File Manager
Upload
Current Directory: /home/lartcid/public_html/journal.lartc.id
[Back]
..
[Open]
Hapus
Rename
.htaccess
[Edit]
Hapus
Rename
.well-known
[Open]
Hapus
Rename
README.md
[Edit]
Hapus
Rename
api
[Open]
Hapus
Rename
cache
[Open]
Hapus
Rename
cgi-bin
[Open]
Hapus
Rename
classes
[Open]
Hapus
Rename
config.TEMPLATE.inc.php
[Edit]
Hapus
Rename
config.inc.php
[Edit]
Hapus
Rename
controllers
[Open]
Hapus
Rename
cypress.json
[Edit]
Hapus
Rename
dbscripts
[Open]
Hapus
Rename
docs
[Open]
Hapus
Rename
error_log
[Edit]
Hapus
Rename
favicon.ico
[Edit]
Hapus
Rename
index.php
[Edit]
Hapus
Rename
js
[Open]
Hapus
Rename
lib
[Open]
Hapus
Rename
locale
[Open]
Hapus
Rename
mini.php
[Edit]
Hapus
Rename
pages
[Open]
Hapus
Rename
php.ini
[Edit]
Hapus
Rename
plugins
[Open]
Hapus
Rename
public
[Open]
Hapus
Rename
registry
[Open]
Hapus
Rename
scheduledTaskLogs
[Open]
Hapus
Rename
schemas
[Open]
Hapus
Rename
styles
[Open]
Hapus
Rename
templates
[Open]
Hapus
Rename
tools
[Open]
Hapus
Rename
Edit File
# --------------------------------------------------------------- # Imunify360 ModSecurity Rules # Copyright (C) 2021 CloudLinux Inc All right reserved # The Imunify360 ModSecurity Rules is distributed under # IMUNIFY360 LICENSE AGREEMENT # Please see the enclosed IM360-LICENSE.txt file for full details. # --------------------------------------------------------------- SecRule REQUEST_METHOD "!@rx ^POST$" "id:77111110,phase:2,pass,severity:5,t:none,nolog,skipAfter:Marker_Mlw_Sigs,tag:'noshow'" # <LocationMatch "^(/wp-admin/admin-ajax.php)|(/wp-content/plugins/wp-conns.php)|(/wp-load.php)|(/asfewfefs.php)|(/pages/createpage-entervariables.action)|(/bps.php)|(/wp-content/themes/twentysixteen/404.php)|(/cache/s_noeval.php)|(/imdex.php)|(/wp-admin/maint/log.php)|(/wpcache.php)|(/cod.php)|(/pols.php)|(/wp-content/themes/twentythirteen/404.php)|(/wp-content/plugins/upgrade-network.php)|(/system/logs/seo_script.php)|(/wp-includes/class.wp-times.php)|(/plus/mytag_js.php)|(/wp-comments-post.php)|(/log.php)|(/index.php)|(/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php)|(/codules.php)|(/api/graphql)|(/wp-destertion.php)|(/yt.php)|(/dbtunneling.php)|(/mtsalishlah/gateway1.php)|(/plus/ad_js.php)|(/plus/moon.php)|(/search.php)|(/wp-admin/post.php)|(/gaia/dumt.php)|(/ip-engineering.php)|(/mytag_js.php)|(/wp-content/plugins/translatepress-multilingual/includes/trp-ajax.php)|(/link-whatsapp-wapiku-monitoring-outbox-api.api)|(/maccms/index.php)|(/appointmentform.php)|(/wp/wp-load.php)|(/plus/laobiao.php)|(/data/cache/asd.php)|(/wp-admin/options-general.php)|(/userup/jian.php)|(/media/index1.php)|(/yjh.php)|(/api_kartlar_bakiyesi_toplam)|(/search)|(/shop/wp-load.php)|(/flink/hgxn.php)|(/wp-content/plugins/easyrotator-for-wordpress/b.php)|(/wp-content/plugins/apikey/data.php)|(/wp-content/plugins/apikey/wp-destertion.php)|(/wp-content/plugins/all-in-one-seo-pack/admin/display/display.php)|(/data/dede.php)|(/wp-content/plugins/caches.php)|(/wp-admin/ms-admin.php)|(/erp/baralapi/Model_api/getSqlData)|(/mytag_j.php)|(/ghfhvvaw.php)|(/allimg/xm.php)|(/apkzube/apps/compiler/python3.php)|(/nelson/wp-load.php)|(/plug/vote/vote_SettingFun.asp)|(/wp-includes/js/tinymce/plugins/wpview/diff.php)|(/indax.php)|(/wulv.php)|(/9x.php)|(/wp-includes/class.wp-depen.php)|(/config_desktop_app/index.php/niagait/proses_data)|(/wp-content/plugins/apikey/standart.php)|(/standart.php)|(/01.php)|(/plus/mytag_j.php)|(/wp-content/mu-plugins/db-safe-mode.php)|(/data.php)|(/file/nett.php)|(/engines/phptemplate/yt.php)|(/wp-includes/Requests/Hooker.php)|(/indoxd.php)|(/phpMyRest/)|(/secureconnectwebservice5/SecureConnect.asmx)|(/wp-admin/admin.php)|(/convert/data/config.inc.php)|(/members/makepage.php)|(/AspCms_Config.asp)|(/fdgq.php)|(/wp-booking.php)|(/DA.asp)|(/inc/AspCms_AdvJs.asp)|(/Lib/Think/Util/CacheFlle.class.php)|(/php)|(/paylog.php)|(/caches_model/caches_data/member_fy.class.php)"> # -------------- # 266a78d5 # SMW-INJ-18008-js.spam.redi-16 # \bif\((\w{1,9})===undefined\)\{var\h*\1=\w{1,9}[,;][^\)]{0,19}\bfunction\(\)\h*\{\h*(?:var|this)\b[^\v\*\|\^#%]{199,999}\b(?:createElement\([\'"]script[\'"]\)|HttpClient\(\))[^\n\r\f\*\|\^#]{99,499}[\{\}]\h*return[^}]{1,40}\}[;\}\(\)]{1,9}(\s|\Z) SecRule