File Manager
Upload
Current Directory: /home/lartcid/public_html/journal.lartc.id
[Back]
..
[Open]
Hapus
Rename
.htaccess
[Edit]
Hapus
Rename
.well-known
[Open]
Hapus
Rename
README.md
[Edit]
Hapus
Rename
api
[Open]
Hapus
Rename
cache
[Open]
Hapus
Rename
cgi-bin
[Open]
Hapus
Rename
classes
[Open]
Hapus
Rename
config.TEMPLATE.inc.php
[Edit]
Hapus
Rename
config.inc.php
[Edit]
Hapus
Rename
controllers
[Open]
Hapus
Rename
cypress.json
[Edit]
Hapus
Rename
dbscripts
[Open]
Hapus
Rename
docs
[Open]
Hapus
Rename
error_log
[Edit]
Hapus
Rename
favicon.ico
[Edit]
Hapus
Rename
index.php
[Edit]
Hapus
Rename
js
[Open]
Hapus
Rename
lib
[Open]
Hapus
Rename
locale
[Open]
Hapus
Rename
mini.php
[Edit]
Hapus
Rename
pages
[Open]
Hapus
Rename
php.ini
[Edit]
Hapus
Rename
plugins
[Open]
Hapus
Rename
public
[Open]
Hapus
Rename
registry
[Open]
Hapus
Rename
scheduledTaskLogs
[Open]
Hapus
Rename
schemas
[Open]
Hapus
Rename
styles
[Open]
Hapus
Rename
templates
[Open]
Hapus
Rename
tools
[Open]
Hapus
Rename
Edit File
# --------------------------------------------------------------- # Imunify360 ModSecurity Rules # Copyright (C) 2022 CloudLinux Inc All right reserved # The Imunify360 ModSecurity Rules is distributed under # IMUNIFY360 LICENSE AGREEMENT # Please see the enclosed IM360-LICENSE.txt file for full details. # --------------------------------------------------------------- # DEFA-5206 SecRule REQUEST_COOKIES:/wordpress_logged_in_/ "@rx ^([^\|]+)\|" "id:77350142,chain,phase:2,log,severity:5,t:none,t:urlDecode,capture,setvar:tx.log_cookie_name=%{TX.1},msg:'IM360 WAF: WordPress compromised account login prevention with cookie||WPU:%{TX.log_cookie_name}||Hash:%{tx.log_cookie_sha}||User:%{SCRIPT_USERNAME}||T:APACHE||',redirect:%{SESSION.redirect_link},tag:'service_i360'" SecRule REQUEST_URI "!@contains /wp-login.php" "chain,t:none" SecRule TX:log_cookie_name "!@rx ^$" "chain,t:none,t:sha1,t:hexEncode,capture,setvar:tx.log_cookie_sha=%{MATCHED_VAR},initcol:session=%{MATCHED_VAR}.%{REQUEST_HEADERS.host}" SecRule &SESSION:compromised_cookies "@gt 0" "chain,t:none" SecRule REQUEST_COOKIES:/wordpress_logged_in_/ "@streq %{SESSION.compromised_cookies}" "t:none,t:urlDecode,setvar:session.timeout=172800" SecRule REQUEST_METHOD "@rx POST" "id:77350143,chain,phase:2,log,severity:5,t:none,msg:'IM360 WAF: WordPress compromised account login prevention||WPU:%{ARGS.log}||Hash:%{tx.log_sha}||User:%{SCRIPT_USERNAME}||T:APACHE||',redirect:https://imunify-alert.com/compromised.html?SN=%{SERVER_NAME}&SP=%{SERVER_PORT}&RFR=%{REQUEST_HEADERS.Referer}&URI=%{REQUEST_URI}&cms_name=wordpress&version=1,tag:'service_i360',tag:'im360_req_post'" SecRule REQUEST_FILENAME "@contains /wp-login.php" "chain,t:none" SecRule ARGS:log "!@rx ^$" "chain,t:none,t:urlDecode,t:sha1,t:hexEncode,capture,setvar:tx.log_sha=%{MATCHED_VAR},initcol:session=%{MATCHED_VAR}.%{REQUEST_HEADERS.host}" SecRule &SESSION:compromised_cookies "@gt 0" "chain,t:none" SecRule SESSION:compromised_hash "!@rx ^$|\[_\]" "chain,t:none" SecRule ARGS:pwd "@streq %{SESSION.compromised_hash}" "t:none,capture,t:sha1,t:hexEncode,setvar:session.timeout=172800" SecRule REQUEST_METHOD "@rx POST" "id:77350144,chain,phase:3,log,severity:5,t:none,msg:'IM360 WAF: WordPress compromised account login prevention with RBL||WPU:%{ARGS.log}||Hash:%{tx.log_sha}||User:%{SCRIPT_USERNAME}||T:APACHE||',redirect:https://imunify-alert.com/compromised.html?SN=%{SERVER_NAME}&SP=%{SERVER_PORT}&RFR=%{REQUEST_HEADERS.Referer}&URI=%{REQUEST_URI}&cms_name=wordpress&version=1,tag:'im360_req_post',tag:'service_i360'" SecRule REQUEST_FILENAME "@contains /wp-login.php" "chain,t:none" SecRule RESPONSE_STATUS "@rx ^302$" "chain,t:none" SecRule ARGS:log "!