File Manager
Upload
Current Directory: /home/lartcid/public_html/journal.lartc.id
[Back]
..
[Open]
Hapus
Rename
.htaccess
[Edit]
Hapus
Rename
.well-known
[Open]
Hapus
Rename
README.md
[Edit]
Hapus
Rename
api
[Open]
Hapus
Rename
cache
[Open]
Hapus
Rename
cgi-bin
[Open]
Hapus
Rename
classes
[Open]
Hapus
Rename
config.TEMPLATE.inc.php
[Edit]
Hapus
Rename
config.inc.php
[Edit]
Hapus
Rename
controllers
[Open]
Hapus
Rename
cypress.json
[Edit]
Hapus
Rename
dbscripts
[Open]
Hapus
Rename
docs
[Open]
Hapus
Rename
error_log
[Edit]
Hapus
Rename
favicon.ico
[Edit]
Hapus
Rename
index.php
[Edit]
Hapus
Rename
js
[Open]
Hapus
Rename
lib
[Open]
Hapus
Rename
locale
[Open]
Hapus
Rename
mini.php
[Edit]
Hapus
Rename
pages
[Open]
Hapus
Rename
php.ini
[Edit]
Hapus
Rename
plugins
[Open]
Hapus
Rename
public
[Open]
Hapus
Rename
registry
[Open]
Hapus
Rename
scheduledTaskLogs
[Open]
Hapus
Rename
schemas
[Open]
Hapus
Rename
styles
[Open]
Hapus
Rename
templates
[Open]
Hapus
Rename
tools
[Open]
Hapus
Rename
Edit File
# ------------------------------------------------------ # Imunify360 ModSecurity Rules # Copyright (C) 2024 CloudLinux Inc All right reserved # The Imunify360 ModSecurity Rules is distributed under # IMUNIFY360 LICENSE AGREEMENT # ------------------------------------------------------ # Imunify360 ModSecurity Custom Ruleset SecRule REQUEST_URI "!@rx (\/wp-admin\/|\/wp-content\/|\/forum\/|\/bitrix\/|\/wp-json\/|\/index\.php\/apps\/dashboard\/)" "id:77140730,chain,phase:2,log,block,severity:2,t:urlDecode,t:removeWhitespace,msg:'IM360 WAF: Drupalgeddon test||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule REQUEST_COOKIES_NAMES|ARGS_NAMES "(\[[^\w]{0,99}[\"'\x60]?#[^\]]{0,99}\])|(#\[)" "t:none" SecRule REQUEST_URI "!@rx (/wp-admin/|/wp-content/|/forum/)" "id:77140731,chain,phase:2,block,log,severity:2,t:urlDecode,t:removeWhitespace,msg:'IM360 WAF: Drupal CVE-2018-7600/02 RCE attempt||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule ARGS|ARGS_NAMES "(q\[%23type\])|(q\[%23markup\])|(\[%23\]\[\])|(\[#\]\[\])|(\[%2523\]\[\])" "t:none" SecRule REQUEST_COOKIES:X-XSRF-TOKEN "(\S{41,})" "id:77140733,phase:1,block,log,severity:2,t:urlDecodeUni,msg:'IM360 WAF: Exploitation attempt (CVE-2018-15133)||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule &REQUEST_HEADERS:User-Agent "@eq 0" "id:77135155,msg:'IM360 WAF: Missing User Agent Header||T:APACHE||',phase:request,pass,nolog,t:none,severity:7,setvar:TX.miss_ua=+1,tag:'noshow',tag:'service_custom'" SecRule REQUEST_HEADERS:User-Agent "@rx ^$" "id:77217240,msg:'IM360 WAF: Empty User Agent Header||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,pass,nolog,auditlog,t:none,severity:5,setvar:TX.miss_ua=+1,tag:'service_custom',tag:'noshow'" SecRule REQUEST_URI "@pm /mother.php /yt.php /wp-logos.php /temp.php /yt2.php /indes.php" "id:77140743,chain,phase:2,block,log,severity:2,t:normalizePath,msg:'IM360 WAF: Block malicious scripts access||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom',tag:'service_rbl_infectors'" SecRule TX:miss_ua|TX:sql_inject|TX:php_inject "@gt 0" "t:none" SecRule ARGS "@rx (\s-oQ/|\s-be\s\${run)" "id:77140746,phase:2,block,log,severity:2,t:urlDecode,msg:'IM360 WAF: SA-CORE-2018-006 mail() RCE||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom',tag:'drupal_core'" SecRule ARGS "@rx (\$IFS\$|\$\{IFS\})" "id:77140751,phase:2,block,log,severity:2,t:urlDecode,t:removeWhitespace,msg:'IM360 WAF: RCE IFS anti-bypass||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule REQUEST_METHOD "^GET$" "id:77140755,chain,phase:2,block,log,severity:2,setvar:TX.body_length=%{REQUEST_BODY_LENGTH},msg:'IM360 WAF: RCE in Drupal (CVE-2019-6340)||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom',tag:'drupal_core'" SecRule ARGS:_format "@streq hal_json" "t:none,chain" SecRule TX:body_length "@ge 500" "t:none" SecRule REQUEST_URI "@contains /wp-content/uploads/" "id:77140761,chain,phase:2,block,log,severity:2,t:normalizePath,msg:'IM360 WAF: Blocking filenames collected with WSO checker||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule REQUEST_BASENAME "@rx (blackhat|wp-console|ask|idx|aul|wawa|content-post)\.php" "t:none" SecRule REQUEST_BASENAME "@endsWith .php" "id:77140762,chain,block,severity:2,phase:2,log,msg:'IM360 WAF: Blocking variable zzz in URI||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule REQUEST_FILENAME "!