Linux bear.hostingplus.cl 4.18.0-513.18.1.lve.2.el8.x86_64 #1 SMP Sat Mar 30 15:36:11 UTC 2024 x86_64
LiteSpeed
Server IP : 192.140.57.17 & Your IP : 216.73.216.28
Domains :
Cant Read [ /etc/named.conf ]
User : explo
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
opt /
bitninja-waf /
etc /
crs /
rules /
Delete
Unzip
Name
Size
Permission
Date
Action
REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example
7.3
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-901-INITIALIZATION.conf
9.8
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
12.59
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf
18.22
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-905-COMMON-EXCEPTIONS.conf
1.37
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-910-IP-REPUTATION.conf
9.92
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-911-METHOD-ENFORCEMENT.conf
2.62
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-912-DOS-PROTECTION.conf
9.05
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-913-SCANNER-DETECTION.conf
7.49
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-920-PROTOCOL-ENFORCEMENT.conf
47.59
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-921-PROTOCOL-ATTACK.conf
12.32
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-930-APPLICATION-ATTACK-LFI.conf
6.31
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-931-APPLICATION-ATTACK-RFI.conf
5.64
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-932-APPLICATION-ATTACK-RCE.conf
46.28
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-933-APPLICATION-ATTACK-PHP.conf
31.93
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-941-APPLICATION-ATTACK-XSS.conf
40.37
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-942-APPLICATION-ATTACK-SQLI.conf
55.7
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
5.33
KB
-rw-r--r--
2026-03-10 01:32
REQUEST-949-BLOCKING-EVALUATION.conf
3.23
KB
-rw-r--r--
2026-03-10 01:32
RESPONSE-950-DATA-LEAKAGES.conf
3.72
KB
-rw-r--r--
2026-03-10 01:32
RESPONSE-951-DATA-LEAKAGES-SQL.conf
19.47
KB
-rw-r--r--
2026-03-10 01:32
RESPONSE-952-DATA-LEAKAGES-JAVA.conf
3.7
KB
-rw-r--r--
2026-03-10 01:32
RESPONSE-953-DATA-LEAKAGES-PHP.conf
5.03
KB
-rw-r--r--
2026-03-10 01:32
RESPONSE-954-DATA-LEAKAGES-IIS.conf
5.85
KB
-rw-r--r--
2026-03-10 01:32
RESPONSE-959-BLOCKING-EVALUATION.conf
2.78
KB
-rw-r--r--
2026-03-10 01:32
RESPONSE-980-CORRELATION.conf
4.31
KB
-rw-r--r--
2026-03-10 01:32
RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example
2.93
KB
-rw-r--r--
2026-03-10 01:32
crawlers-user-agents.data
659
B
-rw-r--r--
2026-03-10 01:32
iis-errors.data
551
B
-rw-r--r--
2026-03-10 01:32
java-code-leakages.data
264
B
-rw-r--r--
2026-03-10 01:32
java-errors.data
240
B
-rw-r--r--
2026-03-10 01:32
lfi-os-files.data
29.4
KB
-rw-r--r--
2026-03-10 01:32
php-config-directives.data
5.28
KB
-rw-r--r--
2026-03-10 01:32
php-errors.data
8.93
KB
-rw-r--r--
2026-03-10 01:32
php-function-names-933150.data
589
B
-rw-r--r--
2026-03-10 01:32
php-function-names-933151.data
20.88
KB
-rw-r--r--
2026-03-10 01:32
php-variables.data
224
B
-rw-r--r--
2026-03-10 01:32
restricted-files.data
722
B
-rw-r--r--
2026-03-10 01:32
scanners-headers.data
216
B
-rw-r--r--
2026-03-10 01:32
scanners-urls.data
418
B
-rw-r--r--
2026-03-10 01:32
scanners-user-agents.data
4.01
KB
-rw-r--r--
2026-03-10 01:32
scripting-user-agents.data
717
B
-rw-r--r--
2026-03-10 01:32
sql-errors.data
1.85
KB
-rw-r--r--
2026-03-10 01:32
sql-function-names.data
1.93
KB
-rw-r--r--
2026-03-10 01:32
unix-shell.data
943
B
-rw-r--r--
2026-03-10 01:32
windows-powershell-commands.data
3.83
KB
-rw-r--r--
2026-03-10 01:32
Save
Rename
