Linux Cpanel Sunucu sahipleri icin mod_security kural zinciri

_EroS_ · 10 Eyl 2012

Linux sunucular icin script aciklarini kapatmaniz icin saglam bir onlem size.: ) Herkezin bildigi gibi genelde yeni site acanlar veya yazilim, tasarim konusunda bilgisi olmayanlar free yazilimlari kullanmaktalar. Buda basli basina bir sorun olusturmakta.

Mod Securityi sunucunuza kurduktan sonra assagida ki kural zincirini ekleyiniz.

Kod:

<IfModule mod_security.c> # Başlangıç # THT _EroS_ # Mod_security kural zinciri 2012 # --------------------------------------------------------------------------- SecFilterEngine On SecFilterCheckURLEncoding Off SecFilterCheckUnicodeEncoding Off SecFilterForceByteRange 0 255 SecAuditEngine RelevantOnly SecAuditLog logs/audit_log SecFilterDebugLog logs/modsec_debug_log SecFilterDebugLevel 0 SecFilterDefaultAction "deny,log,status:406" SecFilterSelective REMOTE_ADDR "^127.0.0.1$" nolog,allow Secfilter "sbin/" SecFilter "eggz" SecFilter "eggdrop" SecFilter "psybnc" SecFilter "udp.pl" SecFilter "bindtty" SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$" SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$" Include "/usr/local/apache/conf/modsec.user.conf" SecFilterSelective THE_REQUEST "dc.pl " SecFilterSelective THE_REQUEST "wget " SecFilterSelective THE_REQUEST "act=tools" SecFilterSelective THE_REQUEST "act=gof" SecFilterSelective THE_REQUEST "act=ls" SecFilterSelective THE_REQUEST "act=mk" SecFilterSelective THE_REQUEST "act=f&" SecFilterSelective THE_REQUEST "act=sql" SecFilterSelective THE_REQUEST "act=gofile" SecFilterSelective THE_REQUEST "act=mkdir" SecFilterSelective THE_REQUEST "act=ftpquickbrute" SecFilterSelective THE_REQUEST "act=d" SecFilterSelective THE_REQUEST "act=phpinfo" SecFilterSelective THE_REQUEST "act=security" SecFilterSelective THE_REQUEST "act=makefile" SecFilterSelective THE_REQUEST "act=encoder" SecFilterSelective THE_REQUEST "act=fsbuff" SecFilterSelective THE_REQUEST "act=selfremove" SecFilterSelective THE_REQUEST "act=update" SecFilterSelective THE_REQUEST "act=feedback" SecFilterSelective THE_REQUEST "act=search" SecFilterSelective THE_REQUEST "act=chmod" SecFilterSelective THE_REQUEST "act=upload " SecFilterSelective THE_REQUEST "act=delete" SecFilterSelective THE_REQUEST "act=paste" SecFilterSelective THE_REQUEST "act=copy" SecFilterSelective THE_REQUEST "act=cut" SecFilterSelective THE_REQUEST "act=unselect " SecFilterSelective THE_REQUEST "act=cmd" SecFilterSelective THE_REQUEST "act=tools" SecFilterSelective THE_REQUEST "act=eval" SecFilterSelective THE_REQUEST "act=f" SecFilterSelective THE_REQUEST "&s=r&cmd=dir&dir=." SecFilterSelective THE_REQUEST "&s=r&cmd=con" SecFilterSelective THE_REQUEST "INSERT%20INTO" SecFilterSelective THE_REQUEST "SELECT%20" SecFilterSelective THE_REQUEST "root=" SecFilterSelective THE_REQUEST "phpshell.php " SecFilterSelective THE_REQUEST "r57.php " SecFilterSelective THE_REQUEST "c99.php " SecFilterSelective THE_REQUEST "cc.php" SecFilterSelective THE_REQUEST "a.php " SecFilterSelective THE_REQUEST "x.php " SecFilterSelective THE_REQUEST "indian.php " SecFilterSelective THE_REQUEST "zh.php " SecFilterSelective THE_REQUEST "rulez.php " SecFilterSelective THE_REQUEST "r57.php;jpg " SecFilterSelective THE_REQUEST "zehir.php;jpg " SecFilterSelective THE_REQUEST "lynx " SecFilterSelective THE_REQUEST "scp " SecFilterSelective THE_REQUEST "ftp " SecFilterSelective THE_REQUEST "cvs " SecFilterSelective THE_REQUEST "rcp " SecFilterSelective THE_REQUEST "curl " SecFilterSelective THE_REQUEST "telnet " SecFilterSelective THE_REQUEST "perl " SecFilterSelective THE_REQUEST "b0t.tmp " SecFilterSelective THE_REQUEST "bt.pl " SecFilterSelective THE_REQUEST "aron.pl " SecFilterSelective THE_REQUEST "fetch " SecFilterSelective THE_REQUEST "ssh " SecFilterSelective THE_REQUEST "echo " SecFilterSelective THE_REQUEST "links -dump " SecFilterSelective THE_REQUEST "links -dump-charset " SecFilterSelective THE_REQUEST "links -dump-width " SecFilterSelective THE_REQUEST "links http:// " SecFilterSelective THE_REQUEST "links ftp:// " SecFilterSelective THE_REQUEST "links -source " SecFilterSelective THE_REQUEST "mkdir " SecFilterSelective THE_REQUEST "cd /tmp " SecFilterSelective THE_REQUEST "cd /var/tmp " SecFilterSelective THE_REQUEST "cd /tmp/ " SecFilterSelective THE_REQUEST "cd /var/tmp/ " SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy " SecFilterSelective THE_REQUEST "/config.php?v=1&DIR " SecFilterSelective THE_REQUEST "&highlight=%2527%252E " SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php " SecFilterSelective THE_REQUEST "arta\.zip " SecFilterSelective THE_REQUEST "cmd=cd\x20/var " SecFilterSelective THE_REQUEST "cmd=cd\x20/tmp " SecFilterSelective THE_REQUEST "cmd=cd\x20/var/tmp " SecFilterSelective THE_REQUEST "cmd=cd\x20/tmp/ " SecFilterSelective THE_REQUEST "cmd=cd\x20/var/tmp/ " SecFilterSelective THE_REQUEST "HCL_path=http " SecFilterSelective THE_REQUEST "clamav-partial " SecFilterSelective THE_REQUEST "vi\.recover " SecFilterSelective THE_REQUEST "netenberg " SecFilterSelective THE_REQUEST "psybnc " SecFilterSelective THE_REQUEST "fantastico_de_luxe " SecFilterSelective THE_REQUEST "tool.gif?cmd " SecFilterSelective THE_REQUEST "rm -rf " SecFilterSelective THE_REQUEST "\.htaccess" SecFilterSelective THE_REQUEST "cd\.\." SecFilterSelective THE_REQUEST "///cgi-bin" SecFilterSelective THE_REQUEST "/cgi-bin///" SecFilterSelective THE_REQUEST "/~root" SecFilterSelective THE_REQUEST "/~ftp" SecFilterSelective THE_REQUEST "/htgrep" chain SecFilterSelective THE_REQUEST "/htgrep" log,pass SecFilterSelective THE_REQUEST "/\.history" SecFilterSelective THE_REQUEST "/\.bash_history" SecFilterSelective THE_REQUEST "/~nobody" SecFilterSelective THE_REQUEST "<script" SecFilterSelective THE_REQUEST "psybnc" SecFilterSelective THE_REQUEST "cmd=cd\x20/var" SecFilterSelective THE_REQUEST "dir=http" SecFilterSelective THE_REQUEST "\?STRENGUR" SecFilterSelective THE_REQUEST "/etc/motd" SecFilterSelective THE_REQUEST "/etc/passwd" SecFilterSelective THE_REQUEST "conf/httpd\.conf" SecFilterSelective THE_REQUEST "/bin/ps" SecFilterSelective THE_REQUEST "bin/tclsh" SecFilterSelective THE_REQUEST "tclsh8\x20" SecFilterSelective THE_REQUEST "udp\.pl" SecFilterSelective THE_REQUEST "linuxdaybot\.txt" SecFilterSelective THE_REQUEST "wget\x20" SecFilterSelective THE_REQUEST "bin/nasm" SecFilterSelective THE_REQUEST "nasm\x20" SecFilterSelective THE_REQUEST "/usr/bin/perl" SecFilterSelective THE_REQUEST "links -dump " SecFilterSelective THE_REQUEST "links -dump-(charset|width) " SecFilterSelective THE_REQUEST "links (http|https|ftp)\:/" SecFilterSelective THE_REQUEST "links -source " SecFilterSelective THE_REQUEST "cd\x20/(tmp|var/tmp|etc/httpd/proxy|dev/shm)" SecFilterSelective THE_REQUEST "cd\.