
-        $HN
-    ), 'Domain Snipers'); // 2017.02.15 mod 2021.06.28
+    $Trigger(preg_match('~(?:iweb|privatedns)\.com$|iweb\.ca$|^(?:www\.)?iweb~', $HN), 'Domain Snipers'); // 2017.02.15 mod 2021.06.28
 
     $Trigger(preg_match('~amazonaws\.com$~', $HN) && (
-        !preg_match(
-            '~alexa|postrank|twitt(?:urly|erfeed)|bitlybot|unwindfetchor|met' .
-            'auri|pinterest|slack|silk-accelerated=true$~',
-            $UANoSpace
-        ) &&
-        !preg_match(
-            '~(?:Feedspot http://www\.feedspot\.com|developers\.snap\.com/robots)$~',
-            $CIDRAM['BlockInfo']['UA']
-        )
+        !preg_match('~alexa|postrank|twitt(?:urly|erfeed)|bitlybot|unwindfetchor|metauri|pinterest|slack|silk-accelerated=true$~', $UANoSpace) &&
+        !preg_match('~(?:Feedspot http://www\.feedspot\.com|developers\.snap\.com/robots)$~', $CIDRAM['BlockInfo']['UA'])
     ), 'Amazon Web Services'); // 2023.02.28
 
     $Trigger(preg_match('/\.local$/', $HN), 'Spoofed/Fake Hostname'); // 2017.02.06
 
-    // See: https://zb-block.net/zbf/showthread.php?t=25
+    /**
+     * @link https://zb-block.net/zbf/showthread.php?t=25
+     */
     $Trigger(preg_match('/shodan\.io|(?:serverprofi24|aspadmin|project25499)\./', $HN), 'AutoSploit Host'); // 2018.02.02 mod 2021.02.07
 
+    $this->trigger(preg_match('~\.cypex\.ai$~', $HN), 'Unauthorised security scanner'); // 2025.08.11
+
     /** These signatures can set extended tracking options. */
     if (
         $Trigger(substr($HN, 0, 2) === '()', 'Banned hostname (Bash/Shellshock)') || // 2017.01.21
@@ -180,7 +174,7 @@
     ) {
         if ($Trigger(preg_match('~(?<!\w)tor(?!\w)|anonym|makesecure\.nl$|proxy~i', $HN), 'Proxy host')) {
             $CIDRAM['AddProfileEntry']('Tor endpoints here');
-        } // 2021.03.18
+        } // 2021.03.18 mod 2022.07.07
     }
 
     /** WordPress cronjob bypass. */
@@ -207,7 +201,7 @@
     } elseif (strpos($CIDRAM['BlockInfo']['WhyReason'], 'CAPTCHA cracker host') !== false) {
         $CIDRAM['Reporter']->report([15], ['CAPTCHA cracker detected at this address.'], $CIDRAM['BlockInfo']['IPAddr']);
     } elseif (strpos($CIDRAM['BlockInfo']['WhyReason'], 'esonicspider') !== false) {
-        $CIDRAM['Reporter']->report([21], ['esonicspider detected at this address.'], $CIDRAM['BlockInfo']['IPAddr']);
+        $CIDRAM['Reporter']->report([19, 21], ['esonicspider detected at this address.'], $CIDRAM['BlockInfo']['IPAddr']);
     }
 };
 