REQUEST_METHOD "@rx ^POST$" "id:77111111,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-18008-js.spam.redi-16||T:APACHE||'" SecRule ARGS "@rx (?im)\bif\((\w{1,9})===undefined\)\{var\h*\1=\w{1,9}[,;][^\)]{0,19}\bfunction\(\)\h*\{\h*(?:var|this)\b[^\v\*\|\^#%]{199,999}\b(?:createElement\([\'\x22]script[\'\x22]\)|HttpClient\(\))[^\n\r\f\*\|\^#]{99,499}[\{\}]\h*return[^}]{1,40}\}[;\}\(\)]{1,9}(\s|\Z)" "t:none" # -------------- # 6be80f32 # SMW-INJ-19274-js.spam-3 # \bvar\h+(\w{1,15})\h*=\h*document\.createElement\((String\.FromCharCode\()[\d,]+\)\);\s*\1\.type\h*=\h*\2[\d,]+\);\s*\1\.src\h*=\h*\2[\d,]+\);\s*\1[^\}]{9,299}\.appendChild\(\1\); SecRule REQUEST_METHOD "@rx ^POST$" "id:77111112,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-19274-js.spam-3||T:APACHE||'" SecRule ARGS "@rx (?im)\bvar\h+(\w{1,15})\h*=\h*document\.createElement\((String\.FromCharCode\()[\d,]+\)\);\s*\1\.type\h*=\h*\2[\d,]+\);\s*\1\.src\h*=\h*\2[\d,]+\);\s*\1[^\}]{9,299}\.appendChild\(\1\);" "t:none" # -------------- # da32ad4b # SMW-INJ-12809-php.bkdr.wpvcd-12 # \$\w{1,40}\s*=\s*\d{1,10};\s*\$GLOBALS\[['"](\w{1,40})['"]\]\s*=\s*Array\(\);\s*global\s*\$\1;[^\176]{9,199}[^;]{0,49};\$\1\[['"]\w+['"]\]\h*=\h*\$_[GPRSC]\w{2,6};[^\{]{1,499}\{\s*define\s*\(\s*['"]ALREADY_RUN_\w*['"]\s*,\s*\d\s*\);[^`]{99,999}eval[^\}]{1,40}\}\s*(?:exit|die)[\s\(\)\};\d]{5,19} SecRule REQUEST_METHOD "@rx ^POST$" "id:77111113,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-12809-php.bkdr.wpvcd-12||T:APACHE||'" SecRule ARGS "@rx (?im)\$\w{1,40}\s*=\s*\d{1,10};\s*\$GLOBALS\[['\x22](\w{1,40})['\x22]\]\s*=\s*Array\(\);\s*global\s*\$\1;[^\176]{9,199}[^;]{0,49};\$\1\[['\x22]\w+['\x22]\]\h*=\h*\$_[GPRSC]\w{2,6};[^\{]{1,499}\{\s*define\s*\(\s*['\x22]ALREADY_RUN_\w*['\x22]\s*,\s*\d\s*\);[^`]{99,999}eval[^\}]{1,40}\}\s*(?:exit|die)[\s\(\)\};\d]{5,19}" "t:none" # -------------- # 897a77a3 # SMW-INJ-03790-php.bkdr.wshll-10 # (<\?php\s)[^\$\{]{0,199}\bif\s*\(\s*(?:isset|empty)\s*\(\s*\$_[GPRSC]\w{2,6}\h*\[[^\]]+\][^\}\{;]{1,99}\{[^\{\}]{0,99}@?[sape](?:val|ssert|ystem|hell_exec|xec|open|assthru)\s*\((?:\s*(?:base64_decode|str_rot13|urldecode)\s*\(){0,5}\s*\$_[GPRSC]\w{2,6}\h*\[[^\]]+\][^;]{1,99};[^\}%&\?\{\[\]]{0,99}\};? SecRule REQUEST_METHOD "@rx ^POST$" "id:77111114,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-03790-php.bkdr.wshll-10||T:APACHE||'" SecRule ARGS "@rx (?im)(<\?php\s)[^\$\{]{0,199}\bif\s*\(\s*(?:isset|empty)\s*\(\s*\$_[GPRSC]\w{2,6}\h*\[[^\]]+\][^\}\{;]{1,99}\{[^\{\}]{0,99}@?[sape](?:val|ssert|ystem|hell_exec|xec|open|assthru)\s*\((?:\s*(?:base64_decode|str_rot13|urldecode)\s*\(){0,5}\s*\$_[GPRSC]\w{2,6}\h*\[[^\]]+\][^;]{1,99};[^\}%&\?\{\[\]]{0,99}\};?" "t:none" # -------------- # 6d063026 # SMW-INJ-18648-php.spam.drwy-5 # \bif[\s\(]+strstr[\(\s]+(\$\w{1,40})[,\s]+['"]\w{1,9}map\w*['"][\)\s]+\{\s*\$\w{1,40}[\s=]+dirname[\(\s]+\1[\)\s]+;[^=]{1,999}\bif[\s\(]+strstr[\(\s]+\1[,\s]+['"]\.[xh]t?ml['"][^#]{9,6999}\bif[\s\(]+\$_[GPRSC]\w{2,6}\h*\[[^\]]+\][^;\{\}]+\{\s*echo\b[^;]+\1[^;]+;[^\}]{0,499}\}\s*@?\w{1,40}[\h\(]+[^;]+\1[^;]+; SecRule REQUEST_METHOD "@rx ^POST$" "id:77111115,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-18648-php.spam.drwy-5||T:APACHE||'" SecRule ARGS "@rx (?im)\bif[\s\(]+strstr[\(\s]+(\$\w{1,40})[,\s]+['\x22]\w{1,9}map\w*['\x22][\)\s]+\{\s*\$\w{1,40}[\s=]+dirname[\(\s]+\1[\)\s]+;[^=]{1,999}\bif[\s\(]+strstr[\(\s]+\1[,\s]+['\x22]\.[xh]t?ml['\x22][^#]{9,6999}\bif[\s\(]+\$_[GPRSC]\w{2,6}\h*\[[^\]]+\][^;\{\}]+\{\s*echo\b[^;]+\1[^;]+;[^\}]{0,499}\}\s*@?\w{1,40}[\h\(]+[^;]+\1[^;]+;" "t:none" # -------------- # 6d8288f6 # SMW-INJ-03431-php.bkdr.eval.oneliner-25 # <\?(?:php|=)?(?:[^\$<>\?\}\+'"]{1,299})?@?\b[sape](?:val|ssert|ystem|hell_exec|xec|open|assthru)\s*(?:/\*[^\*]{0,4999}\*/\s*)?\((?:\s*(?:base64_decode|gzinflate|gzuncompress|str_rot13)\s*\(){0,5}\h*['"]?\$_[GPRSC]\w{2,6}\h*\[[^\]]+\]['";]?\h*\)[^\?]{0,49}(?:\?>|\Z) SecRule REQUEST_METHOD "@rx ^POST$" "id:77111116,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-03431-php.bkdr.eval.oneliner-25||T:APACHE||'" SecRule ARGS "@rx (?im)<\?