\." SecFilterSelective THE_REQUEST "///cgi-bin" SecFilterSelective THE_REQUEST "/cgi-bin///" SecFilterSelective THE_REQUEST "/~named(/| HTTP\/(0\.9|1\.0|1\.1)$)" SecFilterSelective THE_REQUEST "/~guest(/| HTTP\/(0\.9|1\.0|1\.1)$)" SecFilterSelective THE_REQUEST "/~logs(/| HTTP\/(0\.9|1\.0|1\.1)$)" SecFilterSelective THE_REQUEST "/~sshd(/| HTTP\/(0\.9|1\.0|1\.1)$)" SecFilterSelective THE_REQUEST "/~ftp(/| HTTP\/(0\.9|1\.0|1\.1)$)" SecFilterSelective THE_REQUEST "/~bin(/| HTTP\/(0\.9|1\.0|1\.1)$)" SecFilterSelective THE_REQUEST "/~nobody(/| HTTP\/(0\.9|1\.0|1\.1)$)" SecFilterSelective THE_REQUEST "/\.history HTTP\/(0\.9|1\.0|1\.1)$" SecFilterSelective THE_REQUEST "/\.bash_history HTTP\/(0\.9|1\.0|1\.1)$" SecFilterSelective REQUEST_URI "/nessus_is_probing_you_" SecFilterSelective REQUEST_URI "/NessusTest" SecFilter "javascript\://" SecFilter "img src=javascript" SecFilter "_PHPLIB\[libdir\]" SecFilter "hdr=/" SecFilter '$path."*"' SecFilterSelective THE_REQUEST "\<IMG.*/\bonerror\b[\s]*=/Ri" SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]text\/javascript/i" SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]application\/x-javascript/i" SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]text\/jscript/i" SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]text\/vbscript/i" SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]application\/x-vbscript/i" SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]text\/ecmascript/i" SecFilterSelective THE_REQUEST "STYLE[\s]*=[\s]*[^>]expression[\s]*\(/i" SecFilterSelective THE_REQUEST "[\s]*expression[\s]*\([^}]}[\s]*<\/STYLE>/i" SecFilterSelective THE_REQUEST "<!\[CDATA\[<\]\]>SCRIPT" SecFilterSelective THE_REQUEST "Content-Type\:.*(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=|javascript\:)" SecFilterSelective REQUEST_METHOD "^POST$" chain SecFilterSelective HTTP_Content-Length "^$" SecFilterSelective HTTP_Transfer-Encoding "!^$" SecFilter "(cmd|command)=(cd|\;|perl |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(download|request|mirror|rget) |id|uname|cvs |svn |(s|r)(cp|sh) |net(stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z|A-Z])" SecFilterSelective REQUEST_URI "\.php\?" chain SecFilter "(http|https|ftp)\:/" chain SecFilter "(cmd|command)=.*(cd|\;|perl |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(download|request|mirror|rget) |id|uname|cvs |svn |(s|r)(cp|sh) |net(stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z|A-Z])" SecFilterSelective THE_REQUEST "(/xmlrpc|.*xmlrpc_services)\.php" chain SecFilter "(\<xml|\<.*xml)" chain SecFilter "(echo( |$|\').*\;|chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*$\;" SecFilterSelective THE_REQUEST "(/xmlrpc|.*xmlrpc_services)\.php" chain SecFilter "<methodName>.*</methodName>.*<value><string>.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view).*methodName\>" SecFilterSelective REQUEST_URI "/index\.php\?option=com_content&task=vote&id=.*&Itemid=.*&cid=.*&user_rating=.*\((select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+(from|into|table|database|index|view)" SecFilterSelective REQUEST_URI "/content\.php" chain SecFilterSelective ARG_user_rating ".*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)" SecFilterSelective ARG_mosConfig_absolute_path "(\.\./\.\.|/|(http|https|ftp)\:/)" SecFilterSelective REQUEST_URI "/index(2?)\.php\?.*mosConfig_absolute_path=(http|https|ftp)\:\/" SecFilterSelective REQUEST_URI "/emailfriend/(emailarticle|emailfaq|emailnews)\.php\?id=\"(\<script|(http|https|ftp)\:/)" SecFilterSelective REQUEST_URI "/posting\.php\?mode=reply\&t=.*userid.*phpbb2mysql_t=(<[[:space:]]*script|(http|https|ftp)\:/)" SecFilterSelective REQUEST_URI "/posting\.php\\?.