Modules update.

Maikuolan · Maikuolan · commit 923d5fda3fe6 · 2025-11-06T11:51:55.000+08:00
diff --git a/modules/module_botua.php b/modules/module_botua.php
@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: Bot user agents module (last modified: 2025.10.31).
+ * This file: Bot user agents module (last modified: 2025.11.06).
  *
  * False positive risk (an approximate, rough estimate only): « [ ]Low [x]Medium [ ]High »
  */
@@ -114,7 +114,7 @@
         'in(?:cest|come|vestment)|' .
         'jailbreak|' .
         'kamagra|keylog|' .
-        'l(?:axative|esbian|evitra|exap|i(?:ker\.profile|nk(?:ba|che)ck|pitor)|olita|uxury|ycosa\.se)|' .
+        'l(?:axative|esbian|evitra|exap|i(?:ker\.profile|nkback|pitor)|olita|uxury|ycosa\.se)|' .
         'm(?:ail\.ru|e(?:laleuca|nthol)|ixrank|rie8pack)|' .
         'n(?:erdybot|etzcheckbot|eurontin|olvadex)|' .
         'orgasm|outlet|' .
@@ -128,7 +128,7 @@
         'xanax|' .
         'zdorov~',
         $UANoSpace
-    ) || preg_match('~^go +\d|movable type|msie ?(?:\d{3,}|[2-9]\d|[0-8]\.)| (audit|href|mra |quibids )|\\(build 5339\\)~i', $UA), 'Spam UA'); // 2022.07.09 mod 2024.08.27
+    ) || preg_match('~^go +\d|movable type|msie ?(?:\d{3,}|[2-9]\d|[0-8]\.)| (audit|href|mra |quibids )|\\(build 5339\\)~i', $UA), 'Spam UA'); // 2022.07.09 mod 2025.11.06
 
     $Trigger(preg_match('/[\'"`]\+[\'"`]/', $UANoSpace), 'XSS attack'); // 2017.01.03
     $Trigger(strpos($UANoSpace, '`') !== false, 'Execution attempt'); // 2017.01.13
@@ -152,7 +152,7 @@
         '~^(?:wp-iphone$|\'?test|-|default|foo)|_sitemapper|3mir|' .
         'a(?:boundex|dmantx|dnormcrawler|dvbot|lphaserver|thens|ttache)|' .
         'blekko|blogsnowbot|' .
-        'cmscrawler|co(?:ccoc|llect|modo-webinspector-crawler|mpspy)|crawler(?:4j|\.feedback)|' .
+        'cmscrawler|co(?:ccoc|llect|modo-webinspector-crawler|mpspy)|crawler\.feedback|' .
         'd(?:atacha|igout4uagent|ioscout|kimrepbot|sarobot)|' .
         'easou|exabot|' .
         'f(?:astenterprisecrawler|astlwspider|ind?bot|indlinks|loodgate|r[_-]?crawler)|' .
@@ -167,7 +167,7 @@
         'user-agent|visaduhoc|vonchimpenfurlr|webtarantula|wolf|' .
         'y(?:acy|isouspider|[ry]spider|unrang|unyun)|zoominfobot~',
         $UANoSpace
-    ) || strpos($UA, '   ') !== false, 'Banned UA'); // 2021.07.08 mod 2025.07.24
+    ) || strpos($UA, '   ') !== false, 'Banned UA'); // 2021.07.08 mod 2025.11.06
 
