ModSec Kural Zinciri

INFeRNaL

INFeRNaL

Özel Üye
22 Nis 2009
6,516
1
Mersin
Sunucularınızda Kullanacağınız ModSec Kural Zinciri.
Gerçekten Sağlam Bir Kural Zinciri :
Kod: 
<IfModule mod_security.c>
#              _   _      _   _       _                       _
#             
#
# ---------------------------------------------------------------------------
# Bu dosya mod_security kurallarini iceren conf dosyasidir.
# 
#
#                      
#                  
#
# ---------------------------------------------------------------------------
SecFilterEngine On
SecFilterCheckURLEncoding Off
SecFilterCheckUnicodeEncoding Off
SecFilterForceByteRange 0 255
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log
SecFilterDebugLog logs/modsec_debug_log
SecFilterDebugLevel 0
SecFilterDefaultAction "deny,log,status:406"
SecFilterSelective REMOTE_ADDR "^127.0.0.1$" nolog,allow
Secfilter "sbin/"
SecFilter "eggz"
SecFilter "eggdrop"
SecFilter "psybnc"
SecFilter "udp.pl"
SecFilter "bindtty"
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
Include "/usr/local/apache/conf/modsec.user.conf"
SecFilterSelective THE_REQUEST "dc.pl "
SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "act=tools"
SecFilterSelective THE_REQUEST "act=gof"
SecFilterSelective THE_REQUEST "act=ls"
SecFilterSelective THE_REQUEST "act=mk"
SecFilterSelective THE_REQUEST "act=f&"
SecFilterSelective THE_REQUEST "act=sql"
SecFilterSelective THE_REQUEST "act=gofile"
SecFilterSelective THE_REQUEST "act=mkdir"
SecFilterSelective THE_REQUEST "act=ftpquickbrute"
SecFilterSelective THE_REQUEST "act=d"
SecFilterSelective THE_REQUEST "act=phpinfo"
SecFilterSelective THE_REQUEST "act=security"
SecFilterSelective THE_REQUEST "act=makefile"
SecFilterSelective THE_REQUEST "act=encoder"
SecFilterSelective THE_REQUEST "act=fsbuff"
SecFilterSelective THE_REQUEST "act=selfremove"
SecFilterSelective THE_REQUEST "act=update"
SecFilterSelective THE_REQUEST "act=feedback"
SecFilterSelective THE_REQUEST "act=search"
SecFilterSelective THE_REQUEST "act=chmod"
SecFilterSelective THE_REQUEST "act=upload "
SecFilterSelective THE_REQUEST "act=delete"
SecFilterSelective THE_REQUEST "act=paste"
SecFilterSelective THE_REQUEST "act=copy"
SecFilterSelective THE_REQUEST "act=cut"
SecFilterSelective THE_REQUEST "act=unselect "
SecFilterSelective THE_REQUEST "act=cmd"
SecFilterSelective THE_REQUEST "act=tools"
SecFilterSelective THE_REQUEST "act=eval"
SecFilterSelective THE_REQUEST "act=f"
SecFilterSelective THE_REQUEST "&s=r&cmd=dir&dir=."
