Modules update.

Author: Maikuolan

modules/module_botua.php

@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: Bot user agents module (last modified: 2025.07.26).
+ * This file: Bot user agents module (last modified: 2025.07.27).
  *
  * False positive risk (an approximate, rough estimate only): « [ ]Low [x]Medium [ ]High »
  */
@@ -230,12 +230,12 @@
         '^(?:[aim]$|(?!linkedinbot).*http-?(?:agent|client))|-xpanse|' .
         'a(?:bonti|ccserver|cme.spider|dreview/\d|jbaxy|nthill$|nyevent-http|ppengine|xios)|' .
         'b(?:igbozz|itsight|lackbird|logsearch|logbot|salsa)|' .
-        'c(?:astlebot|atexplorador|k=\{\}|lickagy|liqzbot|ms-?checker|ontextad|orporama|ortex/\d|rowsnest|yberpatrol)|' .
+        'c(?:astlebot|atexplorador|cleaner|k=\{\}|lickagy|liqzbot|ms-?checker|ontextad|orporama|ortex/\d|rowsnest|yberpatrol)|' .
         'd(?:eepfield|le_spider|nbcrawler|omainappender|umprendertree)|' .
         'expanse|' .
         'f(?:lightdeckreportsbot|luid/|orms\.gle)|' .
         'g(?:atheranalyzeprovide|enomecrawler|dnplus|imme60|lobalipv[46]space|ooglebenjojo|tbdfffgtb.?$)|' .
-        'infrawatch|internetcensus|ips-agent|isitwp|' .
+        'i(?:nfrawatch|nternet(?:census|measurement)|ps-agent|sitwp)|' .
         'k2spider|kemvi|' .
         'l(?:9scan|eak(?:\.info|ix)|exxebot|ivelapbot|wp)|' .
         'm(?:acinroyprivacyauditors|etaintelligence|ultipletimes)|' .
@@ -253,7 +253,7 @@
     ) || preg_match(
         '~^Mozilla/5\.0( [A-Za-z]{2,5}/0\..)?$~',
         $CIDRAM['BlockInfo']['UA']
-    ), 'Unauthorised'); // 2023.09.15 mod 2025.07.24
+    ), 'Unauthorised'); // 2023.09.15 mod 2025.07.27
 
     if ($Trigger(preg_match('~ivre-|masscan~', $UANoSpace), 'Port scanner and synflood tool detected')) {
         $CIDRAM['Reporter']->report([14, 15, 19], ['MASSCAN port scanner and synflood tool detected.'], $CIDRAM['BlockInfo']['IPAddr']);
@@ -294,12 +294,12 @@
     } // 2017.02.25
 
     if ($Trigger(preg_match(
-        '~foregenix|modat|nuclei|isscyberrisk|projectdiscovery|sslyze|threatview~',
-        $UA
+        '~authorizedsecurity|foregenix|modat|nuclei|isscyberrisk|projectdiscovery|securityscanner|sslyze|threatview~',
+        $UANoSpace
     ), 'Unauthorised vulnerability scanner detected')) {
         $CIDRAM['Reporter']->report([15, 19, 21], ['Unauthorised vulnerability scanner detected.'], $CIDRAM['BlockInfo']['IPAddr']);
         $CIDRAM['Tracking options override'] = 'extended';
-    } // 2023.06.16 mod 2025.07.24
+    } // 2023.06.16 mod 2025.07.27
 
     $Trigger(preg_match('~^python/|aiohttp/|\.post0~', $UANoSpace), 'Bad context (Python/AIO clients not permitted here)'); // 2021.05.18
 

modules/module_extras.php

@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: Optional security extras module (last modified: 2025.07.26).
+ * This file: Optional security extras module (last modified: 2025.07.27).
  *
  * False positive risk (an approximate, rough estimate only): « [ ]Low [x]Medium [ ]High »
  */
@@ -158,7 +158,6 @@
 