# ------------------------------------------------------------------------ # OWASP ModSecurity Core Rule Set ver.3.0.2 # Copyright (c) 2006-2016 Trustwave and contributors. All rights reserved. # # The OWASP ModSecurity Core Rule Set is distributed under # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ # # Anti-Automation rules to detect Denial of Service attacks. # # Description of mechanics: # When a request hits a non-static resource (TX:STATIC_EXTENSIONS), then a counter for the IP # address is being raised (IP:DOS_COUNTER). If the counter (IP:DOS_COUNTER) hits a limit # (TX:DOS_COUNTER_THRESHOLD), then a burst is identified (IP:DOS_BURST_COUNTER) and the # counter (IP:DOS_COUNTER) is reset. The burst counter expires within a timeout period # (TX:DOS_BURST_TIME_SLICE). # If the burst counter (IP:DOS_BURST_COUNTER) is greater equal 2, then the blocking flag # is being set (IP:DOS_BLOCK). The blocking flag (IP:DOS_BLOCK) expires within a timeout # period (TX:DOS_BLOCK_TIMEOUT). All this counting happens in phase 5. # There is a stricter sibling to this rule (912170) in paranoia level 2, where the # burst counter check (IP:DOS_BURST_COUNTER) hits at greater equal 1. # # The blocking is done in phase 1: When the blocking flag is encountered (IP:DOS_BLOCK), # then the request is dropped without sending a response. If this happens, then a # counter is # raised (IP:DOS_BLOCK_COUNTER). # When an IP address is blocked for the first time, then the blocking is reported in a # message and a flag (IP:DOS_BLOCK_FLAG) is set. This flag expires in 60 seconds. # When an IP address is blocked and the flag (IP:DOS_BLOCK_FLAG) is set, then the # blocking is not being reported (to prevent a flood of alerts). When the flag # (IP:DOS_BLOCK_FLAG) has expired and a new request is being blocked, then the # counter (IP:DOS_BLOCK_COUNTER) is being reset to 0 and the block is being treated # as the first block (-> alert). # In order to be able to display the counter (IP:DOS_BLOCK_COUNTER) and resetting # it at the same time, we copy the counter (IP:DOS_BLOCK_COUNTER) into a different # variable (TX:DOS_BLOCK_COUNTER), which is then displayed in turn. # # Variables: # IP:DOS_BLOCK Flag if an IP address should be blocked # IP:DOS_BLOCK_COUNTER Counter of blocked requests # IP:DOS_BLOCK_FLAG Flag keeping track of alert. Flag expires after 60 seconds. # IP:DOS_BURST_COUNTER Burst counter # IP:DOS_COUNTER Request counter (static resources are ignored) # TX:DOS_BLOCK_COUNTER Copy of IP:DOS_BLOCK_COUNTER (needed for display reasons) # TX:DOS_BLOCK_TIMEOUT Period in seconds a blocked IP will be blocked # TX:DOS_COUNTER_THRESHOLD Limit of requests, where a burst is identified # TX:DOS_BURST_TIME_SLICE Period in seconds when we will forget a burst # TX:STATIC_EXTENSIONS Paths which can be ignored with regards to DoS # # As a precondition for these rules, please set the following three variables: # - TX:DOS_BLOCK_TIMEOUT # - TX:DOS_COUNTER_THRESHOLD # - TX:DOS_BURST_TIME_SLICE # # And make sure that TX:STATIC_EXTENSIONS is also set. # # # -= Paranoia Level 0 (empty) =- (apply unconditionally) # # # Skip if variables defining DoS protection are not set # SecRule &TX:dos_burst_time_slice "@eq 0" \ "id:912100,\ phase:1,\ t:none,\ nolog,\ pass,\ chain,\ skipAfter:END_DOS_PROTECTION_CHECKS" SecRule &TX:dos_counter_threshold "@eq 0" "chain" SecRule &TX:dos_block_timeout "@eq 0" SecRule &TX:dos_burst_time_slice "@eq 0" \ "id:912110,\ phase:5,\ t:none,\ nolog,\ pass,\ chain,\ skipAfter:END_DOS_PROTECTION_CHECKS" SecRule &TX:dos_counter_threshold "@eq 0" "chain" SecRule &TX:dos_block_timeout "@eq 0" SecRule TX:PARANOIA_LEVEL "@lt 1" "phase:1,id:912011,nolog,pass,skipAfter:END-REQUEST-912-DOS-PROTECTION" SecRule TX:PARANOIA_LEVEL "@lt 1" "phase:2,id:912012,nolog,pass,skipAfter:END-REQUEST-912-DOS-PROTECTION" # # -= Paranoia Level 1 (default) =- (apply only when tx.paranoia_level is sufficiently high: 1 or higher) # # # -=[ Anti-Automation / DoS Protection : Block ]=- # # # Block and track # of requests and log # SecRule IP:DOS_BLOCK "@eq 1" \ "chain,\ phase:1,\ id:912120,\ drop,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-multi',\ tag:'attack-dos',\ msg:'Denial of Service (DoS) attack identified from %{tx.real_ip} (%{tx.dos_block_counter} hits since last alert)'" SecRule &IP:DOS_BLOCK_FLAG "@eq 0" \ "setvar:ip.dos_block_counter=+1,\ setvar:ip.dos_block_flag=1,\ expirevar:ip.dos_block_flag=60,\ setvar:tx.dos_block_counter=%{ip.dos_block_counter},\ setvar:ip.dos_block_counter=0" # # Block and track # of requests but don't log # SecRule IP:DOS_BLOCK "@eq 1" \ "phase:1,\ id:912130,\ t:none,\ drop,\ nolog,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-multi',\ tag:'attack-dos',\ setvar:ip.dos_block_counter=+1" # # -=[ Anti-Automation / DoS Protection: Count requests ]=- # # # Skip if we have blocked the request # SecRule IP:DOS_BLOCK "@eq 1" \ "phase:5,\ id:912140,\ t:none,\ nolog,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-multi',\ tag:'attack-dos',\ pass,\ skipAfter:END_DOS_PROTECTION_CHECKS" # # DOS Counter: Count the number of requests to non-static resources # SecRule REQUEST_BASENAME ".