SecFilterSelective THE_REQUEST "&s=r&cmd=con"
SecFilterSelective THE_REQUEST "INSERT%20INTO"
SecFilterSelective THE_REQUEST "SELECT%20"
SecFilterSelective THE_REQUEST "root="
SecFilterSelective THE_REQUEST "phpshell.php "
SecFilterSelective THE_REQUEST "cc.php"
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "scp "
SecFilterSelective THE_REQUEST "ftp "
SecFilterSelective THE_REQUEST "cvs "
SecFilterSelective THE_REQUEST "rcp "
SecFilterSelective THE_REQUEST "curl "
SecFilterSelective THE_REQUEST "telnet "
SecFilterSelective THE_REQUEST "perl "
SecFilterSelective THE_REQUEST "b0t.tmp "
SecFilterSelective THE_REQUEST "bt.pl "
SecFilterSelective THE_REQUEST "fetch "
SecFilterSelective THE_REQUEST "ssh "
SecFilterSelective THE_REQUEST "echo "
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links -dump-charset "
SecFilterSelective THE_REQUEST "links -dump-width "
SecFilterSelective THE_REQUEST "links http:// "
SecFilterSelective THE_REQUEST "links ftp:// "
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "mkdir "
SecFilterSelective THE_REQUEST "cd /tmp "
SecFilterSelective THE_REQUEST "cd /var/tmp "
SecFilterSelective THE_REQUEST "cd /tmp/ "
SecFilterSelective THE_REQUEST "cd /var/tmp/ "
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
SecFilterSelective THE_REQUEST "/config.php?v=1&DIR "
SecFilterSelective THE_REQUEST "&highlight=%2527%252E "
SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php "
SecFilterSelective THE_REQUEST "arta\.zip "
SecFilterSelective THE_REQUEST "cmd=cd\x20/var "
SecFilterSelective THE_REQUEST "cmd=cd\x20/tmp "
SecFilterSelective THE_REQUEST "cmd=cd\x20/var/tmp "
SecFilterSelective THE_REQUEST "cmd=cd\x20/tmp/ "
SecFilterSelective THE_REQUEST "cmd=cd\x20/var/tmp/ "
SecFilterSelective THE_REQUEST "HCL_path=http "
SecFilterSelective THE_REQUEST "clamav-partial "
SecFilterSelective THE_REQUEST "vi\.recover "
SecFilterSelective THE_REQUEST "netenberg "
SecFilterSelective THE_REQUEST "psybnc "
SecFilterSelective THE_REQUEST "fantastico_de_luxe "
SecFilterSelective THE_REQUEST "tool.gif?cmd "
SecFilterSelective THE_REQUEST "rm -rf "
SecFilterSelective THE_REQUEST "\.htaccess"
SecFilterSelective THE_REQUEST "cd\.\."
SecFilterSelective THE_REQUEST "///cgi-bin"
SecFilterSelective THE_REQUEST "/cgi-bin///"
SecFilterSelective THE_REQUEST "/~root"
SecFilterSelective THE_REQUEST "/~ftp"
SecFilterSelective THE_REQUEST "/htgrep" chain
SecFilterSelective THE_REQUEST "/htgrep" log,pass
SecFilterSelective THE_REQUEST "/\.history"
SecFilterSelective THE_REQUEST "/\.bash_history"
SecFilterSelective THE_REQUEST "/~nobody"
SecFilterSelective THE_REQUEST "<script"
SecFilterSelective THE_REQUEST "psybnc"
SecFilterSelective THE_REQUEST "cmd=cd\x20/var"
SecFilterSelective THE_REQUEST "dir=http"
SecFilterSelective THE_REQUEST "\?STRENGUR"
SecFilterSelective THE_REQUEST "/etc/motd"
SecFilterSelective THE_REQUEST "/etc/passwd"
SecFilterSelective THE_REQUEST "conf/httpd\.conf"
SecFilterSelective THE_REQUEST "/bin/ps"
SecFilterSelective THE_REQUEST "bin/tclsh"
SecFilterSelective THE_REQUEST "tclsh8\x20"
SecFilterSelective THE_REQUEST "udp\.pl"
SecFilterSelective THE_REQUEST "linuxdaybot\.txt"
SecFilterSelective THE_REQUEST "wget\x20"
SecFilterSelective THE_REQUEST "bin/nasm"
SecFilterSelective THE_REQUEST "nasm\x20"
SecFilterSelective THE_REQUEST "/usr/bin/perl"
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links -dump-(charset|width) "
SecFilterSelective THE_REQUEST "links (http|https|ftp)\:/"
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "cd\x20/(tmp|var/tmp|etc/httpd/proxy|dev/shm)" 
SecFilterSelective THE_REQUEST "cd\.\." 
