Linux-Server-Management-Toolkit

cschantz/Linux-Server-Management-Toolkit

Files

T

cschantz dd163f6db1 Fix ET Open detection display in live monitor + add more webshell signatures

Issues fixed:
1. ET detection was running but not displaying results
   - Detection was happening but only stored in intelligence DB
   - Display was showing old attack detection instead
   - Now shows ET detection with 🛡️ icon and attack types
   - Shows rate anomaly score with 🌊 icon when elevated

2. Added more webshell signatures:
   - alfa/alfa-rex/alfanew (Alfa Team shells)
   - mini.php, phpspy, antichat, idx, indoxploit
   - Suspicious PHP files in wrong locations (admin.php in wp-includes, etc.)

Display format changes:
- Old: [01:25:35] 194.5.82.127 | Score:100 [CRITICAL] | ❓85 | /alfa-rex.php
- New: [01:25:35] 194.5.82.127 | Score:100 [CRITICAL] | 🛡️ET:WEBSHELL,TRAVERSAL | /alfa-rex.php

Features:
- Uses ET score if higher than legacy score
- Shows both ET detection and legacy detection when appropriate
- Rate flooding adds to combined score
- Auto-blocks at combined score ≥90

Tested:
- alfa-rex.php: Score 100, WEBSHELL detected ✅
- admin.php: Score 100, WEBSHELL detected ✅
- ws.php7: Score 95, UPLOAD detected ✅
- All syntax validated ✅

2025-12-13 02:18:54 -05:00

attack-patterns.sh

FIX: Add missing is_valid_ip function for IP blocking validation

2025-12-02 16:44:15 -05:00

attack-signatures.sh

Fix ET Open detection display in live monitor + add more webshell signatures

2025-12-13 02:18:54 -05:00

bot-signatures.sh

Security Intelligence Suite - Complete Overhaul

2025-11-13 23:01:13 -05:00

common-functions.sh

Add parameter validation to 6 more functions + QA improvements