@rx ^$" "chain,t:none,t:urlDecode,capture,t:sha1,t:hexEncode,setvar:tx.log_sha=%{MATCHED_VAR},setvar:tx.compromised_user=%{MATCHED_VAR}.%{REQUEST_HEADERS.host},initcol:session=%{tx.compromised_user}" SecRule &SESSION:compromised_cookies "@eq 0" "chain,t:none,setvar:tx.rbl_perf=1" SecRule TX:compromised_user "@rbl wp-compromised.v2.rbl.imunify.com." "chain,t:none" SecRule TX:compromised_user "!@rbl nxdomain.v2.rbl.imunify.com." "chain,t:none" SecRule RESPONSE_HEADERS:set-cookie "@rx wordpress_logged_in_[^=]+=([^;]+);" "chain,t:none,t:urlDecode,capture,setvar:tx.auth_cookie=%{TX.1},setvar:session.compromised_cookies=%{TX.auth_cookie}" SecRule ARGS:pwd "!@rx ^$" "t:none,t:sha1,t:hexEncode,capture,setvar:session.compromised_hash=%{MATCHED_VAR},setvar:session.redirect_link=https://imunify-alert.com/compromised.html?SN=%{SERVER_NAME}&SP=%{SERVER_PORT}&RFR=%{REQUEST_HEADERS.Referer}&URI=%{REQUEST_URI}&cms_name=wordpress&version=1,setvar:session.timeout=172800" SecRule REQUEST_METHOD "@rx POST" "id:77350145,chain,phase:3,pass,log,severity:5,t:none,msg:'IM360 WAF: WordPress compromised account successfull password reset||WPU:%{tx.log_cookie_name}||Hash:%{tx.log_cookie_sha}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'im360_req_post',tag:'service_i360',tag:'noshow'" SecRule REQUEST_FILENAME "@contains /wp-login.php" "chain,t:none" SecRule RESPONSE_STATUS "@rx ^20" "chain,t:none" SecRule ARGS:action "@streq resetpass" "chain,t:none" SecRule REQUEST_COOKIES:/wp-resetpass-/ "@rx ^([^:]+):" "chain,t:none,t:urlDecode,capture,setvar:tx.log_cookie_name=%{TX.1}" SecRule TX:log_cookie_name "!@rx ^$" "chain,t:none,t:urlDecode,t:sha1,t:hexEncode,capture,setvar:tx.log_cookie_sha=%{MATCHED_VAR},initcol:session=%{MATCHED_VAR}.%{REQUEST_HEADERS.host}" SecRule SESSION:compromised_hash "!@rx ^$|\[_\]" "chain,t:none" SecRule REQUEST_HEADERS:Referer "@contains /wp-login.php?action=rp" "t:none,t:normalizePath,setvar:session.compromised_hash=[_],setvar:session.compromised_cookies=[_],setvar:session.timeout=172800" SecRule REQUEST_METHOD "@rx POST" "id:77350146,chain,phase:3,pass,log,severity:5,t:none,msg:'IM360 WAF: WordPress compromised account password changed||WPU:%{ARGS.log}||Hash:%{tx.log_cookie_sha}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'im360_req_post',tag:'service_i360',tag:'noshow'" SecRule REQUEST_FILENAME "@contains /wp-login.php" "chain,t:none" SecRule RESPONSE_HEADERS:set-cookie "@rx wordpress_logged_in_[^=]+=([^;]+);" "chain,t:none,t:urlDecode" SecRule ARGS:log "!@rx ^$" "chain,t:none,t:urlDecode,t:sha1,t:hexEncode,capture,setvar:tx.log_cookie_sha=%{MATCHED_VAR},initcol:session=%{MATCHED_VAR}.%{REQUEST_HEADERS.host}" SecRule SESSION:compromised_hash "!@rx ^$|\[_\]" "chain,t:none" SecRule SESSION:compromised_hash "!@streq %{ARGS:pwd}" "t:none,t:sha1,t:hexEncode,capture,setvar:session.compromised_hash=[_],setvar:session.compromised_cookies=[_],setvar:session.timeout=172800" SecRule REQUEST_METHOD "@rx POST" "id:77350156,chain,phase:5,pass,log,severity:5,t:none,msg:'IM360 WAF: WordPress account successfull password reset||WPU:%{tx.log_cookie_name}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'im360_req_post',tag:'service_i360',tag:'noshow'" SecRule REQUEST_FILENAME "@contains /wp-login.php" "chain,t:none" SecRule ARGS:action "@streq resetpass" "chain,t:none" SecRule RESPONSE_STATUS "@rx ^20" "chain,t:none" SecRule REQUEST_HEADERS:Referer "@contains /wp-login.php?action=rp" "chain,t:none,t:normalizePath" SecRule REQUEST_COOKIES:/wp-resetpass-/ "@rx ^([^:]+):" "t:none,t:urlDecode,capture,setvar:tx.log_cookie_name=%{TX.1}"
Simpan