@rx \/admin\/1c_exchange\.php$" "chain,t:none,t:urlDecodeUni" SecRule ARGS_NAMES "@rx ^zzz$" "t:none" SecRule ARGS:a "@streq Php" "id:77140806,chain,phase:2,block,log,severity:2,t:urlDecode,t:removeWhitespace,msg:'IM360 WAF: Block known shells||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom',tag:'service_rbl_infectors'" SecRule REQUEST_URI "@rx (/wp-admin/|/wp-content/)" "t:none" SecRule REQUEST_URI "@rx \/(wp-admin|wp-content)\/" "id:77140807,chain,phase:2,block,log,severity:2,t:urlDecode,t:removeWhitespace,msg:'IM360 WAF: Block known shells||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom',tag:'service_rbl_infectors'" SecRule ARGS:pass "@contains -wso-sell" SecRule ARGS:info|ARGS:x|ARGS:yt "@contains die(pi()" "id:77140808,chain,phase:2,block,log,severity:2,t:urlDecode,t:removeWhitespace,msg:'IM360 WAF: Block known shells||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule REQUEST_URI "@rx (/wp-admin/|/wp-content/)" "t:none" SecRule ARGS "@contains POST[z0]" "id:77140809,chain,phase:2,block,log,severity:2,t:urlDecode,t:removeWhitespace,msg:'IM360 WAF: Block known shells||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule REQUEST_URI "@rx (/wp-admin/|/wp-content/)" "t:none" SecRule ARGS "@contains 'T'}[z0]" "id:77140810,chain,phase:2,block,log,severity:2,t:urlDecode,t:removeWhitespace,msg:'IM360 WAF: Block known shells||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule REQUEST_URI "@rx (/wp-admin/|/wp-content/)" "t:none" SecRule ARGS "@contains eval(@base64_decode(" "id:77140811,chain,phase:2,block,log,severity:2,t:urlDecode,t:removeWhitespace,msg:'IM360 WAF: Block known shells||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule REQUEST_URI "@rx (/wp-admin/|/wp-content/)" "t:none" SecRule ARGS "@contains eval(get_magic_quotes_gpc()" "id:77140812,chain,phase:2,block,log,severity:2,t:urlDecode,t:removeWhitespace,msg:'IM360 WAF: Block known shells||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule REQUEST_URI "@rx (/wp-admin/|/wp-content/)" "t:none" SecRule ARGS:shall|ARGS:catch|ARGS:yt|ARGS:except|ARGS:user|ARGS:system|ARGS:not|ARGS:accept|ARGS:session|ARGS:pass|ARGS:internal "@contains eval(rawurldecode" "id:77140813,chain,phase:2,block,log,severity:2,t:urlDecode,t:removeWhitespace,msg:'IM360 WAF: Block known shells||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule REQUEST_URI "@rx (/wp-admin/|/wp-content/)" "t:none" SecRule ARGS:mtime|ARGS:itongtong "@contains die(" "id:77140817,chain,phase:2,block,log,severity:2,t:urlDecode,t:removeWhitespace,msg:'IM360 WAF: Block known shells||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule REQUEST_URI "@rx (/wp-admin/|/wp-content/|/wp-includes/)" "t:none" SecRule ARGS:_method "@contains __construct" "id:77140824,chain,phase:2,block,log,severity:2,t:urlDecode,t:removeWhitespace,msg:'IM360 WAF: ThinkPHP 5.x RCE||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule ARGS:filter[] "@rx (system|assert)" "t:none" SecRule REQUEST_FILENAME "@rx (product|item|product-list|productlist|product_info|product-display|item_book|product_detail|pages|producto)\.php$" "id:77140852,chain,phase:2,block,log,severity:2,t:none,t:lowercase,msg:'IM360 WAF: SQL Dorks collection for SQL Injection||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule ARGS:product_id|ARGS:pid|ARGS:productid|ARGS:gubun|ARGS:pr|ARGS:page_code|ARGS:id|ARGS:tid|ARGS:sku|ARGS:shopprodid|ARGS:products_id|ARGS:fid|ARGS:cat|ARGS:act "@rx \'" "t:none,t:urlDecodeUni" SecRule &ARGS:jweyc "@eq 1" "id:77140861,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Encrypted malicious code detected||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom',tag:'service_rbl_infectors'" SecRule &ARGS:callbrhy "@eq 1" "t:none" SecRule ARGS:a "@streq RC" "id:77140863,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Malicious code detected||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule &ARGS:/^[a-z]+$/ "@ge 4" "t:none" SecRule ARGS "@rx ^die\((?:pi\(\)\*\d+|@?md5\(\w+\)|[=.!\x27\x5c]+|)" "id:77140864,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Remote code execution fingerprint attempt||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom',tag:'service_rbl_infectors'" SecRule ARGS:a "@contains /bin/sh -c 'which which'" "id:77140874,phase:2,block,log,severity:2,t:none,t:urlDecode,msg:'IM360 WAF: Sensor for PHuiP-FPizdaM exploit request (CVE-2019-11043)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',tag:'service_custom'" SecRule REQUEST_METHOD "@rx ^GET$" "id:77140919,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: ThinkPHP 5.X - Remote Command Execution Vulnerability (CVE-2019-9082)||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule REQUEST_FILENAME "@endsWith /index.php" "chain,t:none,t:normalizePath" SecRule ARGS:function "@streq call_user_func_array" "chain,t:none" SecRule ARGS:s "@rx ^(index|Index|Home)\/\\\\think" "chain,t:none,t:urlDecodeUni" SecRule ARGS:/^vars\[/ "!