Extras module update.

Author: Maikuolan

modules/module_extras.php

@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: Optional security extras module (last modified: 2025.07.31).
+ * This file: Optional security extras module (last modified: 2025.08.02).
  *
  * False positive risk (an approximate, rough estimate only): « [ ]Low [x]Medium [ ]High »
  */
@@ -273,15 +273,25 @@
             $CIDRAM['Reporter']->report([15, 21], ['Caught probing for vulnerable webapps.'], $CIDRAM['BlockInfo']['IPAddr']);
         } // 2022.06.05 mod 2025.07.17
 
-        /** Probing for sendgrid env file. */
-        if ($Trigger(preg_match('~(?:^|[/?])sendgrid\.env(?:$|[/?])~', $LCNrURI), 'Probing for sendgrid env file')) {
-            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for sendgrid env file.'], $CIDRAM['BlockInfo']['IPAddr']);
-        } // 2024.05.02 mod 2025.03.18
+        /** Probing for SendGrid env file. */
+        if ($Trigger(preg_match('~(?:^|[/?])sendgrid\.env(?:$|[/?])~', $LCNrURI), 'Probing for SendGrid env file')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for SendGrid env file.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2024.05.02 mod 2025.08.02
+
+        /** Probing for Twilio env file. */
+        if ($Trigger(preg_match('~(?:^|[/?])twilio\.env(?:$|[/?])~', $LCNrURI), 'Probing for Twilio env file')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for Twilio env file.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.02
 
         /** Probing for env file. */
-        if ($Trigger(preg_match('~(?:^|[/?=])(?:config)?\.env(?:\.[\da-z]+)?(?:$|[/?])~', $LCNrURI), 'Probing for env file')) {
+        if ($Trigger(preg_match('~(?:^|[/?=])(?:config|secrets?)?\.env(?:\.[\da-z]+)?(?:$|[/?])~', $LCNrURI), 'Probing for env file')) {
             $CIDRAM['Reporter']->report([15, 21], ['Caught probing for env file.'], $CIDRAM['BlockInfo']['IPAddr']);
-        } // 2025.03.18 mod 2025.07.27
+        } // 2025.03.18 mod 2025.08.02
+
+        /** Probing for unsecured configuration file. */
+        if ($Trigger(preg_match('~(?:^|/)\.?config.ya?ml(?:$|[/?])~', $LCNrURI), 'Probing for unsecured configuration file')) {
+            $CIDRAM['Reporter']->report([15, 21], ['Caught probing for unsecured configuration file.'], $CIDRAM['BlockInfo']['IPAddr']);
+        } // 2025.08.02
 
         /** Attempts by broken bot to incorrectly access ReCaptcha files (treating reference to remote resource as local). */
         $Trigger(preg_match('~/www\.google\.com/recaptcha/api\.js(?:$|[/?])~', $LCNrURI), 'Bad request'); // 2025.03.03

modules/modules.dat

@@ -239,7 +239,7 @@ module_cookies.php:
 module_extras.php:
  Name: "Optional security extras module"
  False Positive Risk: "Medium"
- Version: "2025.211.0"
+ Version: "2025.213.0"
  Dependencies:
   PHP: "^5.4|^7|^8"
   CIDRAM Core: "^1.13.1|^2.0.1"
@@ -254,7 +254,7 @@ module_extras.php:
    - "module_extras.php"
    - "module_extras.yaml"
   Checksum:
-   - "a6f44b14b43039ce2fe6f8eae2a48dabad59c7ae5db87717298fd229a444eb0c:38917"
+   - "c4cfc84c3c21bce81ebe9657bcc4c395673977a102fd7ef81a83e58ca723a894:39580"
    - "7b891d1fa4b1c52c410220bc758e8cb7064bd6040430fb149a5b60e9ae2e0838:890"
  Used with: "modules"
  Reannotate: "modules.dat"