*?(\.[a-z0-9]{1,10})?$" \ "phase:5,\ id:912150,\ t:none,\ t:lowercase,\ nolog,\ pass,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-multi',\ tag:'attack-dos',\ capture,\ setvar:tx.extension=/%{TX.1}/,\ chain" SecRule TX:EXTENSION "!@within %{tx.static_extensions}" \ "setvar:ip.dos_counter=+1" # # Check DOS Counter # If the request count is greater than or equal to user settings, # we raise the burst counter. This happens via two separate rules: # - 912160: raise from 0 to 1 # - 912161: raise from 1 to 2 # # This approach with two rules avoids raising the burst counter # from 0 to 2 via two concurrent requests. We do not raise the # burst counter beyond 2. # # SecRule IP:DOS_COUNTER "@ge %{tx.dos_counter_threshold}" \ "phase:5,\ id:912160,\ t:none,\ nolog,\ pass,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-multi',\ tag:'attack-dos',\ chain" SecRule &IP:DOS_BURST_COUNTER "@eq 0" \ "setvar:ip.dos_burst_counter=1,\ expirevar:ip.dos_burst_counter=%{tx.dos_burst_time_slice},\ setvar:!ip.dos_counter" SecRule IP:DOS_COUNTER "@ge %{tx.dos_counter_threshold}" \ "phase:5,\ id:912161,\ t:none,\ nolog,\ pass,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-multi',\ tag:'attack-dos',\ chain" SecRule &IP:DOS_BURST_COUNTER "@ge 1" \ "setvar:ip.dos_burst_counter=2,\ expirevar:ip.dos_burst_counter=%{tx.dos_burst_time_slice},\ setvar:!ip.dos_counter" # # Check DOS Burst Counter and set Block # Check the burst counter - if greater than or equal to 2, then we set the IP # block variable for a given expiry and issue an alert. # SecRule IP:DOS_BURST_COUNTER "@ge 2" \ "phase:5,\ id:912170,\ t:none,\ log,\ pass,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-multi',\ tag:'attack-dos',\ msg:'Potential Denial of Service (DoS) Attack from %{tx.real_ip} - # of Request Bursts: %{ip.dos_burst_counter}',\ setvar:ip.dos_block=1,\ expirevar:ip.dos_block=%{tx.dos_block_timeout}" SecRule TX:PARANOIA_LEVEL "@lt 2" "phase:1,id:912013,nolog,pass,skipAfter:END-REQUEST-912-DOS-PROTECTION" SecRule TX:PARANOIA_LEVEL "@lt 2" "phase:2,id:912014,nolog,pass,skipAfter:END-REQUEST-912-DOS-PROTECTION" SecRule TX:PARANOIA_LEVEL "@lt 2" "phase:5,id:912019,nolog,pass,skipAfter:END-REQUEST-912-DOS-PROTECTION" # # -= Paranoia Level 2 =- (apply only when tx.paranoia_level is sufficiently high: 2 or higher) # # # Check DOS Burst Counter and set Block # Check the burst counter - if greater than or equal to 1, then we set the IP # block variable for a given expiry and issue an alert. # # This is a stricter sibling of rule 912170. # SecRule IP:DOS_BURST_COUNTER "@ge 1" \ "phase:5,\ id:912171,\ t:none,\ log,\ pass,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-multi',\ tag:'attack-dos',\ tag:'paranoia-level/2',\ msg:'Potential Denial of Service (DoS) Attack from %{tx.real_ip} - # of Request Bursts: %{ip.dos_burst_counter}',\ setvar:ip.dos_block=1,\ expirevar:ip.dos_block=%{tx.dos_block_timeout}" SecRule TX:PARANOIA_LEVEL "@lt 3" "phase:1,id:912015,nolog,pass,skipAfter:END-REQUEST-912-DOS-PROTECTION" SecRule TX:PARANOIA_LEVEL "@lt 3" "phase:2,id:912016,nolog,pass,skipAfter:END-REQUEST-912-DOS-PROTECTION" # # -= Paranoia Level 3 =- (apply only when tx.paranoia_level is sufficiently high: 3 or higher) # SecRule TX:PARANOIA_LEVEL "@lt 4" "phase:1,id:912017,nolog,pass,skipAfter:END-REQUEST-912-DOS-PROTECTION" SecRule TX:PARANOIA_LEVEL "@lt 4" "phase:2,id:912018,nolog,pass,skipAfter:END-REQUEST-912-DOS-PROTECTION" # # -= Paranoia Level 4 =- (apply only when tx.paranoia_level is sufficiently high: 4 or higher) # # # -= Paranoia Levels Finished =- # SecMarker "END-REQUEST-912-DOS-PROTECTION" SecMarker END_DOS_PROTECTION_CHECKS