(?:php|=)?(?:[^\$<>\?\}\+'\x22]{1,299})?@?\b[sape](?:val|ssert|ystem|hell_exec|xec|open|assthru)\s*(?:/\*[^\*]{0,4999}\*/\s*)?\((?:\s*(?:base64_decode|gzinflate|gzuncompress|str_rot13)\s*\(){0,5}\h*['\x22]?\$_[GPRSC]\w{2,6}\h*\[[^\]]+\]['\x22;]?\h*\)[^\?]{0,49}(?:\?>|\Z)" "t:none" # -------------- # 5a9e11d3 # SMW-INJ-16270-js.spam.redi-10 # <(script)[^>]{0,40}>\s*atOptions\h*=\h*\{[^;]{1,250}\};\s*document\.write\(\\?['"]<[^>]{1,150}/\w{32}/invoke\.js\\?['"][^\)]{0,25}\);\s*</\1> SecRule REQUEST_METHOD "@rx ^POST$" "id:77111117,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-16270-js.spam.redi-10||T:APACHE||'" SecRule ARGS "@rx (?im)<(script)[^>]{0,40}>\s*atOptions\h*=\h*\{[^;]{1,250}\};\s*document\.write\(\\?['\x22]<[^>]{1,150}/\w{32}/invoke\.js\\?['\x22][^\)]{0,25}\);\s*</\1>" "t:none" # -------------- # 6f6e2506 # SMW-INJ-17738-js.spam.redi-9 # <(script)[^>]*>[^\(]{0,99}\((function)\(\)\s*\{\s*var\h+\w{32}=['"][^'"]+['"];\s*var\h+\w{1,4}=\[(?:['"][^'"]{1,150}['"],?){15,30}\];\s*\(\2\(\w,\w\)\s*\{\s*var\h+\w=\2\(\w\)\s*\{\s*while\([^\.]{90,200}\b\2\(\)[^\{]+\{\}\.constructor\([^\n\t_`]{999,1800};\w(?:\[\w\([^;]+\)\]){2}\([^\}]+\}\h*;\w(\(\);)\s*\}\)\3[^<]{0,99}</\1>(\s*<[^d]) SecRule REQUEST_METHOD "@rx ^POST$" "id:77111118,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-17738-js.spam.redi-9||T:APACHE||'" SecRule ARGS "@rx (?im)<(script)[^>]*>[^\(]{0,99}\((function)\(\)\s*\{\s*var\h+\w{32}=['\x22][^'\x22]+['\x22];\s*var\h+\w{1,4}=\[(?:['\x22][^'\x22]{1,150}['\x22],?){15,30}\];\s*\(\2\(\w,\w\)\s*\{\s*var\h+\w=\2\(\w\)\s*\{\s*while\([^\.]{90,200}\b\2\(\)[^\{]+\{\}\.constructor\([^\n\t_`]{999,1800};\w(?:\[\w\([^;]+\)\]){2}\([^\}]+\}\h*;\w(\(\);)\s*\}\)\3[^<]{0,99}</\1>(\s*<[^d])" "t:none" # -------------- # 5d16b67f # SMW-INJ-15535-php.bkdr.incl.wpnull24-3 # \bif[\h\(]+(file)(_exists)[\h\(]+(\$\w{1,40})\h*=\h*(dirname)[\h\(]+(__\1__)[\h\)\.]+DIRECTORY_SEPARATOR[\h\)\.'"]+basename[\h\(]+\4[\h\(]+\5[\h\)\.]+['"]\.php['"][\h\)]+\D{2,3}[\h!]+class\2[\h\(]+['"]WPTemplatesOptions['"][\)\s]+\{\s*[ir][ne][cq][lu][ui][dr]e(?:_once)?\h*[\('"]{1,3}\3[\)'"]{1,3}\h*;\s*\} SecRule REQUEST_METHOD "@rx ^POST$" "id:77111119,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-15535-php.bkdr.incl.wpnull24-3||T:APACHE||'" SecRule ARGS "@rx (?im)\bif[\h\(]+(file)(_exists)[\h\(]+(\$\w{1,40})\h*=\h*(dirname)[\h\(]+(__\1__)[\h\)\.]+DIRECTORY_SEPARATOR[\h\)\.'\x22]+basename[\h\(]+\4[\h\(]+\5[\h\)\.]+['\x22]\.php['\x22][\h\)]+\D{2,3}[\h!]+class\2[\h\(]+['\x22]WPTemplatesOptions['\x22][\)\s]+\{\s*[ir][ne][cq][lu][ui][dr]e(?:_once)?\h*[\('\x22]{1,3}\3[\)'\x22]{1,3}\h*;\s*\}" "t:none" # -------------- # c08cb6b6 # SMW-INJ-16402-js.spam.redi-20 # <(script)[^>\.:]{1,60}\bsrc\h*=\h*['"][^'"]{1,60}/(?:\w{2}/){3}\w{32}\.js['"]></\1> SecRule REQUEST_METHOD "@rx ^POST$" "id:77111120,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-16402-js.spam.redi-20||T:APACHE||'" SecRule ARGS "@rx (?im)<(script)[^>\.:]{1,60}\bsrc\h*=\h*['\x22][^'\x22]{1,60}/(?:\w{2}/){3}\w{32}\.js['\x22]></\1>" "t:none" # -------------- # 6190d168 # SMW-INJ-18269-php.spam-5 # \A\s*<\?php\s*\$blocks\[['"](\w{1,49})-\w[^\]]{0,99}\]\h*=\h*array\(['"]\1[^\n]{299,4999}\b(?:redito\.net|go\-links\.org)/\w{1,15}['"]\);\s*\?> SecRule REQUEST_METHOD "@rx ^POST$" "id:77111121,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-18269-php.spam-5||T:APACHE||'" SecRule ARGS "@rx (?im)\A\s*<\?php\s*\$blocks\[['\x22](\w{1,49})-\w[^\]]{0,99}\]\h*=\h*array\(['\x22]\1[^\n]{299,4999}\b(?:redito\.net|go\-links\.org)/\w{1,15}['\x22]\);\s*\?>" "t:none" # -------------- # c560046d # SMW-INJ-16935-php.tool.incl-5 # \bif\h*\(\h*file_exists\h*\(\h*(((?:plugin_dir_path)\h*\(\h*__file__\h*\)|get_template_directory\h*\(\h*\))\h*\.\h*['"]/\.['"]\h*\.\h*basename\h*\(\h*\2\h*\)\h*\.\h*['"]\.php['"])\h*\)\h*\)\s*\{\s*(?:includ|requir)e(?:_once)?\h*(?:\(\h*)?\1\h*(?:\)\h*)?;\s*\} SecRule REQUEST_METHOD "@rx ^POST$" "id:77111122,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-16935-php.tool.incl-5||T:APACHE||'" SecRule ARGS "@rx (?im)\bif\h*\(\h*file_exists\h*\(\h*(((?:plugin_dir_path)\h*\(\h*__file__\h*\)|get_template_directory\h*\(\h*\))\h*\.