SecFilterSelective THE_REQUEST "///cgi-bin" 
SecFilterSelective THE_REQUEST "/cgi-bin///" 
SecFilterSelective THE_REQUEST "/~named(/| HTTP\/(0\.9|1\.0|1\.1)$)" 
SecFilterSelective THE_REQUEST "/~guest(/| HTTP\/(0\.9|1\.0|1\.1)$)" 
SecFilterSelective THE_REQUEST "/~logs(/| HTTP\/(0\.9|1\.0|1\.1)$)" 
SecFilterSelective THE_REQUEST "/~sshd(/| HTTP\/(0\.9|1\.0|1\.1)$)" 
SecFilterSelective THE_REQUEST "/~ftp(/| HTTP\/(0\.9|1\.0|1\.1)$)" 
SecFilterSelective THE_REQUEST "/~bin(/| HTTP\/(0\.9|1\.0|1\.1)$)" 
SecFilterSelective THE_REQUEST "/~nobody(/| HTTP\/(0\.9|1\.0|1\.1)$)"  
SecFilterSelective THE_REQUEST "/\.history HTTP\/(0\.9|1\.0|1\.1)$" 
SecFilterSelective THE_REQUEST "/\.bash_history HTTP\/(0\.9|1\.0|1\.1)$"
SecFilterSelective REQUEST_URI "/nessus_is_probing_you_"
SecFilterSelective REQUEST_URI "/NessusTest"
SecFilter "javascript\://"
SecFilter "img src=javascript"
SecFilter "_PHPLIB\[libdir\]"
SecFilter "hdr=/"
SecFilter '$path."*"'
SecFilterSelective THE_REQUEST "\<IMG.*/\bonerror\b[\s]*=/Ri"
SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]text\/javascript/i"
SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]application\/x-javascript/i"
SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]text\/jscript/i"
SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]text\/vbscript/i"
SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]application\/x-vbscript/i"
SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]text\/ecmascript/i"
SecFilterSelective THE_REQUEST "STYLE[\s]*=[\s]*[^>]expression[\s]*\(/i"
SecFilterSelective THE_REQUEST "[\s]*expression[\s]*\([^}]}[\s]*<\/STYLE>/i"
SecFilterSelective THE_REQUEST "<!\[CDATA\[<\]\]>SCRIPT"
SecFilterSelective THE_REQUEST "Content-Type\:.*(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=|javascript\:)"
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"
SecFilterSelective HTTP_Transfer-Encoding "!^$"
SecFilter "(cmd|command)=(cd|\;|perl |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(download|request|mirror|rget) |id|uname|cvs |svn |(s|r)(cp|sh) |net(stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z|A-Z])"
SecFilterSelective REQUEST_URI "\.php\?" chain
SecFilter "(http|https|ftp)\:/" chain
SecFilter "(cmd|command)=.*(cd|\;|perl |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(download|request|mirror|rget) |id|uname|cvs |svn |(s|r)(cp|sh) |net(stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z|A-Z])"
SecFilterSelective THE_REQUEST "(/xmlrpc|.*xmlrpc_services)\.php" chain
SecFilter "(\<xml|\<.*xml)" chain
SecFilter "(echo( |\(|\').*\;|chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\)\;"
SecFilterSelective THE_REQUEST "(/xmlrpc|.*xmlrpc_services)\.php" chain
SecFilter "<methodName>.*</methodName>.*<value><string>.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view).*methodName\>"
SecFilterSelective REQUEST_URI "/index\.php\?option=com_content&task=vote&id=.*&Itemid=.*&cid=.*&user_rating=.*\((select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+(from|into|table|database|index|view)"
SecFilterSelective REQUEST_URI "/content\.php" chain
SecFilterSelective ARG_user_rating ".*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