*(<[[:space:]]*script|(http|https|ftp)\:/)" SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php" SecFilter "^/viewtopic\.php\?" chain SecFilter "chr$([0-9]{1,3})$" SecFilterSelective THE_REQUEST "viewtopic\.php" chain SecFilterSelective "THE_REQUEST|ARG_VALUES" "(passthru|cmd|fopen|exit|fwrite)" SecFilter "phpbb_root_path=" SecFilterSelective THE_REQUEST "/calendar_scheduler\.php\?start=(<[[:space:]]*script|(http|https|ftp)\:/)" SecFilterSelective REQUEST_URI "/groupcp\.php\?g=.*sid=\'" SecFilterSelective REQUEST_URI "/index\.php\?(c|mark)=*\'" SecFilterSelective REQUEST_URI "/forums\.php\?(c|mark)=*\'" SecFilterSelective REQUEST_URI "/forum\.php\?(c|mark)=*\'" SecFilterSelective REQUEST_URI "/portal\.php\?article=*\'" SecFilterSelective REQUEST_URI "/viewforum.php?f=.*sid=\'" SecFilterSelective REQUEST_URI "/viewtopic.php?p=.*sid=\'" SecFilterSelective REQUEST_URI "/album_search\.php\?mode=\'" SecFilterSelective REQUEST_URI "/album_cat\.php\?cat_id=.*sid=\'" SecFilterSelective REQUEST_URI "/album_comment\.php\?pic_id=.*sid=\'" SecFilterSelective REQUEST_URI "calendar_scheduler\.php\?d=.*&mode=&start=\'\">" SecFilterSelective REQUEST_URI "/profile\.php\?mode=viewprofile&u=.*((script|script|about|applet|activex|chrome)\>|html|(http|https|ftp)\:/)" SecFilterSelective REQUEST_URI "/viewtopic\.php\?p=.*&highlight=.*((script|script|about|applet|activex|chrome)\>|html|(http|https|ftp)\:/)" SecFilterSelective COOKIE_sessionid "phpbb2mysql_data=a\x3A2\x3A\x7Bs\x3A11\x3A\x22autologinid\x22\x3Bb\x3A1\x3Bs\x3A6\x3A\x22userid\x22\x3Bs\x3A1\x3A\x222\x22\x3B\x7D" SecFilter "phpbb2mysql_data=a\x3A2\x3A\x7Bs\x3A11\x3A\x22autologinid\x22\x3Bb\x3A1\x3Bs\x3A6\x3A\x22userid\x22\x3Bs\x3A1\x3A\x222\x22\x3B\x7D" SecFilterSelective SCRIPT_FILENAME "viewtopic\.php$" chain SecFilterSelective ARG_highlight "%27" SecFilter "&highlight=\'\.fwrite$fopen\(" SecFilter "&highlight=\x2527\x252Esystem\(" SecFilter "&highlight=\'\.mysql_query\(" SecFilterSelective THE_REQUEST "/quick-reply\.php" chain SecFilterSelective THE_REQUEST "(\;|\&)highlight=\'\.system\(" SecFilterSelective THE_REQUEST "&highlight=\'\.mysql_query\(" SecFilterSelective THE_REQUEST "&highlight=\'\.fwrite\(fopen\(" SecFilterSelective THE_REQUEST "&highlight=%2527%252E" SecFilterSelective THE_REQUEST "&highlight=\x2527\x252Esystem\(" SecFilterSelective THE_REQUEST "/viewtopic\.php\?.*(highlight.*(\'\.|\x2527|\x27)|include\(.*GET\[.*\]$|=(http|https|ftp)\:/|(printf|system)$)" SecFilterSelective REQUEST_URI "profile\.php\?GLOBALS\[signature_bbcode_uid\]=\(\.\x2B$/e\x00" SecFilterSelective REQUEST_URI|POST_PAYLOAD "r57phpBB2017xpl" SecFilterSelective REQUEST_URI|POST_PAYLOAD "chinaman" SecFilterSelective POST_PAYLOAD "[EMAIL="_bill_gates@microsoft\.com"]_bill_gates@microsoft\.com[/EMAIL]" SecFilterSelective THE_REQUEST "/admin/admin_forums\.php\?sid=.*" chain SecFilter "(forumname|forumdesc)=*\<[[:space:]]*(script|about|applet|activex|chrome)" SecFilterSelective REQUEST_URI "usercp_register\.php" chain SecFilterSelective ARG_error_msg "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>" SecFilterSelective REQUEST_URI "login\.php" chain SecFilterSelective ARG_forward_page "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>" SecFilterSelective REQUEST_URI "search\.php" chain SecFilterSelective ARG_list_cat "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>" SecFilterSelective REQUEST_URI "usercp_register\.php" chain SecFilterSelective ARG_signature_bbcode_uid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)" SecFilterSelective ARG_signature_bbcode_uid "(<.