@rx ^$" "t:none" SecRule REQUEST_METHOD "@rx ^GET$" "id:77140921,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: ThinkPHP 5.X SQLi Vulnerability||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule REQUEST_FILENAME "@endsWith /index.php" "chain,t:none,t:normalizePath" SecRule ARGS:s "@rx ^\/home\/(?:article\/view_recent|shopcart\/getprice|user\/cut|service\/index|pay\/\w{0,20}\/orderid|order\/\w{0,20}\/id)\/" "chain,t:none,t:urlDecodeUni" SecRule MATCHED_VAR "@contains '" "t:none" SecRule REQUEST_METHOD "@rx ^POST$" "id:77140936,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Webmin 1.920 Unauthenticated RCE vulnerability||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',tag:'service_custom'" SecRule REQUEST_FILENAME "@endsWith password_change.cgi" "chain,t:none,t:normalizePath" SecRule &ARGS:user "@gt 0" "chain,t:none" SecRule &ARGS:expired "@gt 0" "chain,t:none" SecRule ARGS:old "@pm | & ; $ `" "t:none,t:urlDecodeUni" SecRule ARGS:destination "@streq node" "id:77140940,chain,phase:2,block,log,severity:2,t:none,t:lowercase,msg:'IM360 WAF: Drupal 7 SQL Injection vulnerability||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom',tag:'drupal_core'" SecRule ARGS:form_id "@streq user_login_block" "chain,t:none,t:lowercase" SecRule ARGS_NAMES "^name\[[\w\s]*[;'\)]" "t:none,t:urlDecodeUni" SecRule REQUEST_FILENAME "@endsWith install/install.php" "id:77140941,chain,phase:2,block,log,severity:2,t:none,t:urlDecodeUni,t:normalizePath,msg:'IM360 WAF: OsCommerce 2.3.4.1 Remote Code Execution vulnerability||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule ARGS:step "@streq 4" "chain,t:none" SecRule &ARGS:DIR_FS_DOCUMENT_ROOT "@gt 0" "chain,t:none" SecRule ARGS:DB_DATABASE "@rx \);" "t:none,t:urlDecodeUni" SecRule REQUEST_FILENAME "@endsWith lib/redactor/file_upload.php" "id:77140943,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: PrestaShop Lib module Arbitrary File Upload vulnerability||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:none,t:lowercase,t:removeWhitespace" SecRule REQUEST_FILENAME "@endsWith psmodthemeoptionpanel/psmodthemeoptionpanel_ajax.php" "id:77140944,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: PrestaShop ModTheme Arbitrary File Upload vulnerability||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:none,t:lowercase" SecRule REQUEST_FILENAME "@endsWith nvn_export_orders/upload.php" "id:77140945,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: PrestaShop nvn_export_orders Arbitrary File Upload vulnerability||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:none,t:lowercase" SecRule REQUEST_FILENAME "@endsWith pk_flexmenu/ajax/upload.php" "id:77140946,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: PrestaShop FlexMenu Arbitrary File Upload vulnerability||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:none,t:lowercase" SecRule REQUEST_FILENAME "@endsWith wdoptionpanel/wdoptionpanel_ajax.php" "id:77140947,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: PrestaShop wdoptionpanel Arbitrary File Upload vulnerability||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule ARGS:data "@streq bajatax" "chain,t:none" SecRule ARGS:type "@streq image_upload" "chain,t:none" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:none" SecRule REQUEST_FILENAME "@endsWith fieldvmegamenu/ajax/upload.php" "id:77140948,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: PrestaShop Fieldvmegamenu Arbitrary File Upload vulnerability||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:none" SecRule REQUEST_FILENAME "@endsWith wg24themeadministration/wg24_ajax.php" "id:77140950,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: PrestaShop wg24themeadministration Arbitrary File Upload vulnerability||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule ARGS:data "@streq bajatax" "chain,t:none" SecRule ARGS:type "@streq pattern_upload" "chain,t:none" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:none" SecRule REQUEST_FILENAME "@rx cartabandonmentpro(Old)?/upload\.php" "id:77140952,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: PrestaShop cartabandonmentpro Arbitrary File Upload vulnerability||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:none" SecRule REQUEST_FILENAME "@rx 1?attributewizardpro(_x|\.OLD)?/file_upload\.php" "id:77140954,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: PrestaShop attributewizardpro Arbitrary File Upload vulnerability||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:none,t:lowercase" SecRule REQUEST_FILENAME "@rx (jro_)?homepageadvertise2?/uploadimage\.php" "id:77140955,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: PrestaShop homepageadvertise Arbitrary File Upload vulnerability||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:none,t:lowercase" SecRule REQUEST_FILENAME "@rx (productpageadverts|simpleslideshow|vtermslideshow|soopabanners|soopamobile|columnadverts)/uploadimage\.php" "id:77140956,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: PrestaShop productpageadverts, simpleslideshow, vtermslideshow, soopabanners, soopamobile and columnadverts Arbitrary File Upload vulnerability||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php\d?)