SecFilterSelective ARG_mosConfig_absolute_path "(\.\./\.\.|/|(http|https|ftp)\:/)"
SecFilterSelective REQUEST_URI "/index(2?)\.php\?.*mosConfig_absolute_path=(http|https|ftp)\:\/"
SecFilterSelective REQUEST_URI "/emailfriend/(emailarticle|emailfaq|emailnews)\.php\?id=\"(\<script|(http|https|ftp)\:/)"
SecFilterSelective REQUEST_URI "/posting\.php\?mode=reply\&t=.*userid.*phpbb2mysql_t=(<[[:space:]]*script|(http|https|ftp)\:/)"
SecFilterSelective REQUEST_URI "/posting\.php\\?.*(<[[:space:]]*script|(http|https|ftp)\:/)"
SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php"
SecFilter "^/viewtopic\.php\?" chain
SecFilter "chr\(([0-9]{1,3})\)"
SecFilterSelective THE_REQUEST "viewtopic\.php" chain
SecFilterSelective "THE_REQUEST|ARG_VALUES" "(passthru|cmd|fopen|exit|fwrite)"
SecFilter "phpbb_root_path="
SecFilterSelective THE_REQUEST "/calendar_scheduler\.php\?start=(<[[:space:]]*script|(http|https|ftp)\:/)"
SecFilterSelective REQUEST_URI "/groupcp\.php\?g=.*sid=\'"
SecFilterSelective REQUEST_URI "/index\.php\?(c|mark)=*\'"
SecFilterSelective REQUEST_URI "/portal\.php\?article=*\'"
SecFilterSelective REQUEST_URI "/viewforum.php?f=.*sid=\'"
SecFilterSelective REQUEST_URI "/viewtopic.php?p=.*sid=\'"
SecFilterSelective REQUEST_URI "/album_search\.php\?mode=\'"
SecFilterSelective REQUEST_URI "/album_cat\.php\?cat_id=.*sid=\'"
SecFilterSelective REQUEST_URI "/album_comment\.php\?pic_id=.*sid=\'"
SecFilterSelective REQUEST_URI "calendar_scheduler\.php\?d=.*&mode=&start=\'\">"
SecFilterSelective REQUEST_URI "/profile\.php\?mode=viewprofile&u=.*((script|script|about|applet|activex|chrome)\>|html|(http|https|ftp)\:/)"
SecFilterSelective REQUEST_URI "/viewtopic\.php\?p=.*&highlight=.*((script|script|about|applet|activex|chrome)\>|html|(http|https|ftp)\:/)"
SecFilterSelective COOKIE_sessionid  "phpbb2mysql_data=a\x3A2\x3A\x7Bs\x3A11\x3A\x22autologinid\x22\x3Bb\x3A1\x3Bs\x3A6\x3A\x22userid\x22\x3Bs\x3A1\x3A\x222\x22\x3B\x7D"
SecFilter "phpbb2mysql_data=a\x3A2\x3A\x7Bs\x3A11\x3A\x22autologinid\x22\x3Bb\x3A1\x3Bs\x3A6\x3A\x22userid\x22\x3Bs\x3A1\x3A\x222\x22\x3B\x7D"
SecFilterSelective SCRIPT_FILENAME "viewtopic\.php$" chain
SecFilterSelective ARG_highlight "%27"
SecFilter "&highlight=\'\.fwrite\(fopen\("
SecFilter "&highlight=\x2527\x252Esystem\("
SecFilter "&highlight=\'\.mysql_query\("
SecFilterSelective THE_REQUEST "/quick-reply\.php" chain
SecFilterSelective THE_REQUEST "(\;|\&)highlight=\'\.system\("
SecFilterSelective THE_REQUEST "&highlight=\'\.mysql_query\("
SecFilterSelective THE_REQUEST "&highlight=\'\.fwrite\(fopen\("
SecFilterSelective THE_REQUEST "&highlight=%2527%252E"
SecFilterSelective THE_REQUEST "&highlight=\x2527\x252Esystem\("
SecFilterSelective THE_REQUEST "/viewtopic\.php\?.*(highlight.*(\'\.|\x2527|\x27)|include\(.*GET\[.*\]\)|=(http|https|ftp)\:/|(printf|system)\()"
SecFilterSelective REQUEST_URI "profile\.php\?GLOBALS\[signature_bbcode_uid\]=\(\.\x2B\)/e\x00"
SecFilterSelective REQUEST_URI|POST_PAYLOAD "r57phpBB2017xpl"
SecFilterSelective POST_PAYLOAD "[EMAIL="_bill_gates@microsoft%5C.com"]_bill_gates@microsoft\.com[/EMAIL]"
SecFilterSelective THE_REQUEST "/admin/admin_forums\.php\?sid=.*" chain
SecFilter "(forumname|forumdesc)=*\<[[:space:]]*(script|about|applet|activex|chrome)"