*php|<php)" SecFilterSelective REQUEST_URI "/downloads\.php\?cat=.*(UNION|SELECT|delete|insert)*user_password.*phpbb_users" SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain SecFilterSelective ARG_email "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)" SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain SecFilterSelective ARG_ratenum "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)" SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain SecFilterSelective ARG_min "(dselect|grant|elete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)" SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain SecFilterSelective ARG_show "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)" SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain SecFilterSelective ARG_orderby "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)" SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain SecFilterSelective ARG_url "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)" SecFilterSelective SCRIPT_FILENAME "kargo\.php$" chain SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain SecFilterSelective ARG_email "(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+(from|into|table|database|index|view)" SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain SecFilterSelective ARG_ratenum "(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+(from|into|table|database|index|view)" SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain SecFilterSelective ARG_min "(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+(from|into|table|database|index|view)" SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain SecFilterSelective ARG_show "(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+(from|into|table|database|index|view)" SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain SecFilterSelective ARG_orderby "(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+(from|into|table|database|index|view)" SecFilterSelective SCRIPT_FILENAME "modules\.php$" chain SecFilterSelective ARG_url "(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+(from|into|table|database|index|view)" SecFilterSelective REQUEST_URI "/modules\.php\?*name=*\<*(script|about|applet|activex|chrome)*\>" SecFilterSelective REQUEST_URI "/modules\.php\?op=modload&name=News&file=article&sid=*\<*(script|about|applet|activex|chrome)*\>" SecFilterSelective REQUEST_URI "/modules\.php\?name=Search&type=comments&query=.*&instory=.*UNION.*SELECT.*pwd.*FROM.*nuke_authors" SecFilterSelective REQUEST_URI "/modules\.php\?*name=Search*instory=" SecFilterSelective REQUEST_URI "/modules\.php\?*name=(Search|Web_Links).*\'" SecFilterSelective THE_REQUEST "/modules\.php\?*name=<[[:space:]]*script" SecFilterSelective THE_REQUEST "/modules\.php\?name=Bookmarks\&file=(del_cat\&catname|del_mark\&markname|edit_cat\&catname|edit_cat\&catcomment|marks\&catname|uploadbookmarks\&category)=(<[[:space:]]*script|(http|https|ftp)\:/)" SecFilterSelective THE_REQUEST "modules\.php\?name=Bookmarks\&file=marks\&catname=.*\&category=.*/\*\*/(union|select|delete|insert)" SecFilterSelective THE_REQUEST "/index\.php*file=*(http|https|ftp)" SecFilterSelective THE_REQUEST "/modules\.php\?*name=Search*instory=" SecFilterSelective THE_REQUEST "/modules\.php*name=Forums.*file=viewtopic*/forum=.*\'/" SecFilterSelective REQUEST_URI "/banners\.php\?op=EmailStats&name=.*&bid=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)" SecFilterSelective REQUEST_URI "/modules\.php\?name=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)" SecFilterSelective REQUEST_URI "/modules\.php\?name=Search&author=.