$)" "t:none,t:lowercase" SecRule REQUEST_FILENAME "@rx [0-9a-z]{4,15}\.php\d?$" "id:77140958,chain,phase:2,pass,log,t:none,t:lowercase,severity:5,msg:'IM360 WAF: Malware (.ico) interaction interface request blocked||MVN:%{MATCHED_VAR_NAME}||SC:%{SCRIPT_FILENAME}||T:APACHE||',tag:'service_custom'" SecRule &ARGS "@eq 1" "t:none,chain" SecRule ARGS "@rx [0-9a-h]{999,}$" "t:none" SecRule REQUEST_FILENAME "@rx eval-stdin\.php" "id:77140967,chain,phase:2,block,log,severity:2,t:none,t:urlDecodeUni,t:normalizePath,msg:'IM360 WAF: PrestaShop PHPUnit Arbitrary Code Execution vulnerability (CVE-2017-9841)||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}',tag:'service_custom'" SecRule REQUEST_URI "@rx \/vendor" "t:none,t:lowercase" SecRule REQUEST_URI "@rx wp-content\/plugins\/solid_best_corp\/" "id:77140997,phase:2,block,log,severity:2,t:none,t:urlDecodeUni,t:normalizePath,msg:'IM360 WAF: Malicious plugin Solid Best Corp||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||SC:%{SCRIPT_FILENAME}||',tag:'service_custom'" SecRule REQUEST_URI "@rx \/statis-{1,20}\d{1,5}\'" "id:77141005,phase:2,block,log,severity:2,t:none,t:urlDecodeUni,t:normalizePath,t:removeWhitespace,msg:'IM360 WAF: Remote SQL Injection Vulnerability in Lokomedia CMS||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||SC:%{SCRIPT_FILENAME}||',tag:'service_custom'" SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" "id:77141006,chain,msg:'IM360 WAF: ThemeGrill Demo Importer Auth Bypass & Database Wipe||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,block,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,severity:2,tag:'service_custom'" SecRule &ARGS:do_reset_wordpress "!@eq 0" "t:none" SecRule ARGS|FILES "@rx \/home\/[\w\.\/]{1,128}\/(?:\.contactemail|(?:cpanel\/)?\.?contactinfo)$" "id:77141050,block,log,severity:2,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,msg:'IM360 WAF: Creating and modification of cPanel contacts||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule REQUEST_FILENAME "@endsWith dompdf.php" "id:77141054,chain,block,log,severity:2,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,msg:'IM360 WAF: LFI vlnerability in dompdf||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule ARGS:input_file "@beginsWith php://" "t:none,t:urlDecode" SecRule REQUEST_METHOD "@rx ^POST$" "id:77142146,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Multiple path traversal Vulnerabilities||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule FILES "!@rx ^$" "chain,t:none,t:normalizePath" SecRule ARGS:jpath "@rx \.\.\/" "t:urlDecodeUni,t:removeWhitespace,t:normalizePath" SecRule REQUEST_FILENAME "@contains gponform/diag_form" "chain,id:77142207,severity:2,phase:2,block,log,t:none,t:normalizePath,t:lowercase,msg:'IM360 WAF: GPON Routers - Authentication Bypass / Command Injection||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule ARGS:diag_action "@streq ping" "chain,t:none" SecRule ARGS:dest_host "@rx [^\da-zA-Z\-_\:\.]" "t:none" SecRule REQUEST_URI|ARGS "@contains ddisable_functions=null" "id:77142242,chain,phase:2,block,nolog,auditlog,severity:2,t:none,t:lowercase,t:removeWhitespace,setvar:tx.mvn=%{MATCHED_VAR_NAME},msg:'IM360 WAF: PHP <5.3.12/<5.4.2 - CGI Argument Injection (CVE-2012-1823)||T:APACHE||MVN:%{TX.mvn}||MV:%{MATCHED_VAR}||PREPEND_FILE:%{TX.1}||',tag:'service_im360'" SecRule MATCHED_VAR "@contains dsafe_mode=off" "chain,t:none,t:lowercase,t:removeWhitespace" SecRule MATCHED_VAR "@contains dallow_url_include=on" "chain,t:none,t:lowercase,t:removeWhitespace" SecRule MATCHED_VAR "@rx dauto_prepend_file=([^$]+)" "t:none,t:lowercase,t:removeWhitespace,capture" SecRule REQUEST_URI "@contains seomatic/meta-container" "chain,id:77142245,phase:2,block,log,severity:2,msg:'IM360 WAF: RCE on SEOmatic < 3.3.0 (CVE-2020-9757)||ARGS.uri:%{ARGS.uri}||T:APACHE||',tag:'service_custom'" SecRule &ARGS:uri "@gt 0" "t:none" SecRule REQUEST_FILENAME "@endsWith /bamegamenu/ajax_phpcode.php" "chain,id:77142251,phase:2,severity:2,block,log,t:none,t:normalizePath,msg:'IM360 WAF: PrestaShop Responsive Mega Menu module < 1.7.2.5 arbitrary code execution (CVE-2018-8823)||T:APACHE||ARGS.code:%{ARGS.code}||',tag:'service_custom'" SecRule ARGS:code "@rx ^system" "t:none" SecRule REQUEST_URI "@contains ajax/render/widget" "chain,id:77142252,block,log,phase:2,severity:2,t:none,t:normalizePath,t:lowercase,msg:'IM360 WAF: vBulletin RCE bypass (CVE-2019-16759)||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}',tag:'service_custom'" SecRule ARGS:/^subWidgets/ "@rx [\x28\x29\x3b]" "t:none" SecRule REQUEST_FILENAME "@endsWith /cgi-bin/kerbynet" "id:77142257,chain,phase:2,block,log,severity:2,msg:'IM360 WAF: Zeroshell RCE||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule &ARGS:type|&ARGS:x509type|&ARGS:user "@gt 0" "t:none,t:lowercase" SecRule ARGS:a "@pm fetch display" "id:77316724,chain,phase:2,block,log,severity:2,msg:'IM360 WAF: File Upload/RCE in ThinkCMF||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule &ARGS:templateFile "@gt 0" "chain,t:none" SecRule ARGS:prefix "@contains '" "chain,t:none,t:htmlEntityDecode" SecRule ARGS:content "@contains <?php" "t:none,t:htmlEntityDecode" SecRule REQUEST_FILENAME "@endsWith /setup.cgi" "id:77316728,chain,block,log,severity:2,t:none,t:normalizePath,t:lowercase,msg:'IM360 WAF: Netgear unauthenticated RCE||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule REMOTE_ADDR "!@ipMatch 192.168.1.1" "chain,t:none" SecRule ARGS:next_file "@streq netgear.cfg" "chain,t:none" SecRule ARGS:todo "@streq syscmd" "chain,t:none" SecRule &ARGS:currentsetting.htm "@ge 1" "chain,t:none" SecRule ARGS:cmd "@rx \/tmp[^;]{0,128};\s?wget[+\s]{1,12}https?:\/\/[^;]{4,512};" "t:none,t:compressWhitespace,t:htmlEntityDecode" SecRule REQUEST_FILENAME "@endsWith login.cgi" "id:77142258,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,t:lowercase,msg:'IM360 WAF: IOT unauthenticated file upload and RCE||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule ARGS:cli "@rx [\s\+]?wget\shttps?:\/\/([^\s\+])" "t:none,t:compressWhitespace,t:htmlEntityDecode" SecRule REQUEST_URI "@rx \/boaform\/admin\/form(?:Ping|Tracert)" "id:77142260,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,t:lowercase,msg:'IM360 WAF: IOT unauthenticated file upload and RCE||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule ARGS:target_addr "@rx [\s\+]?wget\shttps?:\/\/([^\s\+])" "t:none,t:compressWhitespace,t:htmlEntityDecode" SecRule REQUEST_FILENAME "@endsWith ping.cgi" "id:77142261,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,t:lowercase,msg:'IM360 WAF: IOT unauthenticated file upload and RCE||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule &ARGS:sessionKey "@gt 0" "chain,t:none" SecRule ARGS:pingIpAddress "@rx [\s\+]?wget\shttps?:\/\/([^\s\+])" "t:none,t:compressWhitespace,t:htmlEntityDecode" SecRule ARGS|REQUEST_URI|XML:/* "@rx ;[\s\+]?sh[\s\+]\/tmp\/([^\s\+])" "id:77142264,phase:2,block,log,severity:2,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,msg:'IM360 WAF: IOT unauthenticated file upload and RCE||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule ARGS|REQUEST_URI|XML:/* "@rx ;[\s\+]?rm[\s\+]-rf[\s\+]\*" "id:77142265,phase:2,block,log,severity:2,t:none,t:normalizePath,t:compressWhitespace,t:lowercase,msg:'IM360 WAF: IOT unauthenticated file upload and RCE||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule REQBODY_ERROR "@eq 1" "id:77316736,phase:5,pass,nolog,auditlog,severity:5,ctl:auditLogParts=-C,msg:'IM360 WAF: Request body parsing error||err_msg:%{REQBODY_ERROR_MSG}||T:APACHE||',tag:'service_custom'" SecRule REQUEST_FILENAME "@endsWith /ajax-index.php" "id:77316739,chain,block,log,t:none,t:normalizePath,t:lowercase,severity:2,msg:'IM360 WAF: Block interaction with backdoor||ARGS.url:%{ARGS.url}||T:APACHE||',tag:'service_custom'" SecRule &ARGS:url "@gt 0" "chain,t:none,t:lowercase" SecRule &ARGS "@eq 1" "t:none" SecRule REQUEST_URI "@rx system\s?\(\s?[\x22\x27]" "id:77316741,phase:2,log,block,severity:2,t:urlDecode,t:lowercase,t:htmlEntityDecode,t:hexDecode,msg:'IM360 WAF: Perl command injection attempt||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule ARGS "@rx ^[\.,\d]{0,10}[\x22\x27]\x3e\x3c" "id:77316742,phase:2,log,block,severity:2,t:htmlEntityDecode,t:hexDecode,msg:'IM360 WAF: Generic XSS exploitation attempt||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule ARGS|REQUEST_LINE "@rx (?:rm -rf \.\.\/\.\.\/\.\.\/)|(?:cat \/tmp\/[^\s]{1,100}\s\x3c)" "id:77316743,phase:2,log,block,severity:2,t:urlDecode,t:lowercase,t:htmlEntityDecode,t:hexDecode,msg:'IM360 WAF: Command injection attempt||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule ARGS|REQUEST_LINE "@rx (?:wget https?\:\/\/pastebin\.com\/raw\/)" "id:77316745,phase:2,log,block,severity:2,t:urlDecode,t:lowercase,t:htmlEntityDecode,t:hexDecode,msg:'IM360 WAF: Suspicious url download attempt||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule REQUEST_METHOD "@rx ^POST$" "id:77316749,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Magento Webforms Arbitrary File Upload||SC:%{SCRIPT_FILENAME}||T:APACHE||REQUEST_URI:%{REQUEST_URI}||',tag:'service_custom'" SecRule REQUEST_URI "@endsWith /js/webforms/upload/index.php" SecRule REQUEST_FILENAME "@endsWith /.env" "id:77316757,block,log,phase:2,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Laravel .env file access||T:APACHE||QS:%{QUERY_STRING}||',tag:'service_custom'" SecRule REQUEST_FILENAME "@rx ^/\." "chain,id:77350309,pass,nolog,auditlog,phase:2,severity:5,t:none,t:normalizePath,msg:'IM360 WAF: Hidden file access||T:APACHE||QS:%{QUERY_STRING}||',tag:'service_custom'" SecRule MATCHED_VAR "!