SecFilterSelective REQUEST_URI "usercp_register\.php" chain
SecFilterSelective ARG_error_msg "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
SecFilterSelective REQUEST_URI "login\.php" chain
SecFilterSelective ARG_forward_page "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
SecFilterSelective REQUEST_URI "search\.php" chain
SecFilterSelective ARG_list_cat "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
SecFilterSelective REQUEST_URI "usercp_register\.php" chain
SecFilterSelective ARG_signature_bbcode_uid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
SecFilterSelective ARG_signature_bbcode_uid "(<.*php|<php)"
SecFilterSelective REQUEST_URI "/downloads\.php\?cat=.*(UNION|SELECT|delete|insert)*user_password.*phpbb_users"
SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain
SecFilterSelective ARG_email "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain
SecFilterSelective ARG_ratenum "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain
SecFilterSelective ARG_min "(dselect|grant|elete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain
SecFilterSelective ARG_show "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain
SecFilterSelective ARG_orderby "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain
SecFilterSelective ARG_url "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain
SecFilterSelective ARG_email "(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+(from|into|table|database|index|view)"
SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain
SecFilterSelective ARG_ratenum "(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+(from|into|table|database|index|view)"
SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain
SecFilterSelective ARG_min "(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+(from|into|table|database|index|view)"
SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain
SecFilterSelective ARG_show "(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+(from|into|table|database|index|view)"
SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain
SecFilterSelective ARG_orderby "(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+(from|into|table|database|index|view)"
SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain
SecFilterSelective ARG_url "(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+(from|into|table|database|index|view)"
SecFilterSelective REQUEST_URI "/modules\.php\?*name=*\<*(script|about|applet|activex|chrome)*\>"
SecFilterSelective REQUEST_URI "/modules\.php\?op=modload&name=News&file=article&sid=*\<*(script|about|applet|activex|chrome)*\>"
SecFilterSelective REQUEST_URI "/modules\.php\?name=Search&type=comments&query=.*&instory=.*UNION.*SELECT.*pwd.*FROM.*nuke_authors"
SecFilterSelective REQUEST_URI  "/modules\.php\?*name=Search*instory="
SecFilterSelective REQUEST_URI  "/modules\.php\?*name=(Search|Web_Links).*\'"
SecFilterSelective THE_REQUEST "/modules\.php\?*name=<[[:space:]]*script"
SecFilterSelective THE_REQUEST "/modules\.php\?name=Bookmarks\&file=(del_cat\&catname|del_mark\&markname|edit_cat\&catname|edit_cat\&catcomment|marks\&catname|uploadbookmarks\&category)=(<[[:space:]]*script|(http|https|ftp)\:/)"