*&topic=.*&min.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)" SecFilterSelective REQUEST_URI "/modules\.php\?name=FAQ&.*=.*&id_cat=.*&categories=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)" SecFilterSelective REQUEST_URI "/modules\.php\?name=Kose_Yazarlari&.*=.*&id_cat=.*&categories=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)" SecFilterSelective REQUEST_URI "/modules\.php\?op=EmailStats&login=.*&cid=.*&bid=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)" SecFilterSelective REQUEST_URI "/modules\.php\?op=Duyurular&login=.*&cid=.*&bid=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)" SecFilterSelective REQUEST_URI "/modules\.php\?name=Encyclopedia&file=.*&op=.*&eid.*1&ltr=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)" SecFilterSelective REQUEST_URI "/modcp/announcement\.php" chain SecFilterSelective REQUEST_URI "/modcp/announcement\.php"?*id=" SecFilterSelective REQUEST_URI "/joinrequests\.php" chain SecFilter "do=processjoinrequests&usergroupid=.*&request.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]" SecFilterSelective REQUEST_URI "/admincp/user\.php" chain SecFilterSelective REQUEST_URI "/haberler/.php"?*id=" SecFilter "do=find&orderby=username&limit.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]" SecFilterSelective REQUEST_URI "/admincp/(usertitle|usertools)\.php" chain SecFilter "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]" SecFilter "do=update&announcementid=.*&start=.*&end=.*&announcement.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]" SecFilterSelective REQUEST_URI "/admincp/admincalendar\.php" chain SecFilter "do=update&calendarid=.*&calendar\[.*\]=.*&calendar.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]" SecFilterSelective REQUEST_URI "/admincp/email\.php" chain SecFilter "do=makelist&user\[.*\].*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]" SecFilterSelective REQUEST_URI "/admincp/help\.php" chain SecFilter "do=doedit&help\[.*\]=.*&help\[.*\].*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]" SecFilterSelective REQUEST_URI "admincp/language\.php" chain SecFilter "do=update&rvt\[.*\].*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]" SecFilterSelective REQUEST_URI "/admincp/phrase\.php" chain SecFilter "do=completeorphans&keep\[.*\].*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]" SecFilterSelective REQUEST_URI "calendar\.php\?calbirthdays=.*&action=.*&day=.*&comma=*(cd|\;|perl|python|rpm|yum|apt-get|emerge|lynx|links|mkdir|elinks|cmd|pwd|wget|lwp-(download|request|mirror|rget)|id|uname|cvs|svn|(r|s)sh|(s|r)cp|rexec|smbclient|t?ftp|ncftp|curl|telnet|gcc|cc|g\+\+|\./)" SecFilterSelective REQUEST_URI "/forumdisplay\.php\?*comma=" SecFilterSelective REQUEST_URI "/forumdisplay\.php\?*f=" SecFilterSelective REQUEST_URI "/ad_member\.php" chain SecFilterSelective REQUEST_URI "/calendar\.php\?calbirthdays=.*&action=getday&day=.*&comma=\x22;" SecFilterSelective REQUEST_URI "/forumdisplay\.php?[^\r\n]*comma=[^\r\n\x26]*system\x28.*\x29/Ui" SecFilterSelective REQUEST_URI "/forumdisplay\.php\?" chain SecFilter "\.system$.+$\." SecFilter "gonder\.php" SecFilter "emailer\.php" SecFilterSelective REQUEST_URI "/ipchat\.php*root_path*conf_global\.php" SecFilterSelective REQUEST_URI "/ipchat\.php" chain SecFilter "conf_global\.php" SecFilterSelective REQUEST_URI "/forums/index\.php\?act=.*&max_results=.*&filter=.*&sort_order=.