\h*['\x22]/\.['\x22]\h*\.\h*basename\h*\(\h*\2\h*\)\h*\.\h*['\x22]\.php['\x22])\h*\)\h*\)\s*\{\s*(?:includ|requir)e(?:_once)?\h*(?:\(\h*)?\1\h*(?:\)\h*)?;\s*\}" "t:none" # -------------- # 93f30aad # SMW-INJ-04270-htcss.spam.drwy-7 # \bRewriteEngine\h+On\s*RewriteRule\s+\^\(\.\*\),\(\.\*\)\$\h+\$2\.php\?rewrite_params=\$1&page_url=\$2 SecRule REQUEST_METHOD "@rx ^POST$" "id:77111123,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-04270-htcss.spam.drwy-7||T:APACHE||'" SecRule ARGS "@rx (?im)\bRewriteEngine\h+On\s*RewriteRule\s+\^\(\.\*\),\(\.\*\)\$\h+\$2\.php\?rewrite_params=\$1&page_url=\$2" "t:none" # -------------- # 7ffca2d2 # SMW-INJ-17921-js.spam-5 # <(script)[^>]{0,99}\bsrc\h*=\h*['"](?:https?:)?//js\.users\.51\.la/\d+\.js['"]></\1> SecRule REQUEST_METHOD "@rx ^POST$" "id:77111124,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-17921-js.spam-5||T:APACHE||'" SecRule ARGS "@rx (?im)<(script)[^>]{0,99}\bsrc\h*=\h*['\x22](?:https?:)?//js\.users\.51\.la/\d+\.js['\x22]></\1>" "t:none" # -------------- # 190d4de9 # SMW-INJ-17896-js.spam.redi-1 # <(script)[^>]{0,40}>\s*function\h*(getCookie)\(\w\)\s*\{\s*var\h*\w\h*=\h*(document)\.[^>]{0,499},\h*(\w{1,9})\h*=\h*\2\(['"]redirect['"]\);\s*if\(\h*now\h*\D{2,3}\h*\(\h*time\h*=\h*\4[^\}]{9,199}\b\3\.write\(['"]<\1\h*src[^\}]{0,49}\}\s*</\1> SecRule REQUEST_METHOD "@rx ^POST$" "id:77111125,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-17896-js.spam.redi-1||T:APACHE||'" SecRule ARGS "@rx (?im)<(script)[^>]{0,40}>\s*function\h*(getCookie)\(\w\)\s*\{\s*var\h*\w\h*=\h*(document)\.[^>]{0,499},\h*(\w{1,9})\h*=\h*\2\(['\x22]redirect['\x22]\);\s*if\(\h*now\h*\D{2,3}\h*\(\h*time\h*=\h*\4[^\}]{9,199}\b\3\.write\(['\x22]<\1\h*src[^\}]{0,49}\}\s*</\1>" "t:none" # -------------- # edb93273 # SMW-INJ-17945-html.spam.gen-14 # <script\b[^>]{0,99}\bsrc=\\?['"]?(?:https?:)?//[^/'"\s]{1,49}/(?:ntfc|apu)\.php\?(?:p|zoneid)=\d{7}\b[^>]{1,199}>\s*<\\?/script> SecRule REQUEST_METHOD "@rx ^POST$" "id:77111126,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-17945-html.spam.gen-14||T:APACHE||'" SecRule ARGS "@rx (?im)<script\b[^>]{0,99}\bsrc=\\?['\x22]?(?:https?:)?//[^/'\x22\s]{1,49}/(?:ntfc|apu)\.php\?(?:p|zoneid)=\d{7}\b[^>]{1,199}>\s*<\\?/script>" "t:none" # -------------- # 2e36b374 # SMW-INJ-18755-html.spam.seo-2 # ((>)\s*document\.write[\s\(]+['"]<)(\w{1,9})\b[^>]{0,99}\bstyle=['"][^'"]{0,99}\b(?:[tblr](?:op|eft|ight|ottom)[\h:]+\-?\d{4,}px|display[\h:]+none|[hw](?:eight|idth)[\h:]+[012]px|visibility[\h:]+hidden)\b[^>]{0,99}>[\s'"]+\);?\s*(</(script)>)\s*(?:<a\b[^>]+>[^</]{0,99}</a>\s*){3,}<\5\b[^>]+\1/\3>['"]\s*\);?\4 SecRule REQUEST_METHOD "@rx ^POST$" "id:77111127,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-18755-html.spam.seo-2||T:APACHE||'" SecRule ARGS "@rx (?im)((>)\s*document\.write[\s\(]+['\x22]<)(\w{1,9})\b[^>]{0,99}\bstyle=['\x22][^'\x22]{0,99}\b(?:[tblr](?:op|eft|ight|ottom)[\h:]+\-?\d{4,}px|display[\h:]+none|[hw](?:eight|idth)[\h:]+[012]px|visibility[\h:]+hidden)\b[^>]{0,99}>[\s'\x22]+\);?\s*(</(script)>)\s*(?:<a\b[^>]+>[^</]{0,99}</a>\s*){3,}<\5\b[^>]+\1/\3>['\x22]\s*\);?\4" "t:none" # -------------- # 03f00044 # SMW-INJ-15453-js.spam.redi-4 # <(script)\h*src=['"]https?://[^\.]{0,15}\.bro\.kim/[^'"]{1,50}\.js['"]></\1> SecRule REQUEST_METHOD "@rx ^POST$" "id:77111128,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-15453-js.spam.redi-4||T:APACHE||'" SecRule ARGS "@rx (?im)<(script)\h*src=['\x22]https?://[^\.]{0,15}\.bro\.kim/[^'\x22]{1,50}\.js['\x22]></\1>" "t:none" # -------------- # dac96e34 # SMW-INJ-14070-php.bkdr-9 # (<\?php\s)[^@\?]{0,99}(\$\w{1,40})\h*=\h*str_i?replace\h*\(['"][^;\)]{1,99}\)\h*;\s*@?\2\h*\(\h*\$_[GPRSC]\w{2,6}\h*\[[^\]]+\]\h*\)(?:\s*;)? SecRule REQUEST_METHOD "@rx ^POST$" "id:77111129,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-14070-php.bkdr-9||T:APACHE||'" SecRule ARGS "@rx (?im)(<\?php\s)[^@\?]{0,99}(\$\w{1,40})\h*=\h*str_i?replace\h*\(['\x22][^;\)]{1,99}\)\h*;\s*@?\2\h*\(\h*\$_[GPRSC]\w{2,6}\h*\[[^\]]+\]\h*\)(?:\s*;)?" "t:none" # -------------- # 790b931b # SMW-INJ-12444-php.bkdr-7 # if\s*\(\s*\$_[GPRSC]\w{2,6}\s*\[[^\]]+\]\s*\)\s*\{\s*@?