SecFilterSelective THE_REQUEST "modules\.php\?name=Bookmarks\&file=marks\&catname=.*\&category=.*/\*\*/(union|select|delete|insert)"
SecFilterSelective THE_REQUEST "/index\.php*file=*(http|https|ftp)"
SecFilterSelective THE_REQUEST  "/modules\.php\?*name=Search*instory="
SecFilterSelective THE_REQUEST "/modules\.php*name=Forums.*file=viewtopic*/forum=.*\'/"
SecFilterSelective REQUEST_URI "/banners\.php\?op=EmailStats&name=.*&bid=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
SecFilterSelective REQUEST_URI "/modules\.php\?name=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
SecFilterSelective REQUEST_URI "/modules\.php\?name=Search&author=.*&topic=.*&min.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
SecFilterSelective REQUEST_URI "/modules\.php\?name=FAQ&.*=.*&id_cat=.*&categories=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
SecFilterSelective REQUEST_URI "/modules\.php\?op=EmailStats&login=.*&cid=.*&bid=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
SecFilterSelective REQUEST_URI "/modules\.php\?name=Encyclopedia&file=.*&op=.*&eid.*1&ltr=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
SecFilterSelective REQUEST_URI "/joinrequests\.php" chain
SecFilter "do=processjoinrequests&usergroupid=.*&request.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
SecFilterSelective REQUEST_URI "/admincp/user\.php" chain
SecFilter "do=find&orderby=username&limit.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
SecFilterSelective REQUEST_URI "/admincp/(usertitle|usertools)\.php" chain
SecFilter "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
SecFilterSelective REQUEST_URI "/modcp/announcement\.php" chain
SecFilter "do=update&announcementid=.*&start=.*&end=.*&announcement.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
SecFilterSelective REQUEST_URI "/admincp/admincalendar\.php" chain
SecFilter "do=update&calendarid=.*&calendar\[.*\]=.*&calendar.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
SecFilterSelective REQUEST_URI "/admincp/email\.php" chain
SecFilter "do=makelist&user\[.*\].*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
SecFilterSelective REQUEST_URI "/admincp/help\.php" chain
SecFilter "do=doedit&help\[.*\]=.*&help\[.*\].*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
SecFilterSelective REQUEST_URI "admincp/language\.php" chain
SecFilter "do=update&rvt\[.*\].*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
SecFilterSelective REQUEST_URI "/admincp/phrase\.php" chain
SecFilter "do=completeorphans&keep\[.*\].*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
SecFilterSelective REQUEST_URI "calendar\.php\?calbirthdays=.*&action=.*&day=.*&comma=*(cd|\;|perl|python|rpm|yum|apt-get|emerge|lynx|links|mkdir|elinks|cmd|pwd|wget|lwp-(download|request|mirror|rget)|id|uname|cvs|svn|(r|s)sh|(s|r)cp|rexec|smbclient|t?ftp|ncftp|curl|telnet|gcc|cc|g\+\+|\./)"
SecFilterSelective REQUEST_URI "/calendar\.php\?calbirthdays=.*&action=getday&day=.*&comma=\x22;"
SecFilterSelective REQUEST_URI "/forumdisplay\.php?[^\r\n]*comma=[^\r\n\x26]*system\x28.*\x29/Ui"
SecFilterSelective REQUEST_URI "/forumdisplay\.php\?" chain
SecFilter "\.system\(.+\)\."