@pm .thumbswysiwyg/ .thumbs/ .well-known/" "t:none" SecRule REQUEST_URI "@rx \/wp-content\/plugins\/(ubh|api-wp)\/" "id:77316761,block,log,severity:2,phase:2,t:none,t:lowercase,msg:'IM360 WAF: Block interaction with malicious plugin||T:APACHE||SC:%{SCRIPT_FILENAME}||REQUEST_URI:%{REQUEST_URI}||',tag:'service_custom'" SecRule ARGS:q "!@rx ^$" "id:77316769,chain,pass,nolog,auditlog,phase:2,severity:2,t:none,t:urlDecode,t:normalizePath,t:lowercase,msg:'IM360 WAF: Drupal CMS root empty password attempt||T:APACHE||%{REQUEST_HEADERS.Host}',tag:'service_bruteforce',tag:'service_custom',tag:'noshow'" SecRule REQUEST_METHOD "^POST$" "chain,t:none,t:urlDecode" SecRule ARGS:form_build_id "@beginsWith form-" "chain,t:none,t:urlDecode" SecRule ARGS:name "@rx ^root$" "chain,t:none,t:urlDecode" SecRule ARGS:pass "@rx ^$" "t:none,t:urlDecode" SecRule REQUEST_METHOD "@streq GET" "id:77316781,chain,msg:'IM360 WAF: QSnatch malware test attempt||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,block,log,t:none,severity:2,tag:'service_custom'" SecRule REQUEST_FILENAME "@endsWith /qnap_firmware.xml" "chain,t:none,t:normalizePath" SecRule ARGS:t "@rx \d{10}" "t:none,t:urlDecodeUni" SecRule &REQUEST_COOKIES "@ge 5" "id:77316794,chain,block,log,t:none,severity:2,msg:'IM360 WAF: Block request to known infected file||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||Tracked:%{TX.cook_info}||',tag:'service_custom'" SecRule REQUEST_COOKIES:/^\d\d?$/ "@rx ^(str_ro|tr_rot13|str_r|ot13|rot13|t13|perngr|shapgvba|onfr6|base64|decode|eval)$" "t:none" SecRule REQUEST_HEADERS:User-Agent "@rx ^(?:ArcherGhost8|banana|ArcherGhost|ArcherGhostNotify)$" "id:77316798,block,log,t:none,severity:2,msg:'IM360 WAF: Found User-Agent KashmirBlack||User-Agent:%{REQUEST_HEADERS.User-Agent}||T:APACHE||',tag:'service_custom'" SecRule REQUEST_METHOD "POST" "id:77316801,chain,block,log,t:none,severity:2,msg:'IM360 WAF: Magento Webforms Upload Vulnerability||Request-URI:%{REQUEST_URI}||T:APACHE||',tag:'service_custom'" SecRule REQUEST_URI "@contains /js/webforms/upload/" "chain,t:none,t:normalizePath" SecRule FILES "@rx (\.htaccess|\.(pht|phtml|php?\d?)$)" "t:none" SecRule REQUEST_METHOD "^POST$" "id:77316803,chain,block,log,severity:2,t:none,msg:'IM360 WAF: Unauthenticated Arbitrary File Upload in WooCommerce Upload Files (CVE-2021-24171)||File:%{ARGS.wcuf_file_name}||T:APACHE||',tag:'service_custom'" SecRule ARGS:wcuf_file_name "!@rx \.[bcdefgijlmnopstvx]{3,4}$" "t:none" SecRule REQUEST_METHOD "@rx POST" "id:77316824,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Blind SQLi via request headers detected||User-Agent:%{REQUEST_HEADERS.User-Agent}||T:APACHE||',tag:'service_custom'" SecRule REQUEST_FILENAME "@rx \.(?:pht|php\d?)$" "chain,t:none,t:normalizePath" SecRule REQUEST_HEADERS:User-Agent "@rx ^'\s?(?:and|or|if|\x7c|&)[\s\x28]" "t:none,t:urlDecode,t:lowercase" SecRule REQUEST_METHOD "@rx POST" "id:77316825,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Blind SQLi via request headers detected||User-Agent:%{REQUEST_HEADERS.User-Agent}||T:APACHE||',tag:'service_custom'" SecRule REQUEST_FILENAME "@rx \.(?:pht|php\d?)$" "chain,t:none,t:normalizePath" SecRule REQUEST_HEADERS:User-Agent "@rx (benchmark|sleep)\s?\x28\d" "t:none,t:urlDecode,t:lowercase" SecRule REQUEST_URI "@pm wpindex.php xmlrp.php th3_err0r.php larva.php" "id:77316897,phase:1,block,log,severity:2,t:none,t:urlDecodeUni,msg:'IM360 WAF: Malicious file name in the URI||T:APACHE||',tag:'service_custom'" SecRule ARGS:0x[]|ARGS:0x%5B%5D "@rx ^(androxgh0st|janc0xsec)$" "id:77317941,phase:2,severity:2,block,log,t:none,t:normalizePath,msg:'IM360 WAF: Laravel Apps Leaking Secrets exploit attempt||MV:%{MATCHED_VAR}||T:APACHE||',tag:'service_custom'" SecRule REQUEST_URI|FILES "@contains config.bak.php" "id:77316846,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Malicious input||File:%{MATCHED_VAR}||T:APACHE||',tag:'service_custom'" SecRule REQUEST_URI "@rx (\/\.security\/|\/\.quarantine\/|\/quarantine_clamavconnector\/|\/\.trash\/)" "id:77317988,block,log,severity:2,t:none,t:normalizePath,t:urlDecodeUni,t:lowercase,msg:'IM360 WAF: Block access to quarantined files||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'service_custom'" SecRule ARGS|REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_BODY "@rx \$\{jndi:(ldaps?|rmi|dns|iiop|https?