     if (!$Trigger((
         preg_match('~^python-requests/2\.27~', $UANoSpace) &&
@@ -192,7 +192,6 @@
         'e(?:(?:na|uro|xperi)bot|nvolk|stimatewebstats|vaal|zoom)|' .
         'f(?:dm|etch(?:er.0|or)|ibgen)|' .
         'g(?:alaxydownloads|et(?:download\.ws|ty|url11)|slfbot|umgum|urujibot)|' .
-        'h(?:arvest|eritrix|olmes|ttp(?:fetcher|unit)|ttrack)|' .
         'i(?:mage(?:.fetcher|walker)|linkscrawler|nagist|ndocom|nfluencebot|track)|jakarta|jike|' .
         'k(?:eywenbot|eywordsearchtool|imengi|kman)|' .
         'l(?:abjs\.pro|arbin|ink(?:dex|walker)|iperhey|(?:t|ush)bot)|' .
@@ -208,7 +207,7 @@
         'w(?:arebay|auuu|bsearchbot|eb(?:alta|capture|download|mastercoffee|meup|ripper)|ikio|indows(?:3|seven)|ise-guys|khtmlto|orldbot|otbox)|' .
         'yoofind~',
         $UANoSpace
-    ), 'Backlink/SEO/Scraper UA'); // 2022.09.19 mod 2025.07.24
+    ), 'Backlink/SEO/Scraper UA'); // 2022.09.19 mod 2025.11.06
 
     $Trigger(preg_match('~zombiebot~', $UANoSpace), 'Backlink/SEO'); // 2025.07.26
 
@@ -226,9 +225,9 @@
     ), 'Malware UA'); // 2017.04.23
 
     $Trigger(preg_match(
-        '~\.buzz|(?<!amazona)dbot/|(?:\W|^)(?:cu|pe)rl(?:\W|$)|#boss#|' .
+        '~\.buzz|(?<!amazona)dbot/|(?:\W|^)(?:curl|libwww|perl)(?:\W|$)|#boss#|' .
         '^(?:[aim]$|(?!linkedinbot).*http-?(?:agent|client))|-xpanse|' .
-        'a(?:bonti|ccserver|cme.spider|dreview/\d|jbaxy|nthill$|nyevent-http|ppengine|xios)|' .
+        'a(?:bonti|ccserver|cme.spider|dreview/\d|jbaxy|nthill$|nyevent-http|ppengine)|' .
         'b(?:igbozz|itsight|lackbird|logsearch|logbot|salsa)|' .
         'c(?:astlebot|atexplorador|cleaner|k=\{\}|lickagy|liqzbot|ms-?checker|ontextad|orporama|ortex/\d|rowsnest|yberpatrol)|' .
         'd(?:eepfield|le_spider|nbcrawler|omainappender|ummyconnection|umprendertree)|' .
@@ -241,7 +240,7 @@
         'm(?:acinroyprivacyauditors|etaintelligence|ultipletimes)|' .
         'n(?:etcraft|ettrapport|icebot|mapscriptingengine|rsbot)|' .
         'ontheinternet|' .
-        'p(?:4bot|4load|acrawler|ageglimpse|aloalto(?:company|network)|andalytics|arsijoo|egasusmonitoring|hantomjs|hpcrawl|ingdom|rlog)|' .
+        'p(?:4bot|4load|acrawler|ageglimpse|aloalto(?:company|network)|andalytics|arsijoo|egasusmonitoring|hantomjs|hpcrawl|ingdom|rlog|ython-httpx)|' .
         'r(?:arelyused|obo(?:cop|spider)|yze)|' .
         's(?:/got|can\.lol|can(?:ner|info)|creener|eekport|itedomain|mut|nap(?:preview)?bot|oapclient|ocial(?:ayer|searcher)|oso|pyglass|quider|treetbot|ynapse)|' .
         't(?:omba|weezler|ryghost)|' .
@@ -254,7 +253,7 @@
     ) || preg_match(
         '~^Mozilla/5\.0( [A-Za-z]{2,5}/0\..)?$~',
         $CIDRAM['BlockInfo']['UA']
-    ), 'Unauthorised'); // 2023.09.15 mod 2025.10.31
+    ), 'Unauthorised'); // 2023.09.15 mod 2025.11.06
 
     if ($Trigger(preg_match('~ivre-|masscan~', $UANoSpace), 'Port scanner and synflood tool detected')) {
         $CIDRAM['Reporter']->report([14, 15, 19], ['MASSCAN port scanner and synflood tool detected.'], $CIDRAM['BlockInfo']['IPAddr']);
@@ -319,32 +318,35 @@
     } // 2022.05.08
 