SecFilterSelective REQUEST_URI "/forumdisplay\.php\?*comma="
SecFilterSelective REQUEST_URI "/ad_member\.php" chain
SecFilter "emailer\.php"
SecFilterSelective REQUEST_URI "/ipchat\.php*root_path*conf_global\.php"
SecFilterSelective REQUEST_URI  "/ipchat\.php" chain
SecFilter "conf_global\.php"
SecFilterSelective REQUEST_URI "/forums/index\.php\?act=.*&max_results=.*&filter=.*&sort_order=.*&sort_key=.*&st=*(UNION|SELECT|DELETE|INSERT)"
SecFilterSelective REQUEST_URI "/jportal/banner\.php*(UNION|SELECT|DELETE|INSERT)"
SecFilterSelective REQUEST_URI "/index\.php" chain
SecFilterSelective ARG_comment "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
SecFilterSelective REQUEST_URI "/index.php" chain
SecFilterSelective ARG_mid ".*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
SecFilterSelective THE_REQUEST "/index\.php\?act=Login&CODE=autologin.*((select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)|user\+AND\+MID\(password)"
SecFilterSelective REQUEST_URI "index\.php" chain
SecFilterSelective ARG_st "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
SecFilterSelective REQUEST_URI "calendar\.php\?calbirthdays=.*&action=.*&day=.*&comma=*(cd|\;|perl|python|rpm|yum|apt-get|emerge|lynx|links|mkdir|elinks|cmd|pwd|wget|lwp-(download|request|mirror|rget)|id|uname|cvs|svn|(r|s)sh|(s|r)cp|rexec|smbclient|t?ftp|ncftp|curl|telnet|gcc|cc|g\+\+|\./)"
SecFilterSelective REQUEST_URI "/calendar\.php\?calbirthdays=.*&action=getday&day=.*&comma=\x22;"
SecFilterSelective SCRIPT_FILENAME "export\.php$" chain
SecFilterSelective ARG_what "\.\."
SecFilterSelective REQUEST_URI "/css/phpmyadmin\.css\.php\?GLOBALS\[cfg\]\[ThemePath\]=/etc"
SecFilterSelective REQUEST_URI "/phpmyadmin/index\.php\?pma_username=*&pma_password=*&server=.*&lang=.*&convcharset=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
SecFilterSelective REQUEST_URI "/default\.php\?(error_message|info_message)=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
SecFilterSelective REQUEST_URI "/product_info\.php" chain
SecFilterSelective ARG_products_id  "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
SecFilterSelective REQUEST_URI "/relocate_server\.php"
SecFilterSelective REQUEST_URI "/theme\.php\?THEME_DIR=(http|https|ftp)/:/"
SecFilterSelective REQUEST_URI "/index\.php\?lang=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
SecFilterSelective THE_REQUEST "awstats" chain
SecFilterSelective ARGS "(pluginmode|loadplugin|debug|configdir|perl|cgi|chmod|exec|print)"
SecFilterSelective REQUEST_URI  "/awstats\.pl\?(configdir|update|pluginmode|cgi)=(\||echo|\:system\()"
SecFilterSelective REQUEST_URI  "/awstats\.pl\?(debug=1|pluginmode=rawlog\&loadplugin=rawlog|update=1\&logfile=\|)"
SecFilterSelective REQUEST_URI  "/awstats\.pl\?[^\r\n]*logfile=\|"
SecFilterSelective REQUEST_URI  "/awstats\.pl\?configdir="
SecFilterSelective REQUEST_URI  "awstats\.pl\?" chain
SecFilterSelective ARGS "(debug|configdir|perl|chmod|exec|print|cgi)"
SecFilterSelective THE_REQUEST  "/awstats\.pl HTTP\/(0\.9|1\.0|1\.1)$"
SecFilterSelective REQUEST_URI "/attachments\.php\?file=\.\./\.\."