|nis|nds|corba|\$\{(?:lower|upper)):" "id:77317992,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,t:urlDecode,phase:2,msg:'IM360 WAF: Remote code execution vulnerability in Apache Log4j (CVE-2021-44228)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',tag:'service_custom'" SecRule ARGS|REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_BODY "@rx \$\{jndi:(ldaps?|rmi|dns|iiop|https?|nis|nds|corba|\$\{(?:lower|upper)):" "id:77317993,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,t:Base64Decode,phase:2,msg:'IM360 WAF: Remote code execution vulnerability in Apache Log4j (CVE-2021-44228)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',tag:'service_custom'" SecRule ARGS|REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_BODY "@pm /Basic/Command/Base64/ /Basic/ReverseShell/ /Basic/TomcatMemshell /Basic/JettyMemshell /Basic/WeblogicMemshell /Basic/JBossMemshell /Basic/WebsphereMemshell /Basic/SpringMemshell /Deserialization/URLDNS/ /Deserialization/CommonsCollections1/Dnslog/ /Deserialization/CommonsCollections2/Command/Base64/ /Deserialization/CommonsBeanutils1/ReverseShell/ /Deserialization/Jre8u20/TomcatMemshell /TomcatBypass/Dnslog/ /TomcatBypass/Command/ /TomcatBypass/ReverseShell/ /TomcatBypass/TomcatMemshell /TomcatBypass/SpringMemshell /GroovyBypass/Command/ /WebsphereBypass/Upload/" "id:77317994,chain,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,phase:2,msg:'IM360 WAF: Remote code execution vulnerability in Apache Log4j (CVE-2021-44228)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',tag:'service_custom'" SecRule MATCHED_VAR "@rx (ldap|ldaps|rmi|dns|iiop|https?|nis|nds|corba):\/\/" "t:none,t:normalizePath" SecRule ARGS|REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_BODY "@pm /Basic/Command/Base64/ /Basic/ReverseShell/ /Basic/TomcatMemshell /Basic/JettyMemshell /Basic/WeblogicMemshell /Basic/JBossMemshell /Basic/WebsphereMemshell /Basic/SpringMemshell /Deserialization/URLDNS/ /Deserialization/CommonsCollections1/Dnslog/ /Deserialization/CommonsCollections2/Command/Base64/ /Deserialization/CommonsBeanutils1/ReverseShell/ /Deserialization/Jre8u20/TomcatMemshell /TomcatBypass/Dnslog/ /TomcatBypass/Command/ /TomcatBypass/ReverseShell/ /TomcatBypass/TomcatMemshell /TomcatBypass/SpringMemshell /GroovyBypass/Command/ /WebsphereBypass/Upload/" "id:77317995,chain,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,t:Base64Decode,phase:2,msg:'IM360 WAF: Remote code execution vulnerability in Apache Log4j (CVE-2021-44228)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',tag:'service_custom'" SecRule MATCHED_VAR "@rx (ldap|ldaps|rmi|dns|iiop|https?|nis|nds|corba):\/\/" "t:none,t:normalizePath,t:Base64Decode" SecRule ARGS|REQUEST_HEADERS|REQUEST_COOKIES|QUERY_STRING|REQUEST_URI "@rx \$\{::-\w\}\$|\$\{\$\{(?:lower|upper):[\$\w]" "id:77317996,chain,msg:'IM360 WAF: Remote code execution vulnerability in Apache Log4j (CVE-2021-44228)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,tag:'service_custom'" SecRule MATCHED_VAR "@rx :\/\/" "t:none,t:normalizePath" SecRule ARGS|REQUEST_HEADERS|REQUEST_COOKIES|QUERY_STRING|REQUEST_URI "@rx \$\{::-\w\}\$|\$\{\$\{(?:lower|upper):[\$\w]" "id:77318012,chain,msg:'IM360 WAF: Remote code execution vulnerability in Apache Log4j (CVE-2021-44228)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,t:Base64Decode,tag:'service_custom'" SecRule MATCHED_VAR "@rx :\/\/" "t:none,t:normalizePath,t:Base64Decode" SecRule ARGS|REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_BODY "@rx ${(sys|ctx):[^\}]+\}" "id:77318003,msg:'IM360 WAF: Remote code execution vulnerability in Apache Log4j (CVE-2021-45046)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,tag:'service_custom'" SecRule ARGS|REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_BODY "@rx ${(sys|ctx):[^\}]+\}" "id:77318013,msg:'IM360 WAF: Remote code execution vulnerability in Apache Log4j (CVE-2021-45046)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,t:base64Decode,tag:'service_custom'" SecRule ARGS_NAMES|REQUEST_HEADERS_NAMES|REQUEST_COOKIES_NAMES|FILES_NAMES "@rx \$\{jndi:(ldaps?|rmi|dns|iiop|https?|nis|nds|corba|\$\{(?:lower|upper)):" "id:77317997,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,phase:2,msg:'IM360 WAF: Remote code execution vulnerability in Apache Log4j (CVE-2021-44228)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',tag:'service_custom'" SecRule ARGS_NAMES|REQUEST_HEADERS_NAMES|REQUEST_COOKIES_NAMES|FILES_NAMES "@rx \$\{jndi:(ldaps?|rmi|dns|iiop|https?