Gecko [ explonortespa.com ]

Linux bear.hostingplus.cl 4.18.0-513.18.1.lve.2.el8.x86_64 #1 SMP Sat Mar 30 15:36:11 UTC 2024 x86_64
LiteSpeed
Server IP : 192.140.57.17 & Your IP : 216.73.216.28
Domains : Cant Read [ /etc/named.conf ]
User : explo

Name	Size	Permission	Date
104-TYPO3-MAGENTO-EXCLUSION-RULES.conf	471 B	-rw-r--r--	2026-03-08 01:29
400-BITNINJA-INITIALIZATION.conf	3.04 KB	-rw-r--r--	2026-03-08 01:29
400030-status.conf	241 B	-rw-r-----	2024-07-30 15:17
401-WORDPRESS-BACKDOOR-PROTECTION.conf	2.73 KB	-rw-r--r--	2026-03-08 01:29
402-DRUPAL-REMOTE-EXECUTION-PROTECTION.conf	1.8 KB	-rw-r--r--	2026-03-08 01:29
403-MODX-REVOLUTION-REMOETE-EXECUTION-PROTECTION.conf	455 B	-rw-r--r--	2026-03-08 01:29
404-SCANNER-PROTECTION.conf	1.85 KB	-rw-r--r--	2026-03-08 01:29
405-MAGENTO-REMOTE-EXECUTION-PROTECTION.conf	4.62 KB	-rw-r--r--	2026-03-08 01:29
406-WORDPRESS-PLUGIN-VULNERABILITY-PROTECTION.conf	28.08 KB	-rw-r--r--	2026-03-08 01:29
407-BOTNET-PROTECTION.conf	1.25 KB	-rw-r--r--	2026-03-08 01:29
408-SYMFONY-PROTECTION-BN.conf	531 B	-rw-r--r--	2026-03-08 01:29
409-ANTIMALWARE-PROTECTION-BN.conf	20.06 KB	-rw-r--r--	2026-03-08 01:29
410-OTHER-BN.conf	13.95 KB	-rw-r--r--	2026-03-08 01:29
419-REQUEST-BLOCKING-EVALUATION-BN.conf	1.57 KB	-rw-r--r--	2026-03-08 01:29
botnet-post-request.data	80 B	-rw-r--r--	2026-03-08 01:29
malware-endpoints.data	450 B	-rw-r--r--	2026-03-08 01:29
web-shell-uri.data	195 B	-rw-r--r--	2026-03-08 01:29

Rename

SecRule REQUEST_FILENAME "^.*\/[a-z]{8}\.php$" \
"chain,\
phase:2,\
id:407001,\
t:none,\
auditlog,\
block,\
severity:CRITICAL,\
msg:'Protection against HEXA botnet',\
logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
	SecRule REQUEST_HEADERS:Content-Type ^application/x-www-form-urlencoded$ "t:lowercase,chain"
	SecRule &ARGS_POST "@eq 1" "chain"
	SecRule ARGS_POST "^[0-9a-fA-F]+$" "chain"
	SecRule REQUEST_BODY_LENGTH "@gt 2000" \
	 "setvar:tx.bn_inbound_found=+1"
SecRule ARGS|REQUEST_HEADERS|REQUEST_URI|REQUEST_BODY|REQUEST_COOKIES|REQUEST_LINE|QUERY_STRING "jndi:ldap:|jndi:dns:|jndi:rmi:|jndi:rni:|\${jndi:" \
"phase:1, \
 id:407002, \
 t:none, \
 deny, \
 status:403, \
 log, \
 auditlog, \
 msg:'DVT: CVE-2021-44228 - deny known \"jndi:\" pattern', \
 severity:'2', \
 rev:1, \
 tag:'no_ar',\
 setvar:'tx.bn_inbound_found=+1'"
SecRule ARGS|REQUEST_HEADERS|REQUEST_URI|REQUEST_BODY|REQUEST_COOKIES|REQUEST_LINE|QUERY_STRING  "jndi:ldap:|jndi:dns:|jndi:rmi:|jndi:rni:|\${jndi:" \
"phase:2, \
 id:407003, \
 t:none, \
 deny, \
 status:403, \
 log, \
 auditlog, \
 msg:'DVT: CVE-2021-44228 - deny known \"jndi:\" pattern', \
 severity:'2', \
 rev:1, \
 tag:'no_ar',\
 setvar:'tx.bn_inbound_found=+1'"