SecFilterSelective REQUEST_URI "/include/main\.php\?config.*=.*&include_dir=(http|https|ftp)\:/"
SecFilterSelective REQUEST_URI "/admin\.php\?a=view&id=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]]+(from|into|table|database|index|view|select)"
SecFilterSelective REQUEST_URI "/view\.php\?s=.*&query=*&cat=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
SecFilterSelective THE_REQUEST "/view\.php" chain
SecFilterSelective ARG_t ".*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
SecFilterSelective REQUEST_URI "/index\.php.*func=*(\.\./|(http|https|ftp)\:/)"
SecFilterSelective REQUEST_URI "/modules\.php\?op=modload&name=Messages&file=readpmsg&start=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
SecFilterSelective REQUEST_URI "modules/Downloads/dl-viewdownload\.php" chain
SecFilterSelective ARG_show "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
SecFilterSelective REQUEST_URI "/modules/pn_bbcode/pnincludes/contrib/example\.php"
SecFilterSelective REQUEST_URI "/samples/news\.php\?DIR=(http|https|ftp)\:/"
SecFilterSelective THE_REQUEST "/order/orderwiz\.php\?v=.*&aid=.*(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|(http|https|ftp)\:/)"
SecFilterSelective REQUEST_URI "/wp-trackback\.php\?tb_id=*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
SecFilterSelective REQUEST_URI "/wp-trackback\.php" chain
SecFilterSelective ARG_tb_id "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
SecFilterSelective REQUEST_URI "/index\.php\?cat=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
SecFilterSelective REQUEST_URI  "/wordpress/" chain
SecFilterSelective ARG_cat "!^[0-9]*$"
SecFilterSelective ARG_cache_lastpostdate "<\?php"
SecFilterSelective REQUEST_URI  "/index\.php" chain
SecFilterSelective ARG_poll|ARG_category|ARG_ctg "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
SecFilterSelective REQUEST_URI "/index\.php\?&PHPSESSID=\'"
SecFilterSelective REQUEST_URI "/tellafriend\.php\?&product=\'"
SecFilterSelective REQUEST_URI "/view_cart\.php\?add=\'"
SecFilterSelective REQUEST_URI "/view_product\.php\?product=\'"
SecFilterSelective REQUEST_URI "/libraries/lib-xmlrpcs.inc\.php"
SecFilterSelective REQUEST_URI "/maintenance/maintenance-activation\.php"
SecFilterSelective REQUEST_URI "/maintenance/maintenance-cleantables\.php"
SecFilterSelective REQUEST_URI "/maintenance/maintenance-autotargeting\.php"
SecFilterSelective REQUEST_URI "/maintenance/maintenance-reports\.php"
SecFilterSelective REQUEST_URI "/misc/backwards\x20compatibility/phpads\.php"
SecFilterSelective REQUEST_URI "/misc/backwards\x20compatibility/remotehtmlview\.php"
SecFilterSelective REQUEST_URI "/misc/backwards\x20compatibility/click\.php"
SecFilterSelective REQUEST_URI "/adframe\.php\?*******=securityreason\.com\'\>"
SecFilterSelective REQUEST_URI  "/logout\.php" chain
SecFilterSelective ARG_sessiodID "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
SecFilterSelective THE_REQUEST "(/xmlrpc|.*xmlrpc_services)\.php" chain
SecFilterSelective POST_PAYLOAD "<methodName>blogger\.getUsersBlogs</methodName>" chain
SecFilter ".*\' AND ascii\(substring\(pass"
SecFilter "\<.*php .*\(.*\)\;system\(.*\).*php*\>"
#Slightly stronger version of the above
SecFilter "\<.*php .*\(.*\)\;(chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\).*php*\>"
SecFilterSelective REQUEST_URI "exit\.php\?entry_id=.*&url_id=.*\x20UNION\x20SELECT\x20(password|username)\x20FROM"
SecFilterSelective REQUEST_URI "/config\.php\?path\[docroot\]=((\.\./|(http|https|ftp)\:/)|.*(\.\./|(http|https|ftp)\:/))"
SecFilterSelective THE_REQUEST "/index\.php\?homeinclude=catalog&category_id=&parent_id=.*" chain
SecFilter "<[[:space:]]*(href|script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome|a)[[:space:]]*>"
SecFilterSelective REQUEST_URI  "/index\.php" chain
SecFilterSelective ARG_campaign_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
# SON
</IfModule>
alıntıdır.

ModSecurity 2 x içindir
 
Cevap yazmak için giriş yap yada kayıt ol.
Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.