|nis|nds|corba|\$\{(?:lower|upper)):" "id:77317998,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,t:Base64Decode,phase:2,msg:'IM360 WAF: Remote code execution vulnerability in Apache Log4j (CVE-2021-44228)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',tag:'service_custom'" SecRule ARGS_NAMES|REQUEST_HEADERS_NAMES|REQUEST_COOKIES_NAMES|FILES_NAMES "@rx \$\{::-\w\}\$|\$\{\$\{(?:lower|upper):[\$\w]" "id:77318001,chain,msg:'IM360 WAF: Remote code execution vulnerability in Apache Log4j (CVE-2021-44228)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,tag:'service_custom'" SecRule MATCHED_VAR "@rx :\/\/" "t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace" SecRule ARGS_NAMES|REQUEST_HEADERS_NAMES|REQUEST_COOKIES_NAMES|FILES_NAMES "@rx \$\{::-\w\}\$|\$\{\$\{(?:lower|upper):[\$\w]" "id:77318014,chain,msg:'IM360 WAF: Remote code execution vulnerability in Apache Log4j (CVE-2021-44228)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,t:Base64Decode,tag:'service_custom'" SecRule MATCHED_VAR "@rx :\/\/" "t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,t:Base64Decode" SecRule ARGS_NAMES|REQUEST_HEADERS_NAMES|REQUEST_COOKIES_NAMES|FILES_NAMES|ARGS|REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_BODY "@contains ${env:" "chain,id:77318018,msg:'IM360 WAF: Remote code execution vulnerability in Apache Log4j (CVE-2021-44228)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,tag:'service_custom'" SecRule MATCHED_VAR "\$\{j\$\{[^:]+:[^:]+:-nd\}i\$\{" "t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace" SecRule ARGS_NAMES|REQUEST_HEADERS_NAMES|REQUEST_COOKIES_NAMES|FILES_NAMES "@rx ${(sys|ctx):[^\}]+\}" "id:77318006,msg:'IM360 WAF: Remote code execution vulnerability in Apache Log4j (CVE-2021-45046)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,tag:'service_custom'" SecRule ARGS_NAMES|REQUEST_HEADERS_NAMES|REQUEST_COOKIES_NAMES|FILES_NAMES "@rx ${(sys|ctx):[^\}]+\}" "id:77318011,msg:'IM360 WAF: Remote code execution vulnerability in Apache Log4j (CVE-2021-45046)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,t:Base64Decode,tag:'service_custom'" SecRule ARGS|REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES "@rx \$\{\${::-\$\{::-\$\${::-\w{1,4}\}\}\}\}" "id:77318016,msg:'IM360 WAF: DOS in Log4j (CVE-2021-45105)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,tag:'service_custom'" SecRule ARGS|REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES "@rx \$\{\${::-\$\{::-\$\${::-\w{1,4}\}\}\}\}" "id:77318017,msg:'IM360 WAF: DOS in Log4j (CVE-2021-45105)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,t:base64Decode,tag:'service_custom'" SecRule REQUEST_URI "@pm /checkout/cart/add/uenc/ /review/product/post/id/ /catalogsearch/result/ /gifts/devotional/ /mageworx_searchsuiteautocomplete/ajax/index/ /catalogsearch/searchTermsLog/save/ /search/ajax/suggest/" "id:77350010,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Inproper input validation in Adobe Commerce and Magento Open Source before 2.4.3||T:APACHE||',tag:'service_custom'" SecRule ARGS "@rx ;|[\x22\d']=[\x22\d']|>|\.\.\/|waitfor delay|\/\*|\(select|(?:benchmark|sleep|convert|cha?r)\(" "t:none,t:htmlEntityDecode,t:urlDecode,t:lowercase,t:compressWhitespace" SecRule REQUEST_METHOD "@rx ^POST$" "id:77350029,chain,block,log,t:none,severity:2,msg:'IM360 WAF: Unrestricted File Upload vulnerability WSO2 (CVE-2022-29464)||WPU:%{TX.wp_user}||T:APACHE||MV:%{MATCHED_VAR}||Files:%{FILES}||',tag:'service_custom'" SecRule REQUEST_URI "@pm /api/content/ /fileupload/ /upload" "chain,t:none,t:normalizePath" SecRule FILES "@rx \.\.\/\.\.\/" "t:none" SecRule REQUEST_METHOD "@rx ^POST$" "id:77350030,chain,block,log,t:none,severity:2,msg:'IM360 WAF: Unrestricted File Upload vulnerability WSO2 (CVE-2022-29464)||WPU:%{TX.wp_user}||T:APACHE||MV:%{MATCHED_VAR}||Files:%{FILES}||',tag:'service_custom'" SecRule FILES "@rx \.\.\/\.\.\/" "chain,t:none" SecRule FILES "@contains /webapps/" "t:none,t:normalizePath" SecRule REQUEST_METHOD "@rx ^POST$" "id:77350031,chain,block,log,t:none,severity:2,msg:'IM360 WAF: Generic path traversal attempt||T:APACHE||MV:%{MATCHED_VAR}||Files:%{FILES}||',tag:'service_custom'" SecRule FILES "@rx \.\.\/\.\.\/" "t:none" SecRule ARGS_NAMES "^pwd163$" "chain,id:77350040,block,severity:2,t:none,msg:'IM360 WAF: Attempt to drop malware via existing backdoor||User:%{SCRIPT_USERNAME}||SC:%{SCRIPT_FILENAME}||T:APACHE||',tag:'service_custom'" SecRule ARGS_NAMES "^zzz$" "t:none" SecRule ARGS:lt "@rx 503c138bd956ccbe9a63967ef1f22dac" "id:77350088,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Block malware communication||T:APACHE||',tag:'service_custom'" SecRule ARGS:a "@rx ZWNobyA0MDk3MjMqMjA7" "t:none" SecRule ARGS|REQUEST_HEADERS "@pm ${script:javascript:java.lang.Runtime. ${dns:address| ${file:UTF-8:/" "id:77350132,phase:2,block,log,severity:2,t:none,t:lowercase,t:normalizePath,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,msg:'IM360 WAF: Text4Shell vulnerability exploit attempt (CVE-2022-42889)||T:APACHE||',tag:'service_custom'"
Simpan