*&sort_key=.*&st=*(UNION|SELECT|DELETE|INSERT)" SecFilterSelective REQUEST_URI "/jportal/banner\.php*(UNION|SELECT|DELETE|INSERT)" SecFilterSelective REQUEST_URI "/index\.php" chain SecFilterSelective ARG_comment "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)" SecFilterSelective REQUEST_URI "/index.php" chain SecFilterSelective ARG_mid ".*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)" SecFilterSelective THE_REQUEST "/index\.php\?act=Login&CODE=autologin.*((select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)|user\+AND\+MID\(password)" SecFilterSelective REQUEST_URI "index\.php" chain SecFilterSelective ARG_st "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)" SecFilterSelective REQUEST_URI "calendar\.php\?calbirthdays=.*&action=.*&day=.*&comma=*(cd|\;|perl|python|rpm|yum|apt-get|emerge|lynx|links|mkdir|elinks|cmd|pwd|wget|lwp-(download|request|mirror|rget)|id|uname|cvs|svn|(r|s)sh|(s|r)cp|rexec|smbclient|t?ftp|ncftp|curl|telnet|gcc|cc|g\+\+|\./)" SecFilterSelective REQUEST_URI "/calendar\.php\?calbirthdays=.*&action=getday&day=.*&comma=\x22;" SecFilterSelective SCRIPT_FILENAME "export\.php$" chain SecFilterSelective ARG_what "\.\." SecFilterSelective REQUEST_URI "/css/phpmyadmin\.css\.php\?GLOBALS\[cfg\]\[ThemePath\]=/etc" SecFilterSelective REQUEST_URI "/phpmyadmin/index\.php\?pma_username=*&pma_password=*&server=.*&lang=.*&convcharset=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)" SecFilterSelective REQUEST_URI "/default\.php\?(error_message|info_message)=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)" SecFilterSelective REQUEST_URI "/product_info\.php" chain SecFilterSelective ARG_products_id "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]" SecFilterSelective REQUEST_URI "/relocate_server\.php" SecFilterSelective REQUEST_URI "/theme\.php\?THEME_DIR=(http|https|ftp)/:/" SecFilterSelective REQUEST_URI "/index\.php\?lang=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)" SecFilterSelective THE_REQUEST "awstats" chain SecFilterSelective ARGS "(pluginmode|loadplugin|debug|configdir|perl|cgi|chmod|exec|print)" SecFilterSelective REQUEST_URI "/awstats\.pl\?(configdir|update|pluginmode|cgi)=(\||echo|\:system\()" SecFilterSelective REQUEST_URI "/awstats\.pl\?(debug=1|pluginmode=rawlog\&loadplugin=rawlog|update=1\&logfile=\|)" SecFilterSelective REQUEST_URI "/awstats\.pl\?[^\r\n]*logfile=\|" SecFilterSelective REQUEST_URI "/awstats\.pl\?configdir=" SecFilterSelective REQUEST_URI "awstats\.pl\?" chain SecFilterSelective ARGS "(debug|configdir|perl|chmod|exec|print|cgi)" SecFilterSelective THE_REQUEST "/awstats\.pl HTTP\/(0\.9|1\.0|1\.1)$" SecFilterSelective REQUEST_URI "/attachments\.php\?file=\.\./\.\." SecFilterSelective REQUEST_URI "/include/main\.php\?config.*=.*&include_dir=(http|https|ftp)\:/" SecFilterSelective REQUEST_URI "/admin\.php\?a=view&id=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]]+(from|into|table|database|index|view|select)" SecFilterSelective REQUEST_URI "/view\.php\?s=.*&query=*&cat=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)" SecFilterSelective THE_REQUEST "/view\.php" chain SecFilterSelective ARG_t ".*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)" SecFilterSelective REQUEST_URI "/index\.php.*func=*(\.