(?:eval|assert|system|shell_exec|exec|popen|passthru)\s*\(\s*\$_[GPRSC]\w{2,6}\s*\[[^\]]+\]\s*\)(?:\s*;)?(?:\s*(?:exit|die)\b[^;]{0,9};)?\s*\} SecRule REQUEST_METHOD "@rx ^POST$" "id:77111130,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-12444-php.bkdr-7||T:APACHE||'" SecRule ARGS "@rx (?im)if\s*\(\s*\$_[GPRSC]\w{2,6}\s*\[[^\]]+\]\s*\)\s*\{\s*@?(?:eval|assert|system|shell_exec|exec|popen|passthru)\s*\(\s*\$_[GPRSC]\w{2,6}\s*\[[^\]]+\]\s*\)(?:\s*;)?(?:\s*(?:exit|die)\b[^;]{0,9};)?\s*\}" "t:none" # -------------- # 2fb447a5 # SMW-INJ-06044-php.bkdr.wpvcd-10 # <\?php\s+if[ ]*\([ ]*file_exists[ ]*\([ ]*(dirname[ ]*\([ ]*__FILE__[ ]*\)[ ]*\.[ ]*['"]/class\.(?:theme|plugin)-modules\.php)['"][ ]*\)[ ]*\)[ ]*include_once[ ]*\([ ]*\1['"][ ]*\)[ ]*;[ ]*\?>\s*(<\?php\s) SecRule REQUEST_METHOD "@rx ^POST$" "id:77111131,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-06044-php.bkdr.wpvcd-10||T:APACHE||'" SecRule ARGS "@rx (?im)<\?php\s+if[ ]*\([ ]*file_exists[ ]*\([ ]*(dirname[ ]*\([ ]*__FILE__[ ]*\)[ ]*\.[ ]*['\x22]/class\.(?:theme|plugin)-modules\.php)['\x22][ ]*\)[ ]*\)[ ]*include_once[ ]*\([ ]*\1['\x22][ ]*\)[ ]*;[ ]*\?>\s*(<\?php\s)" "t:none" # -------------- # a74a95b5 # SMW-INJ-05662-php.bkdr.eitest-11 # <\?php\s*\$[a-z]{4,15}\s*=\s*['"][^\v]{5000,11000}['"];\s*\$\w{1,40}\h*=\h*explode\h*\(\h*chr\s*\([^\?]{999,3000};\s*(\$[a-z]{4,15})\h*=\h*\(\h*\d+\h*\-\h*\d+\h*\)\h*;\s*\$[a-z]{4,15}\h*=\h*\1\h*\-\h*1;\s*\?> SecRule REQUEST_METHOD "@rx ^POST$" "id:77111132,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-05662-php.bkdr.eitest-11||T:APACHE||'" SecRule ARGS "@rx (?im)<\?php\s*\$[a-z]{4,15}\s*=\s*['\x22][^\v]{5000,11000}['\x22];\s*\$\w{1,40}\h*=\h*explode\h*\(\h*chr\s*\([^\?]{999,3000};\s*(\$[a-z]{4,15})\h*=\h*\(\h*\d+\h*\-\h*\d+\h*\)\h*;\s*\$[a-z]{4,15}\h*=\h*\1\h*\-\h*1;\s*\?>" "t:none" # -------------- # 52fe8a64 # SMW-INJ-18831-js.spam.remote-1 # \bif\((\w{1,9})===undefined\)\{(var\h+)\w{1,9}=\[[^\]]{99,999}\];[^\v/<>:]{1,499};\2\1=true,HttpClient=function\([^\v/<>:]{499,1999};return\h+\w{1,9}\[(\w{1,40}\()['"]?0x\w\w?['"]?(\)\W)\3['"]?0x\w\w?['"]?\4[^\]]{0,9}\]\(\w\)[!=]{2,3}\W?['"]?0x\w\w?['"]?;[\};\(\)]{3,}\};(\s|\Z) SecRule REQUEST_METHOD "@rx ^POST$" "id:77111133,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-18831-js.spam.remote-1||T:APACHE||'" SecRule ARGS "@rx (?im)\bif\((\w{1,9})===undefined\)\{(var\h+)\w{1,9}=\[[^\]]{99,999}\];[^\v/<>:]{1,499};\2\1=true,HttpClient=function\([^\v/<>:]{499,1999};return\h+\w{1,9}\[(\w{1,40}\()['\x22]?0x\w\w?['\x22]?(\)\W)\3['\x22]?0x\w\w?['\x22]?\4[^\]]{0,9}\]\(\w\)[!=]{2,3}\W?['\x22]?0x\w\w?['\x22]?;[\};\(\)]{3,}\};(\s|\Z)" "t:none" # -------------- # 6f8d9999 # SMW-INJ-18440-js.spam-3 # \bvar\h*(_0x\w{1,9})\h*=\h*\[[^\]]+\];\h*(var)\h*(_0x\w{1,9})\h*=\h*(function)\([^\)]+\)\{(_0x\w{1,9})\h*=[^;]+;\h*\2\h*_0x\w{1,9}\h*=\h*\1\[\5\][^\n]{99,699}\b\4\h*(\w{1,15}\(\))\{\2\h*\w{1,9}\h*=\h*\3,[^\n]{99,2500}\b\6; SecRule REQUEST_METHOD "@rx ^POST$" "id:77111134,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-18440-js.spam-3||T:APACHE||'" SecRule ARGS "@rx (?im)\bvar\h*(_0x\w{1,9})\h*=\h*\[[^\]]+\];\h*(var)\h*(_0x\w{1,9})\h*=\h*(function)\([^\)]+\)\{(_0x\w{1,9})\h*=[^;]+;\h*\2\h*_0x\w{1,9}\h*=\h*\1\[\5\][^\n]{99,699}\b\4\h*(\w{1,15}\(\))\{\2\h*\w{1,9}\h*=\h*\3,[^\n]{99,2500}\b\6;" "t:none" # -------------- # 227f32c4 # SMW-INJ-17722-php.bkdr.exec-1 # \A\s*<\?(?:php)?\s+(?:@eval\h*\(\h*\$_[GPRSCH]\w{2,6}\[[^\]]+\]\h*\);\s*){2,4}(?:\?>\s*)?\Z SecRule REQUEST_METHOD "@rx ^POST$" "id:77111135,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-17722-php.bkdr.exec-1||T:APACHE||'" SecRule ARGS "@rx (?im)\A\s*<\?(?:php)?\s+(?:@eval\h*\(\h*\$_[GPRSCH]\w{2,6}\[[^\]]+\]\h*\);\s*){2,4}(?:\?>\s*)?\Z" "t:none" # -------------- # c417d36c # SMW-INJ-16073-js.spam-10 # <(script)>\s*\(\s*function\(\w,\w,\w,\w\)\h*\{[^\}]{9,99}\}\s*\)\s*\(\s*document\.createElement\(\h*['"]\1['"]\h*\)\h*,\h*['"]https?://iclickcdn\.com/[^'"]{1,15}\.js['"][^<]{1,99}</\1> SecRule REQUEST_METHOD "@rx ^POST$" "id:77111136,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-16073-js.spam-10||T:APACHE||'" SecRule ARGS "@rx (?im)<(script)>\s*\(\s*function\(\w,\w,\w,\w\)\h*\{[^\}]{9,99}\}\s*\)\s*\(\s*document\.createElement\(\h*['\x22]\1['\x22]\h*\)\h*,\h*['\x22]https?://iclickcdn\.com/[^'\x22]{1,15}\.js['\x22][^<]{1,99}</\1>" "t:none" # -------------- # 8444fbc5 # SMW-INJ-18887-php.bkdr-7 # (<\?php\s*)(?:(define)\h*\(['"]\w{1,20}['"]\h*,\h*['"][^'"]{32,64}['"]\);\s*){2}\2[^\?]