modules/module_extras.php

@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: Optional security extras module (last modified: 2025.08.10).
+ * This file: Optional security extras module (last modified: 2025.08.13).
  *
  * False positive risk (an approximate, rough estimate only): « [ ]Low [x]Medium [ ]High »
  */
@@ -120,7 +120,7 @@
                 'l(?:ock0?360|eaf_mailer|eaf_php|ufix(?:-shell)?|uuf)|' .
                 'm(?:akeasmtp|iin|oduless|u-plugins/db-safe-mode|y1)|' .
                 'njima|' .
-                'o(?:ld(?:/wp-admin/install|-up-ova)|rvx(?:-shell)?|thiondwmek)|' .
+                'o(?:ld(?:/wp-admin/install|-up-ova)|va-uname|rvx(?:-shell)?|thiondwmek)|' .
                 'p(?:erl\.alfa|hp(?:1|_niu_\d+)|huploader|lugins/(?:backup_index|vwcleanerplugin/bump|zedd/\d+)|oison|rayer_intentions|riv8|wnd|zaiihfi)|' .
                 'qxuho|' .
                 'r(?:andkeyword|endixd)|' .
@@ -140,7 +140,7 @@
                 ')\.php[578]?(?:$|[/?])|' .
                 'funs\.php[578]?(?:$|[/?])~',
                 $LCNrURI
-            ), 'Probing for webshells/backdoors') || // 2023.08.18 mod 2025.08.10
+            ), 'Probing for webshells/backdoors') || // 2023.08.18 mod 2025.08.11
             $Trigger(preg_match('~(?:^|[/?])(?:brutalshell|css/dmtixucz/golden-access|fierzashell\.html?|perl.alfa|search/label/php-shells|wp-ksv1i\.ph)(?:$|[/?])~', $LCNrURI), 'Probing for webshells/backdoors') || // 2025.05.12 mod 2025.08.07
             $Trigger(preg_match('~(?:^|[/?])(?:moon\.php|ss\.php)\?(?:f_c|p)=~', $LCNrURI), 'Probing for webshells/backdoors') // 2025.08.07
         ) {
@@ -319,9 +319,89 @@
         } // 2025.08.07
 
         /** Probing for exposed SQLite databases. */
-        if ($Trigger(preg_match('~(?:^|[/?])database\.sqlite(?:$|[/?])~', $LCNrURI), 'Probing for exposed SQLite databases')) {
+        if ($Trigger(preg_match('~(?:^|[/?])\.?database\.sqlite(?:$|[/?])~', $LCNrURI), 'Probing for exposed SQLite databases')) {
             $CIDRAM['Reporter']->report([15, 21], ['Caught probing for exposed SQLite databases.'], $CIDRAM['BlockInfo']['IPAddr']);
-        } // 2025.08.07
+        } // 2025.08.07 mod 2025.08.13
+
+        /** Probing for exposed Yarn configuration file. */
+        if ($Trigger(preg_match('~(?:^|[/?])\.?yarnrc(?:$|[/?])~', $LCNrURI), 'Probing for exposed Yarn configuration file')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for exposed Yarn configuration file.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.13
+
+        /** Probing for exposed Yarn lock file. */
+        if ($Trigger(preg_match('~(?:^|[/?])yarn\.lock(?:$|[/?])~', $LCNrURI), 'Probing for exposed Yarn lock file')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for exposed Yarn lock file.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.13
+
+        /** Probing for exposed NPM configuration file. */
+        if ($Trigger(preg_match('~(?:^|[/?])\.?npmrc(?:$|[/?])~', $LCNrURI), 'Probing for exposed NPM configuration file')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for exposed NPM configuration file.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.13
+
+        /** Probing for exposed Composer configuration file. */
+        if ($Trigger(preg_match('~(?:^|[/?])composer\.json(?:$|[/?])~', $LCNrURI), 'Probing for exposed Composer configuration file')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for exposed Composer configuration file.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.13
+
+        /** Probing for exposed Composer lock file. */
+        if ($Trigger(preg_match('~(?:^|[/?])composer\.lock(?:$|[/?])~', $LCNrURI), 'Probing for exposed Composer lock file')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for exposed Composer lock file.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.13
+
+        /** Probing for exposed Composer OAuth keys. */
+        if ($Trigger(preg_match('~(?:^|[/?])\.?co(?:mposer/auth\.json|nfig/composer)(?:$|[/?])~', $LCNrURI), 'Probing for exposed Composer OAuth keys')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for exposed Composer OAuth keys.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.13
+
+        /** Probing for exposed Bundler/Ruby lock file. */
+        if ($Trigger(preg_match('~(?:^|[/?])gemfile\.lock(?:$|[/?])~', $LCNrURI), 'Probing for exposed Bundler/Ruby lock file')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for exposed Bundler/Ruby lock file.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.13
+
+        /** Probing for exposed Pipenv/Python lock file. */
+        if ($Trigger(preg_match('~(?:^|[/?])pipfile\.lock(?:$|[/?])~', $LCNrURI), 'Probing for exposed Pipenv/Python lock file')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for exposed Pipenv/Python lock file.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.13
+
+        /** Probing for exposed Eclipse configuration file. */
+        if ($Trigger(preg_match('~(?:^|[/?])\.settings(?:$|[/?])~', $LCNrURI), 'Probing for exposed Eclipse configuration file')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for exposed Eclipse configuration file.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.13
+
+        /** Probing for exposed Docker image. */
+        if ($Trigger(preg_match('~(?:^|[/?])\.?dockerfile(?:$|[/?])~', $LCNrURI), 'Probing for exposed Docker image')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for exposed Docker image.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.13
+
+        /** Probing for exposed Gradle configuration file. */
+        if ($Trigger(preg_match('~(?:^|[/?])build\.gradle(?:$|[/?])~', $LCNrURI), 'Probing for exposed Gradle configuration file')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for exposed Gradle configuration file.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.13
+
+        /** Probing for exposed PHP configuration file. */
+        if ($Trigger(preg_match('~(?:^|[/?])php\d?\.ini(?:$|[/?])~', $LCNrURI), 'Probing for exposed PHP configuration file')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for exposed PHP configuration file.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.13
+
+        /** Probing for exposed Laravel/OpenCart error logs. */
+        if ($Trigger(preg_match('~(?:^|[/?])storage/logs/error\.log(?:$|[/?])~', $LCNrURI), 'Probing for exposed Laravel/OpenCart error logs')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for exposed Laravel/OpenCart error logs.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.13
+
+        /** Probing for exposed Apache logs. */
+        if ($Trigger(preg_match('~(?:^|[/?])var/log/httpd(?:$|[/?])~', $LCNrURI), 'Probing for exposed Apache logs')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for exposed Apache logs.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.13
+
+        /** Probing for exposed Nginx logs. */
+        if ($Trigger(preg_match('~(?:^|[/?])var/log/nginx(?:$|[/?])~', $LCNrURI), 'Probing for exposed Nginx logs')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for exposed Nginx logs.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.13
+
+        /** Probing for exposed error logs. */
+        if ($Trigger(preg_match('~(?:^|[/?])(?:tmp/errors[._]log|php_error_log)(?:$|[/?])~', $LCNrURI), 'Probing for exposed error logs')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for exposed error logs.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.13
     }
 