         /** Probing for common vulnerabilities and exploits. */
         if (
-            $Trigger(preg_match('~/wp-json/wp/v2/users(?:$|[/?])~', $LCNrURI), $Exploit = 'CVE-2017-5487') || // 2025.07.21
             $Trigger(preg_match('~/fckeditor/editor/filemanager(?:$|[/?])~', $LCNrURI), $Exploit = 'FCKeditor') || // 2025.07.20
             $Trigger(preg_match('~/modules/mod_simplefileuploadv1\.3/elements(?:$|[/?])~', $LCNrURI), $Exploit = 'CVE-2011-5148') || // 2025.07.20
             $Trigger(preg_match('~/ecp/current/exporttool/microsoft.exchange.ediscovery.exporttool.application(?:$|[/?])~', $LCNrURI), $Exploit = 'CVE-2021-28481') || // 2025.07.17
@@ -272,9 +271,9 @@
         } // 2024.05.02 mod 2025.03.18
 
         /** Probing for env file. */
-        if ($Trigger(preg_match('~(?:^|[/?=])(?:config)?\.env(?:\.(?:example|local|production|save))?(?:$|[/?])~', $LCNrURI), 'Probing for env file')) {
+        if ($Trigger(preg_match('~(?:^|[/?=])(?:config)?\.env(?:\.[\da-z]+)?(?:$|[/?])~', $LCNrURI), 'Probing for env file')) {
             $CIDRAM['Reporter']->report([15, 21], ['Caught probing for env file.'], $CIDRAM['BlockInfo']['IPAddr']);
-        } // 2025.03.18 mod 2025.05.24
+        } // 2025.03.18 mod 2025.07.27
 
         /** Attempts by broken bot to incorrectly access ReCaptcha files (treating reference to remote resource as local). */
         $Trigger(preg_match('~/www\.google\.com/recaptcha/api\.js(?:$|[/?])~', $LCNrURI), 'Bad request'); // 2025.03.03
@@ -283,6 +282,9 @@
             $CIDRAM['Reporter']->report([15], ['Misconfigured bot caught trying to scrape WordPress media libraries.'], $CIDRAM['BlockInfo']['IPAddr']);
         } // 2015.07.12
 
+        $Trigger(preg_match('~/(?:appsettings|config)\.json(?:$|[/?])~', $LCNrURI), 'Unauthorised'); // 2025.07.27
+        $Trigger(preg_match('~/\.htaccess(?:$|[/?])~', $LCNrURI), 'Unauthorised'); // 2025.07.27
+        $Trigger(preg_match('~/docker-compose\.yml(?:$|[/?])~', $LCNrURI), 'Unauthorised'); // 2025.07.27
         $Trigger(preg_match('~/phpunit/phpunit\.xsd(?:$|[/?])~', $LCNrURI), 'Unauthorised'); // 2025.07.16
     }
 

modules/modules.dat

@@ -203,7 +203,7 @@ module_bgpview.php:
 module_botua.php:
  Name: "Bot user agents module"
  False Positive Risk: "Medium"
- Version: "2025.206.0"
+ Version: "2025.207.0"
  Dependencies:
   PHP: "^5.4|^7|^8"
   CIDRAM Core: "^1.13.1|^2.0.1"
@@ -215,7 +215,7 @@ module_botua.php:
   To:
    - "module_botua.php"
   Checksum:
-   - "1fa1879055a4a4979e2c10942b713ff89faf3c258469a8e53ddfced3e7a49d1a:27309"
+   - "1de96dd6d157e6f84df90511f45bfd1c246781a33a8a16c431ba4428c2d4a59e:27376"
  Used with: "modules"
  Reannotate: "modules.dat"
 module_cookies.php:
@@ -239,7 +239,7 @@ module_cookies.php:
 module_extras.php:
  Name: "Optional security extras module"
  False Positive Risk: "Medium"
- Version: "2025.206.0"
+ Version: "2025.207.0"
  Dependencies:
   PHP: "^5.4|^7|^8"
   CIDRAM Core: "^1.13.1|^2.0.1"
@@ -254,7 +254,7 @@ module_extras.php:
    - "module_extras.php"
    - "module_extras.yaml"
   Checksum:
-   - "6d6a37ede295ce4562f3e0e40dded87945086e76f19a0be740c800e9570cdc90:38097"
+   - "3a90191df4328cc170636f18f08cbdc1db936a175f95e1015ed89fa241b6b1a2:38266"
    - "7b891d1fa4b1c52c410220bc758e8cb7064bd6040430fb149a5b60e9ae2e0838:890"
  Used with: "modules"
  Reannotate: "modules.dat"