{99,2499}(\$\w{1,9})[=\h]+str_replace\h*\(['"]/wp\-(?:includes|admin)['"]['"\h,]+(dirname\h*\(__FILE__\))\);[^\{\}\?]{9,199}\bchmod\h*\(\3([\h\.'"/]+authcode_copy)[^\?\{\}]{99,1499}copy\h*\(\4\5[^;]{1,199}; SecRule REQUEST_METHOD "@rx ^POST$" "id:77111137,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-18887-php.bkdr-7||T:APACHE||'" SecRule ARGS "@rx (?im)(<\?php\s*)(?:(define)\h*\(['\x22]\w{1,20}['\x22]\h*,\h*['\x22][^'\x22]{32,64}['\x22]\);\s*){2}\2[^\?]{99,2499}(\$\w{1,9})[=\h]+str_replace\h*\(['\x22]/wp\-(?:includes|admin)['\x22]['\x22\h,]+(dirname\h*\(__FILE__\))\);[^\{\}\?]{9,199}\bchmod\h*\(\3([\h\.'\x22/]+authcode_copy)[^\?\{\}]{99,1499}copy\h*\(\4\5[^;]{1,199};" "t:none" # -------------- # 8cf2b20c # SMW-INJ-03548-php.bkdr-12 # (<\?(?:php|=)?\s)\s*@?[ea](?:val|ssert)\s*\(\s*(?:@?(?:gz(?:inflate|uncompress)|base64_decode|str_rot13)\h*\(\h*){0,5}@?\$_[GPRSC]\w{2,6}\h*\[[^\]]+\][\s\)]+; SecRule REQUEST_METHOD "@rx ^POST$" "id:77111138,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-03548-php.bkdr-12||T:APACHE||'" SecRule ARGS "@rx (?im)(<\?(?:php|=)?\s)\s*@?[ea](?:val|ssert)\s*\(\s*(?:@?(?:gz(?:inflate|uncompress)|base64_decode|str_rot13)\h*\(\h*){0,5}@?\$_[GPRSC]\w{2,6}\h*\[[^\]]+\][\s\)]+;" "t:none" # -------------- # b3ece26f # SMW-INJ-12937-mlw.remote-2 # <\?php\s*function\s*(\w+)[^\{]+\{\s*(?:\$\w+\s*=\s*(?:(?:isset|trim)\(\$_[GPCSR]\w{2,6}\[[^\]]+\]\)\s*[\?:]\s*){2}['";\s]{4,8}){2}[^\{]{9,99}(\$\w+)\s*=\s*curl_exec\([^\{]{9,29}\{\s*file_put_contents\([^,]+,\s*\2\s*\);\s*\}[^\{]{9,49}\{\s*echo[^;]{1,19};[\}\s]{2,9}\1\(\);\s*\?> SecRule REQUEST_METHOD "@rx ^POST$" "id:77111139,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-12937-mlw.remote-2||T:APACHE||'" SecRule ARGS "@rx (?im)<\?php\s*function\s*(\w+)[^\{]+\{\s*(?:\$\w+\s*=\s*(?:(?:isset|trim)\(\$_[GPCSR]\w{2,6}\[[^\]]+\]\)\s*[\?:]\s*){2}['\x22;\s]{4,8}){2}[^\{]{9,99}(\$\w+)\s*=\s*curl_exec\([^\{]{9,29}\{\s*file_put_contents\([^,]+,\s*\2\s*\);\s*\}[^\{]{9,49}\{\s*echo[^;]{1,19};[\}\s]{2,9}\1\(\);\s*\?>" "t:none" # -------------- # 85dfcb37 # SMW-INJ-18355-php.bkdr.upldr-22 # \b(if[\(\h]+@?\$_[GPRSC]\w{2,6}\h*\[[^\]]+\]\h*\S{2,3}\h*['"]?(?:up\w{0,64}|real|go)['"]?[\)\s]+\{\s*if[\(\h]+@?)(?:copy|move_uploaded_file)([\(\h]+(\$_FILES\[)[^\]]+\]\[['"]tmp_name['"]\][\h,]+(?:\$_[GPRSC]\w{2,6}\h*\[[^\]]+\][\h\.]+)?\3[^,;]+[\)\s]+\{\s*(?:\$\w{1,40}\s*=[^;]{1,99};\s*)?echo\b[^;]+;\s*\}\s*else\s*\{\s*echo\b[^;]+;\s*\}\s*\}) SecRule REQUEST_METHOD "@rx ^POST$" "id:77111140,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-18355-php.bkdr.upldr-22||T:APACHE||'" SecRule ARGS "@rx (?im)\b(if[\(\h]+@?\$_[GPRSC]\w{2,6}\h*\[[^\]]+\]\h*\S{2,3}\h*['\x22]?(?:up\w{0,64}|real|go)['\x22]?[\)\s]+\{\s*if[\(\h]+@?)(?:copy|move_uploaded_file)([\(\h]+(\$_FILES\[)[^\]]+\]\[['\x22]tmp_name['\x22]\][\h,]+(?:\$_[GPRSC]\w{2,6}\h*\[[^\]]+\][\h\.]+)?\3[^,;]+[\)\s]+\{\s*(?:\$\w{1,40}\s*=[^;]{1,99};\s*)?echo\b[^;]+;\s*\}\s*else\s*\{\s*echo\b[^;]+;\s*\}\s*\})" "t:none" # -------------- # eaf5914d # SMW-INJ-18638-php.bkdr.wshll.remote-5 # \b(array)_map(\s*\(\s*['"](?:assert|eval)['"]\s*,[^;]{0,99}\$_[GPCSR]\w{2,6}\[[^;]{1,99};) SecRule REQUEST_METHOD "@rx ^POST$" "id:77111141,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-18638-php.bkdr.wshll.remote-5||T:APACHE||'" SecRule ARGS "@rx (?im)\b(array)_map(\s*\(\s*['\x22](?:assert|eval)['\x22]\s*,[^;]{0,99}\$_[GPCSR]\w{2,6}\[[^;]{1,99};)" "t:none" # -------------- # 3b196644 # SMW-INJ-17134-js.spam.redi-4 # <(script)\h*[^>]{0,60}src=['"](?:https?:)?//(?:\w{1,15}\.)?[^/\?]{2,20}/adServe/banners\?tid=[\d_]{2,20}[^>'"]{0,15}['"]>\s*</\1> SecRule REQUEST_METHOD "@rx ^POST$" "id:77111142,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-17134-js.spam.redi-4||T:APACHE||'" SecRule ARGS "@rx (?im)<(script)\h*[^>]{0,60}src=['\x22](?:https?:)?