     if ($Trigger(preg_match(
-        '~80legs|' .
-        'a(?:dbar|i2bot|ihitbot|i.?searchbot|liyun|ndibot|nonymous-?coward|wario)|' .
-        'b(?:anana-?bot|edrockbot|ot-?test|rands-?bot|rightbot|ytespider)|' .
-        'c(?:asperbot|cbot|hinaclaw|lark-?crawler|ohere-)|' .
+        '~^http_get|2bone|80legs|' .
+        'a(?:dbar|i2bot|ihitbot|i.?searchbot|liyun|ndibot|nonymous-?coward|wario|xios)|' .
+        'b(?:anana-?bot|edrockbot|ot-?test|rands-?bot|rightbot|rings_?you|ytespider)|' .
+        'c(?:asperbot|cbot|hinaclaw|lark-?crawler|ohere-|rawler4j)|' .
         'd(?:atenbank|eep-?research|iffbot)|' .
         'echobo[tx]|' .
         'f(?:idget-?spinner-?bot|irecrawl|lyriver|riendly-?(?:crawler|spider))|' .
-        'i(?:askspider|magesift|mg2dataset)|' .
+        'h(?:arvest|eritrix|tt(?:pfetcher|punit|rack))|' .
+        'i(?:askspider|magesift|mg2dataset|p_address)|' .
         'jaddjabot|' .
         'k(?:angaroobot|eys-?so-?bot)|' .
+        'l(?:9explore|ink(?:check|fluence))|' .
         'm(?:amac(?:asper|yber)|istral|ozilla/0|ycentralai)|' .
         'n(?:etestate|ovaact)|' .
         'o(?:mgili|rbbot)|' .
-        'p(?:angubot|anscient|erplexity|hindbot|hxbot|oseidon|ublicwebcrawler)|' .
+        'p(?:angubot|anscient|erplexity|hindbot|hxbot|lease_?block|oseidon|ublicwebcrawler)|' .
         'q(?:ualifiedbot|uillbot)|' .
         'research.?crawler|' .
         's(?:bintuition|crap[ey]|idetrade|p(?:hi|y)der|torm-?crawler|ummalybot)|' .
-        't(?:est-?bot|heknowledgeai|hesis-?research-?bot|hinkchaos|impi|iny-?(?:bot|test)|rafilatura)|' .
+        't(?:est[-_]?(?:bot|phase)|heknowledgeai|hesis-?research-?bot|hink(?:bot|chaos)|impi|iny-?(?:bot|test)|rafilatura)|' .
         'velenpublic|' .
-        'w(?:ardbot|ebzio|hatstuffwherebot|inhttp)|' .
+        'w(?:ardbot|ebsite[-_]?scraper|ebzio|hatstuffwherebot|inhttp)|' .
         'xtractorpro|' .
+        'yak/|' .
         'z(?:ephuli-?bot|grab)~',
         $UANoSpace
     ), 'Scraper UA')) {
         $CIDRAM['Tracking options override'] = 'extended';
-    } // 2023.11.17 mod 2025.10.31
+    } // 2023.11.17 mod 2025.11.06
 
     $Trigger(preg_match('~ct‑git‑scanner/~i', $CIDRAM['BlockInfo']['UA']), 'Unauthorised Git scanner'); // 2025.07.05
 