\./|(http|https|ftp)\:/)" SecFilterSelective REQUEST_URI "/modules\.php\?op=modload&name=Messages&file=readpmsg&start=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)" SecFilterSelective REQUEST_URI "modules/Downloads/dl-viewdownload\.php" chain SecFilterSelective ARG_show "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)" SecFilterSelective REQUEST_URI "/modules/pn_bbcode/pnincludes/contrib/example\.php" SecFilterSelective REQUEST_URI "/samples/news\.php\?DIR=(http|https|ftp)\:/" SecFilterSelective THE_REQUEST "/order/orderwiz\.php\?v=.*&aid=.*(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|(http|https|ftp)\:/)" SecFilterSelective REQUEST_URI "/wp-trackback\.php\?tb_id=*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)" SecFilterSelective REQUEST_URI "/wp-trackback\.php" chain SecFilterSelective ARG_tb_id "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)" SecFilterSelective REQUEST_URI "/index\.php\?cat=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)" SecFilterSelective REQUEST_URI "/wordpress/" chain SecFilterSelective ARG_cat "!^[0-9]*$" SecFilterSelective ARG_cache_lastpostdate "<\?php" SecFilterSelective REQUEST_URI "/index\.php" chain SecFilterSelective ARG_poll|ARG_category|ARG_ctg "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)" SecFilterSelective REQUEST_URI "/index\.php\?&PHPSESSID=\'" SecFilterSelective REQUEST_URI "/listeler\.php" chain SecFilterSelective REQUEST_URI "/urunler\.php" chain SecFilterSelective REQUEST_URI "/tellafriend\.php\?&product=\'" SecFilterSelective REQUEST_URI "/view_cart\.php\?add=\'" SecFilterSelective REQUEST_URI "/view_product\.php\?product=\'" SecFilterSelective REQUEST_URI "/libraries/lib-xmlrpcs.inc\.php" SecFilterSelective REQUEST_URI "/maintenance/maintenance-activation\.php" SecFilterSelective REQUEST_URI "/maintenance/maintenance-cleantables\.php" SecFilterSelective REQUEST_URI "/maintenance/maintenance-autotargeting\.php" SecFilterSelective REQUEST_URI "/maintenance/maintenance-reports\.php" SecFilterSelective REQUEST_URI "/misc/backwards\x20compatibility/phpads\.php" SecFilterSelective REQUEST_URI "/misc/backwards\x20compatibility/remotehtmlview\.php" SecFilterSelective REQUEST_URI "/misc/backwards\x20compatibility/click\.php" SecFilterSelective REQUEST_URI "/adframe\.php\?*******=securityreason\.com\'\>" SecFilterSelective REQUEST_URI "/bankalar\.php\?add=\'" SecFilterSelective REQUEST_URI "/logout\.php" chain SecFilterSelective ARG_sessiodID "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)" SecFilterSelective THE_REQUEST "(/xmlrpc|.*xmlrpc_services)\.php" chain SecFilterSelective POST_PAYLOAD "<methodName>blogger\.getUsersBlogs</methodName>" chain SecFilter ".*\' AND ascii$substring\(pass" SecFilter "\<.*php .*\(.*$\;system$.*$.*php*\>" #Slightly stronger version of the above SecFilter "\<.*php .*$.*$\;(chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)$.*$.*php*\>" SecFilterSelective REQUEST_URI "exit\.php\?entry_id=.*&url_id=.*\x20UNION\x20SELECT\x20(password|username)\x20FROM" SecFilterSelective REQUEST_URI "/config\.php\?path\[docroot\]=((\.\./|(http|https|ftp)\:/)|.*(\.\./|(http|https|ftp)\:/))" SecFilterSelective THE_REQUEST "/index\.php\?homeinclude=catalog&category_id=&parent_id=.*" chain SecFilter "<[[:space:]]*(href|script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome|a)[[:space:]]*>" SecFilterSelective REQUEST_URI "/index\.php" chain SecFilterSelective ARG_campaign_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)" ####### Bitti </IfModule>

KanHeLHacK · 10 Eyl 2012

ben linux mint-maya kullanıyorum onun içinde geçerlimi ??

Linux Cpanel Sunucu sahipleri icin mod_security kural zinciri

_EroS_

Yaşayan Forum Efsanesi

KanHeLHacK

Katılımcı Üye

Sosyal medya sayfalarımız