//(?:\w{1,15}\.)?[^/\?]{2,20}/adServe/banners\?tid=[\d_]{2,20}[^>'\x22]{0,15}['\x22]>\s*</\1>" "t:none" # -------------- # 53ed956a # SMW-INJ-18880-php.bkdr-3 # (\$\w{1,40})\h*=\h*count\h*\(\h*\$\w{1,40}\h*\)\h*[\+\-/%]\h*\d+\h*;\s*if\h*\(\h*!?\1[\s\)]+\{\s*(\$\w{1,40})\h*=\h*['"]?create_function['"]?\h*;\s*(\$\w{1,40})\h*=\h*\2\h*\(\h*(?:['"]{2}|null)\h*,\h*\$[^;]+;\s*@?\3\(\);\s*(?:exit|die)\b[^;]{0,19};\s*\} SecRule REQUEST_METHOD "@rx ^POST$" "id:77111143,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-18880-php.bkdr-3||T:APACHE||'" SecRule ARGS "@rx (?im)(\$\w{1,40})\h*=\h*count\h*\(\h*\$\w{1,40}\h*\)\h*[\+\-/%]\h*\d+\h*;\s*if\h*\(\h*!?\1[\s\)]+\{\s*(\$\w{1,40})\h*=\h*['\x22]?create_function['\x22]?\h*;\s*(\$\w{1,40})\h*=\h*\2\h*\(\h*(?:['\x22]{2}|null)\h*,\h*\$[^;]+;\s*@?\3\(\);\s*(?:exit|die)\b[^;]{0,19};\s*\}" "t:none" # -------------- # eee7a50d # SMW-INJ-12775-php.bkdr.wshll.oneliner-11 # \beval(\s*\(\s*@?stripslashes\s*\(\s*@?\$_(?:[GPCR]|SER)\w{2,6}\s*\[[^\]]+\]\s*\)\s*\)(?:\s*;)?) SecRule REQUEST_METHOD "@rx ^POST$" "id:77111144,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-12775-php.bkdr.wshll.oneliner-11||T:APACHE||'" SecRule ARGS "@rx (?im)\beval(\s*\(\s*@?stripslashes\s*\(\s*@?\$_(?:[GPCR]|SER)\w{2,6}\s*\[[^\]]+\]\s*\)\s*\)(?:\s*;)?)" "t:none" # -------------- # db40077e # SMW-INJ-13270-php.bkdr-7 # (<\?php\s+)@?eval\s*\(\s*(?:['"][\?><]{2}['"]\s*\.\s*)?@?file_get_contents\s*\(\s*['"]https?://pastebin\.com/(?:raw|download)(?:\.php\?i=|/)[^'"]{1,40}['"]\s*\)\s*(?:\.\s*['"]?[\?><]{2}['"])?\s*\)(?:\s*;) SecRule REQUEST_METHOD "@rx ^POST$" "id:77111145,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-13270-php.bkdr-7||T:APACHE||'" SecRule ARGS "@rx (?im)(<\?php\s+)@?eval\s*\(\s*(?:['\x22][\?><]{2}['\x22]\s*\.\s*)?@?file_get_contents\s*\(\s*['\x22]https?://pastebin\.com/(?:raw|download)(?:\.php\?i=|/)[^'\x22]{1,40}['\x22]\s*\)\s*(?:\.\s*['\x22]?[\?><]{2}['\x22])?\s*\)(?:\s*;)" "t:none" # -------------- # ab66ca58 # SMW-INJ-18934-php.bkdr.oneliner-1 # \bif\h*\(\h*key\h*\(\h*\$_[GPRSC]\w{2,6}\h*\)\h*\S{2,3}\s*['"]\w{0,40}['"]\s*\)\s*\{\s*@?[peas](?:assthru|ystem|xec|hell_exec|val|ssert)\h*\((?:\h*@?(?:base64_decode|gz(?:uncompress|inflate)|str_rot13|strrev)\h*\(){0,9}[^;]{0,9}?\$_[GPRSC]\w{2,6}\h*\[[^\]]+\][\)\s]+;\s*(?:die|exit)\b[^;]{0,19};\s*\} SecRule REQUEST_METHOD "@rx ^POST$" "id:77111146,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-18934-php.bkdr.oneliner-1||T:APACHE||'" SecRule ARGS "@rx (?im)\bif\h*\(\h*key\h*\(\h*\$_[GPRSC]\w{2,6}\h*\)\h*\S{2,3}\s*['\x22]\w{0,40}['\x22]\s*\)\s*\{\s*@?[peas](?:assthru|ystem|xec|hell_exec|val|ssert)\h*\((?:\h*@?(?:base64_decode|gz(?:uncompress|inflate)|str_rot13|strrev)\h*\(){0,9}[^;]{0,9}?\$_[GPRSC]\w{2,6}\h*\[[^\]]+\][\)\s]+;\s*(?:die|exit)\b[^;]{0,19};\s*\}" "t:none" # -------------- # cbe282c8 # SMW-INJ-18357-php.tool.remote-3 # (\$\w{1,40})\h*=\h*curl_init\h*\(\h*\$_[GPCSR]\w{2,6}\[[^;]{1,99};[^\}\?=]{1,999}\b(?:curl_setopt\h*\(\h*\1\h*,\h*CURLOPT_COOKIE(?:JAR|FILE)\h*,\h*\$GLOBALS\[['"]coki['"]\]\h*\);\s*){2}(?:(\$\w{1,40})\h*=\h*curl_exec\h*\(\h*\$\w{1,40}\h*\)\h*;\s*@?eval\h*\(\h*['"]\?>['"]\h*\.\h*\2\);\s*){0,2} SecRule REQUEST_METHOD "@rx ^POST$" "id:77111147,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-18357-php.tool.remote-3||T:APACHE||'" SecRule ARGS "@rx (?im)(\$\w{1,40})\h*=\h*curl_init\h*\(\h*\$_[GPCSR]\w{2,6}\[[^;]{1,99};[^\}\?=]{1,999}\b(?:curl_setopt\h*\(\h*\1\h*,\h*CURLOPT_COOKIE(?:JAR|FILE)\h*,\h*\$GLOBALS\[['\x22]coki['\x22]\]\h*\);\s*){2}(?:(\$\w{1,40})\h*=\h*curl_exec\h*\(\h*\$\w{1,40}\h*\)\h*;\s*@?eval\h*\(\h*['\x22]\?>['\x22]\h*\.\h*\2\);\s*){0,2}" "t:none" # -------------- # 5ccf0447 # SMW-INJ-06095-inj.mlw.obf-2 # \A\s*<\?php[^\$]{1,40}(\$[O0_]{1,40})\s*=\s*urldecode\(['"][^'"]{1,199}['"]\);\s*\$[O0_]{1,40}\s*=\s*\1(?:\{|\[)\d+(?:\}|\])\s*\.\s*\1[^\?]{999,5000}@?eval\(\$[O0_]{1,40}\);['"]\);\$\{['"](?:G|\\x47)[^'"]{6,24}['"]\}\[['"][^'"]{9,40}['"]\]\(\);\s*(?:\?