     /**

modules/modules.dat

@@ -144,7 +144,7 @@ module_abuseipdb.php:
 module_badhosts.php:
  Name: "Bad hosts blocker module"
  False Positive Risk: "Medium"
- Version: "2025.208.0"
+ Version: "2025.224.0"
  Dependencies:
   PHP: "^5.4|^7|^8"
   CIDRAM Core: "^1.13.1|^2.0.1"
@@ -156,7 +156,7 @@ module_badhosts.php:
   To:
    - "module_badhosts.php"
   Checksum:
-   - "cba13c69d7f2b58e617bb85ab0c6d4295481e62081e0eac6457f8a443510bf3d:9295"
+   - "0e829dbe57d7df97baee6c1764789059135e3ea3556db178d163486bff11316b:9327"
  Used with: "modules"
  Reannotate: "modules.dat"
 module_badtlds.php:
@@ -239,7 +239,7 @@ module_cookies.php:
 module_extras.php:
  Name: "Optional security extras module"
  False Positive Risk: "Medium"
- Version: "2025.221.0"
+ Version: "2025.224.0"
  Dependencies:
   PHP: "^5.4|^7|^8"
   CIDRAM Core: "^1.13.1|^2.0.1"
@@ -254,7 +254,7 @@ module_extras.php:
    - "module_extras.php"
    - "module_extras.yaml"
   Checksum:
-   - "c38fbbb9051b7fbef34c00e67700075039035bc290fc837dc0c53e83bc16fa40:41938"
+   - "8d8d054847eeca00640708ecf8acf8b193a9c9a74b0d105e0c67d108f4855836:47550"
    - "7b891d1fa4b1c52c410220bc758e8cb7064bd6040430fb149a5b60e9ae2e0838:890"
  Used with: "modules"
  Reannotate: "modules.dat"