diff --git a/modules/module_extras.php b/modules/module_extras.php
@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: Optional security extras module (last modified: 2025.09.22).
+ * This file: Optional security extras module (last modified: 2025.11.06).
  *
  * False positive risk (an approximate, rough estimate only): « [ ]Low [x]Medium [ ]High »
  */
@@ -155,7 +155,7 @@
             $Trigger(preg_match('~(?:^|[/?])modules/mod_simplefileuploadv1\.3/elements(?:$|[/?])~', $LCNrURI), $Exploit = 'CVE-2011-5148') || // 2025.07.20 mod 2025.08.07
             $Trigger(preg_match('~(?:^|[/?])ecp/current/exporttool/microsoft.exchange.ediscovery.exporttool.application(?:$|[/?])~', $LCNrURI), $Exploit = 'CVE-2021-28481') || // 2025.07.17 mod 2025.08.07
             $Trigger(preg_match('~(?:^|[/?])util/php/eval-stdin\.php[57]?(?:$|[/?])~', $LCNrURI), $Exploit = 'CVE-2017-9841') || // 2025.07.16 mod 2025.08.07
-            $Trigger(preg_match('~(?:^|[/?])elfinder/php/connector\.php[57]?(?:$|[/?])~', $LCNrURI), $Exploit = 'elFinder') || // 2025.07.07 mod 2025.08.07 (possible matches: CVE-2019-1010178, CVE-2020-25213, CVE-2020-35235, CVE-2021-32682)
+            $Trigger(preg_match('~(?:^|[/?])elfinder/php/connector(?:\.minimal)?\.php[57]?(?:$|[/?])~', $LCNrURI), $Exploit = 'elFinder') || // 2025.07.07 mod 2025.11.06 (possible matches: CVE-2019-1010178, CVE-2020-25213, CVE-2020-35235, CVE-2021-32682)
             $Trigger(preg_match('~(?:^|[/?])tinymce/plugins/filemanager/dialog\.php[57]?(?:$|[/?])~', $LCNrURI), $Exploit = 'TinyMCE Filemanager') || // 2025.07.07 mod 2025.08.07
             $Trigger(preg_match('~(?:^|[/?])civicrm/packages/openflashchart/php-ofc-library/ofc_upload_image\.php[57]?(?:$|[/?])~', $LCNrURI), $Exploit = 'CIVI-SA-2013-001') || // 2025.07.05 mod 2025.08.07
             $Trigger(preg_match('~(?:^|[/?])library/openflashchart/php-ofc-library/ofc_upload_image\.php[57]?(?:$|[/?])~', $LCNrURI), $Exploit = 'ZSL-2013-5126') || // 2025.07.10 mod 2025.08.07
diff --git a/modules/modules.dat b/modules/modules.dat
@@ -184,7 +184,7 @@ module_bgpview.php:
 module_botua.php:
  Name: "Bot user agents module"
  False Positive Risk: "Medium"
- Version: "2025.303.0"
+ Version: "2025.309.0"
  Dependencies:
   PHP: "^5.4|^7|^8"
   CIDRAM Core: "^1.13.1|^2.0.1"
@@ -196,7 +196,7 @@ module_botua.php:
   To:
    - "module_botua.php"
   Checksum:
-   - "d053438d67738b7d8ad0882397edc479e47bdab149b79b272325f0892fbb13c2:27487"
+   - "2d264e4ec2f91c56b9289d79d92844ddd46df8b761a3d9b24d1e50c9ad9b6eb3:27651"
  Used with: "modules"
  Reannotate: "modules.dat"
 module_cookies.php:
@@ -220,7 +220,7 @@ module_cookies.php:
 module_extras.php:
  Name: "Optional security extras module"
  False Positive Risk: "Medium"
- Version: "2025.264.0"
+ Version: "2025.309.0"
  Dependencies:
   PHP: "^5.4|^7|^8"
   CIDRAM Core: "^1.13.1|^2.0.1"
@@ -235,7 +235,7 @@ module_extras.php:
    - "module_extras.php"
    - "module_extras.yaml"
   Checksum:
-   - "6e4e646a3270d63fb802e48cdfe141dbbfb18748114d0931e7623d12166387f9:53994"
+   - "9845128add9806bea517f63bf6a5df57f430be3c890e3f14385009fff47acd37:54008"
    - "7b891d1fa4b1c52c410220bc758e8cb7064bd6040430fb149a5b60e9ae2e0838:890"
  Used with: "modules"
  Reannotate: "modules.dat"
