File Manager
Upload
Current Directory: /home/lartcid/public_html/journal.lartc.id
[Back]
..
[Open]
Hapus
Rename
.htaccess
[Edit]
Hapus
Rename
.well-known
[Open]
Hapus
Rename
README.md
[Edit]
Hapus
Rename
api
[Open]
Hapus
Rename
cache
[Open]
Hapus
Rename
cgi-bin
[Open]
Hapus
Rename
classes
[Open]
Hapus
Rename
config.TEMPLATE.inc.php
[Edit]
Hapus
Rename
config.inc.php
[Edit]
Hapus
Rename
controllers
[Open]
Hapus
Rename
cypress.json
[Edit]
Hapus
Rename
dbscripts
[Open]
Hapus
Rename
docs
[Open]
Hapus
Rename
error_log
[Edit]
Hapus
Rename
favicon.ico
[Edit]
Hapus
Rename
index.php
[Edit]
Hapus
Rename
js
[Open]
Hapus
Rename
lib
[Open]
Hapus
Rename
locale
[Open]
Hapus
Rename
mini.php
[Edit]
Hapus
Rename
pages
[Open]
Hapus
Rename
php.ini
[Edit]
Hapus
Rename
plugins
[Open]
Hapus
Rename
public
[Open]
Hapus
Rename
registry
[Open]
Hapus
Rename
scheduledTaskLogs
[Open]
Hapus
Rename
schemas
[Open]
Hapus
Rename
styles
[Open]
Hapus
Rename
templates
[Open]
Hapus
Rename
tools
[Open]
Hapus
Rename
Edit File
# ------------------------------------------------------ # Imunify360 ModSecurity Rules # Copyright (C) 2024 CloudLinux Inc All right reserved # The Imunify360 ModSecurity Rules is distributed under # IMUNIFY360 LICENSE AGREEMENT # ------------------------------------------------------ # Block SMW-INJ-20424-js.spam.redi-0 SecRule REQUEST_METHOD "POST" "id:77350245,chain,block,log,t:none,severity:5,msg:'IM360 WAF: WordPress theme injection SMW-INJ-20424-js.spam.redi-0||User:%{SCRIPT_USERNAME}||WPU:%{TX.wp_user}||T:APACHE||',tag:'wp_core',tag:'service_malware'" SecRule REQUEST_FILENAME "@rx \/wp-admin\/(?:admin-ajax|theme-editor)\.php" "chain,t:none,t:urlDecodeUni,t:normalizePath" SecRule ARGS "@rx eval\(function\(p,a,c,k,e,d\)\{e=function\(c\)\{return c\};if\(!''\.replace\(\/\^\/,String\)\)\{while\(c--\)\{d\[c\]=k\[c\]\|\|c\}k=\[function\(e\)\{return d\[e\]\}\];e=function\(\)\{return\'.{4}\'\};c=1\};while\(c--\)\{if\(k\[c\]\)\{p=p\.replace\(new\sRegExp\(.{20}\),k\[c\]\)\}\}return\sp\}\(\'.{1,999}\.split\(\'\|\'\),0,\{\}\)\)" "t:none,t:urlDecodeUni,capture" SecRule REQUEST_METHOD "POST" "id:77350271,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Block known DB infection (23311)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||WPU:%{TX.wp_user}||T:APACHE||',tag:'service_malware'" SecRule ARGS "@rx (?:<a\s*href[\s=]+['\x22]https?:\/\/[^'\x22]+['\x22]>slot\d*\b[^<]*<\/a>\s*){2,9}" "t:none,t:htmlEntityDecode" SecRule ARGS:z0 "@rx ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" "id:77350313,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Block by malicious argument z0||Value:%{TX.1}||User:%{SCRIPT_USERNAME}||SC:%{SCRIPT_FILENAME}||T:APACHE||',tag:'service_malware'" SecRule REQUEST_METHOD "@rx POST" "id:77310031,chain,phase:2,block,log,severity:2,msg:'IM360 WAF: Arbitrary file upload in FCKEditor||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',tag:'service_malware'" SecRule REQUEST_FILENAME "@rx \/fckeditor\/editor\/filemanager\/(?:upload|connectors)\/php\/upload.php" "chain,t:none,t:normalizePath,t:lowercase" SecRule FILES|FILES_NAMES "@rx (?i)(?:ph(?:p|tml|t)|txt|asp|pl|py|exe|cgi|php[0-9])" "t:none" SecRule REQUEST_METHOD "@rx POST" "id:77318021,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Block interaction with the malicious shell (SMW-SA-04829-mlw-2)||User:%{SCRIPT_USERNAME}||SC:%{SCRIPT_FILENAME}||WPU:%{TX.wp_user}||T:APACHE||',tag:'service_malware'" SecRule REQUEST_FILENAME "@endsWith .php" "chain,t:none,t:normalizePath" SecRule ARGS:getpwd "@streq zxc" "t:none,t:urlDecode" # AnonymousFox protection SecRule &ARGS:a "@eq 1" "id:77350001,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: AnonymousFox shell interaction block||User:%{SCRIPT_USERNAME}||SC:%{SCRIPT_FILENAME}||WPU:%{TX.wp_user}||T:APACHE||',tag:'service_malware'" SecRule &ARGS:c "@eq 1" "chain,t:none" SecRule &ARGS:p1 "@eq 1" "chain,t:none" SecRule &ARGS:p2 "@eq 1" "chain,t:none" SecRule &ARGS:p3 "@eq 1" "chain,t:none" SecRule &ARGS:charset "@eq 1" "t:none" SecRule REQUEST_FILENAME "@pm /Fox-C/ /Fox-C404/ /Fox-CCFS/ /Fox-SS/" "id:77350002,phase:2,block,log,severity:2,t:none,t:urlDecodeUni,msg:'IM360 WAF: Prevent sensitive data exposure by AnonymousFox||Path:%{REQUEST_FILENAME}||WPU:%{TX.wp_user}||T:APACHE||',tag:'service_malware'" SecRule REQUEST_METHOD "@rx POST" "id:77350003,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: AnonymousFox plugin installation block||WPU:%{TX.wp_user}||T:APACHE||',tag:'service_malware'" SecRule REQUEST_FILENAME "@endsWith .php" "chain,t:none,t:lowercase,t:normalizePath" SecRule ARGS:act|ARGS:check "@streq anonymousfox" "t:none,t:lowercase" SecRule REQUEST_FILENAME "@endsWith /panels.txt" "id:77350004,block,log,severity:2,t:none,t:normalizePath,t:lowercase,msg:'IM360 WAF: Prevent data leakage to AnonymousFox servers||Path:%{REQUEST_FILENAME}||WPU:%{TX.wp_user}||T:APACHE||',tag:'service_malware'" SecRule REQUEST_FILENAME "@endsWith /wp-content/plugins/wp-user-avatar/changelog.txt" "id:77350185,pass,nolog,auditlog,severity:2,t:none,t:normalizePath,t:lowercase,msg:'IM360 WAF: Probing vulnerable ProfilePress WordPress plugin||Path:%{REQUEST_FILENAME}||T:APACHE||',tag:'service_malware'" SecRule REQUEST_METHOD "@rx POST" "id:77350272,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Possible AnonymousFox webshell login attempt||WPU:%{TX.wp_user}||T:APACHE||',tag:'service_malware'" SecRule REQUEST_FILENAME "@rx ^\/(wp-includes|wp-content)\/(images|widgets|plugins|themes)\/include.php" "t:none,t:normalizePath,t:lowercase" SecRule REQUEST_FILENAME "@rx [0-9a-z]{8}\.php\d?$" "id:77350081,chain,phase:2,block,log,severity:2,t:none,t:lowercase,msg:'IM360 WAF: Block malware interaction requests (SMW-BLKH-1457491-php.bkdr.obf)||SC:%{SCRIPT_FILENAME}||T:APACHE||',tag:'service_malware'" SecRule ARGS:action "@rx ^f6f2\w{5,50}(76|a6)$" "t:none" SecRule REQUEST_METHOD "@pm POST GET PUT HEAD" "id:77350296,chain,phase:2,block,log,severity:2,msg:'IM360: Block access to the shell||MV:%{MATCHED_VAR}||T:APACHE||',tag:'service_malware'" SecRule REQUEST_FILENAME "@rx (^\/\.images|\/(?:a[2-4]|confcom|mar|\.wp-back|gel4y|bala))\.php\d{0,2}|^\/csv.php\d{0,2}$|(\/r5[78](shell|eng|priv|_\w{3,8})?|\/(wp-|sh(ell-?)?)?ws[o0](shell|php)?(\d{1,6})?|\/(\d{4,10}_){0,2}c99(shell|madshell)?|\/(\w{0,6}-backdoor)|\/(alfa|xleet|\d{4,5})-shell|\/pr1v(shell)?|\/xl(eet)?(\d{4})?|\/ak47shell|\/v3n0m)\.php[57]?$" "t:none,t:normalizePath,t:lowercase" SecRule REQUEST_FILENAME "@rx ^\/\.[0-9a-zA-Z]{10}\.php\d?$" "id:77350297,chain,phase:2,block,log,severity:2,t:none,t:lowercase,msg:'IM360 WAF: Block malware interaction requests (SMW-BLKH-1666099)||MVN:%{MATCHED_VAR_NAME}||SC:%{SCRIPT_FILENAME}||T:APACHE||',tag:'service_malware'" SecRule REQUEST_FILENAME "!@rx ^\/\.(prospectus|tgitconfig|bithoundrc|restrictor|identcache|phpversion|luacheckrc|gitmodules|Xresources|deployment|capistrano|foodcritic|subversion|deercache4|4352213546|dockerfile|LSOverride)\.php\d?$" "t:none" SecRule REQUEST_METHOD "@rx POST" "id:77350300,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Access to the malicious WordPress plugin||MV:%{MATCHED_VAR}||WPU:%{TX.wp_user}||T:APACHE||',tag:'wp_core',tag:'service_malware'" SecRule REQUEST_URI "@rx \/(plugins|themes)\/(?=[a-z\d]{0,8}\d)[a-z\d]{8}\/\w{1,200}\.js\.php" "t:none" SecRule REQUEST_METHOD "@rx POST" "id:77350306,chain,phase:2,pass,nolog,auditlog,severity:5,t:none,msg:'IM360 WAF: Access to suspicious double extension endpoint||MV:%{MATCHED_VAR}||WPU:%{TX.wp_user}||T:APACHE||',tag:'service_malware'" SecRule REQUEST_FILENAME "@endsWith .js.php" "t:none,t:lowercase" SecRule &ARGS:cmd "@gt 0" "id:77350134,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Block malware interaction||SC:%{SCRIPT_FILENAME}||T:APACHE||',tag:'service_malware'" SecRule ARGS:k "@rx ^bf0b1ced7505c16f7a921ef36c780a6e$" "t:none" SecRule REQUEST_URI "@contains /upl.php" "id:77350135,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Block malware interaction||SC:%{SCRIPT_FILENAME}||T:APACHE||ARGS.cmd:%{ARGS.cmd}||ARGS.k:%{ARGS.k}||',tag:'service_malware'" SecRule &ARGS:cmd "@gt 0" "chain,t:none" SecRule ARGS:k "@rx [a-fA-F0-9]+$" "t:none"
Simpan