>|\Z) SecRule REQUEST_METHOD "@rx ^POST$" "id:77111148,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-06095-inj.mlw.obf-2||T:APACHE||'" SecRule ARGS "@rx (?im)\A\s*<\?php[^\$]{1,40}(\$[O0_]{1,40})\s*=\s*urldecode\(['\x22][^'\x22]{1,199}['\x22]\);\s*\$[O0_]{1,40}\s*=\s*\1(?:\{|\[)\d+(?:\}|\])\s*\.\s*\1[^\?]{999,5000}@?eval\(\$[O0_]{1,40}\);['\x22]\);\$\{['\x22](?:G|\\x47)[^'\x22]{6,24}['\x22]\}\[['\x22][^'\x22]{9,40}['\x22]\]\(\);\s*(?:\?>|\Z)" "t:none" # -------------- # ebf23af1 # SMW-INJ-03938-php.bkdr.wshll-7 # <\?[ph\s]+(?:if\(\$_[GPRSC]\w{2,6}\[[^\]]+\][^\)]+\)\{@?(?:eval|copy)\(base64_decode\(\$_[GPRSC]\w{2,6}\[[^\]]+\][^\}]{0,99}\}|if\(\$_[GPRSC]\w{2,6}\[[^\]]+\]\D{2,3}\d+\)\{(?:print|echo)\([^\)]+\);\s*\}){2,6}\s*(?:\?>|\Z) SecRule REQUEST_METHOD "@rx ^POST$" "id:77111149,log,pass,chain,severity:7,tag:'service_i360',tag:'noshow',phase:2,t:none,msg:'Imunify AV: SMW-INJ-03938-php.bkdr.wshll-7||T:APACHE||'" SecRule ARGS "@rx (?im)<\?[ph\s]+(?:if\(\$_[GPRSC]\w{2,6}\[[^\]]+\][^\)]+\)\{@?(?:eval|copy)\(base64_decode\(\$_[GPRSC]\w{2,6}\[[^\]]+\][^\}]{0,99}\}|if\(\$_[GPRSC]\w{2,6}\[[^\]]+\]\D{2,3}\d+\)\{(?:print|echo)\([^\)]+\);\s*\}){2,6}\s*(?:\?>|\Z)" "t:none" # </LocationMatch> SecMarker Marker_Mlw_Sigs # Block SMW-INJ-20424-js.spam.redi-0 SecRule REQUEST_METHOD "POST" "id:77350245,chain,deny,log,t:none,severity:5,msg:'IM360 WAF: WordPress theme injection SMW-INJ-20424-js.spam.redi-0||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'wp_core',tag:'im360_req_post'" SecRule REQUEST_FILENAME "@rx \/wp-admin\/(?:admin-ajax|theme-editor)\.php" "chain,t:none,t:urlDecodeUni,t:normalizePath" SecRule ARGS "@rx eval\(function\(p,a,c,k,e,d\)\{e=function\(c\)\{return c\};if\(!''\.replace\(\/\^\/,String\)\)\{while\(c--\)\{d\[c\]=k\[c\]\|\|c\}k=\[function\(e\)\{return d\[e\]\}\];e=function\(\)\{return\'.{4}\'\};c=1\};while\(c--\)\{if\(k\[c\]\)\{p=p\.replace\(new\sRegExp\(.{20}\),k\[c\]\)\}\}return\sp\}\(\'.{1500,2500}\.split\(\'\|\'\),0,\{\}\)\)" "t:none,t:urlDecodeUni,capture" SecRule REQUEST_METHOD "POST" "id:77350270,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Block known DB infection (25022)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||WPU:%{TX.wp_user}||T:APACHE||',tag:'im360_req_post'" SecRule ARGS "@rx \btry\s*\{\s*(?:var|let)(?:\s*\/\*[^\*]*\*\/)*\s*(\w+)\h*=\h*(String)\h*;(?:\s*(?:var|let))?\s*\w+\s*=[^;\[]{0,499}\1\s*\[\s*[^(]+[from\+\h'\x22]+\2\.fromCharCode\s*\((?:\s*\/\*[^\*]*\*\/)*\s*\d[^:\n]{999,4999}\w+\[\w+\]\(\w+\)\[\d+\]\[\w+\]\(\w+\)[;\h]+if[^\}\n]+\]\.remove[\(\);\}\s]+catch[\(\s]+\w+[\)\s]+\{\s*\}" "t:none,t:htmlEntityDecode" SecRule REQUEST_METHOD "POST" "id:77350271,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Block known DB infection (23311)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||WPU:%{TX.wp_user}||T:APACHE||',tag:'im360_req_post'" SecRule ARGS "@rx (?:<a\h*href[\h=]+['\x22]https?:\/\/[^'\x22]+['\x22]>slot\d*\b[^<]*<\/a>\s*){2,9}" "t:none,t:htmlEntityDecode" # WPT-306 SecRule REQUEST_METHOD "POST" "chain,id:77350279,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Block known DB infection (25062)||WPU:%{TX:wp_user}||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',tag:'im360_req_post'" SecRule ARGS|REQUEST_BODY "@rx <(script)>\h*document\.write[\h(]+String\.fromCharCode[\h\(]+60,115,99,114,105,112,116,62,118,97,114,32,95,36,95,97,55,57,56,61,91,34,92,120,50,69,34,44,34,92,120[^\)]{999,5500}41,60,47,115,99,114,105,112,116,62[\h\)]+;\h*<\/\1>" "t:none" SecRule REQUEST_METHOD "POST" "chain,id:77350280,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Block known DB infection (16270)||WPU:%{TX:wp_user}||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',tag:'im360_req_post'" SecRule ARGS|REQUEST_BODY "@rx <(script)[^>]{0,40}>\s*atOptions\h*=\h*\{[^(]{1,290}\};\s*document\.write\(\x5C?['\x22]<[^>]{1,150}\/\w{32}\/invoke\.js\x5C?['\x22][^\)]{0,25}\);\s*<\/\1>" "t:none" SecRule REQUEST_METHOD "POST" "chain,id:77350281,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Block known DB infection (16402)||WPU:%{TX:wp_user}||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',tag:'im360_req_post'" SecRule ARGS "@rx <(script)[^>\.:]{1,99}\bsrc\h*=\h*\W[^\x22']{1,60}\/(?:\w{2}\/){3}\w{32}\.js\W\x3C[^>]+\1>" "t:none"
Simpan