Linux bear.hostingplus.cl 4.18.0-513.18.1.lve.2.el8.x86_64 #1 SMP Sat Mar 30 15:36:11 UTC 2024 x86_64
LiteSpeed
Server IP : 192.140.57.17 & Your IP : 216.73.216.57
Domains :
Cant Read [ /etc/named.conf ]
User : explo
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
opt /
bitninja-waf3 /
coreruleset /
BitNinja /
Delete
Unzip
Name
Size
Permission
Date
Action
104-TYPO3-MAGENTO-EXCLUSION-RULES.conf
501
B
-rw-r--r--
2026-02-11 12:19
400-BITNINJA-INITIALIZATION.conf
3.01
KB
-rw-r--r--
2026-02-11 12:19
400030-status.conf
495
B
-rw-r--r--
2026-02-11 12:19
401-WORDPRESS-BACKDOOR-PROTECTION.conf
2.67
KB
-rw-r--r--
2026-02-11 12:19
402-DRUPAL-REMOTE-EXECUTION-PROTECTION.conf
1.79
KB
-rw-r--r--
2026-02-11 12:19
403-MODX-REVOLUTION-REMOETE-EXECUTION-PROTECTION.conf
450
B
-rw-r--r--
2026-02-11 12:19
404-SCANNER-PROTECTION.conf
1.27
KB
-rw-r--r--
2026-02-11 12:19
405-MAGENTO-REMOTE-EXECUTION-PROTECTION.conf
3.9
KB
-rw-r--r--
2026-02-11 12:19
406-WORDPRESS-PLUGIN-VULNERABILITY-PROTECTION.conf
27.22
KB
-rw-r--r--
2026-02-11 12:19
407-BOTNET-PROTECTION.conf
1.21
KB
-rw-r--r--
2026-02-11 12:19
408-SYMFONY-PROTECTION-BN.conf
522
B
-rw-r--r--
2026-02-11 12:19
409-ANTIMALWARE-PROTECTION-BN.conf
18.27
KB
-rw-r--r--
2026-02-11 12:19
410-OTHER-BN.conf
12.58
KB
-rw-r--r--
2026-02-11 12:19
419-REQUEST-BLOCKING-EVALUATION-BN.conf
946
B
-rw-r--r--
2026-02-11 12:19
botnet-post-request.data
80
B
-rw-r--r--
2026-02-11 12:19
malware-endpoints.data
450
B
-rw-r--r--
2025-12-17 12:08
scripting-user-agents.data
717
B
-rw-r--r--
2026-02-11 12:19
web-shell-uri.data
195
B
-rw-r--r--
2026-02-11 12:19
Save
Rename
# SecAction "id:400000, phase:1,\ # nolog,\ # pass,\ # t:none,\ # setvar:tx.bn_inbound_found=0,\ # setvar:tx.bn_outbound_found=0,\ # setvar:tx.bn_pattern_lockdown=0,\ # setvar:tx.bn_pattern_can_honeypotify=0,\ # setvar:tx.bn_pattern=" SecRule TX:BN_PATTERN_LOCKDOWN "@lt 1" "phase:1, id:400010, nolog,noauditlog,pass,skipAfter:BITNINJA-LOCKDOWN" SecRule TX:BN_PATTERN_LOCKDOWN "@lt 1" "phase:2, id:400011, nolog,noauditlog,pass,skipAfter:BITNINJA-LOCKDOWN" SecRule &ARGS_POST "@gt 0" \ "id:400110, \ phase:2,\ msg:'Requested location [%{tx.bn_pattern}] is on lockdown. No POST data allowed.',\ logdata:'POST data not allowed.',\ deny,\ status:405,\ severity:WARNING" SecRule TX:BN_PATTERN_CAN_HONEYPOTIFY "@lt 1" "phase:2, id:400013, nolog,noauditlog,pass,skipAfter:VIRTUAL-HONEYPOT" SecRule &ARGS_POST "@gt 0" \ "id:400112, \ phase:2,\ rev:'1',\ msg:'Requested location is a virtual honeypot location. No POST data allowed.',\ logdata:'Requested location is a virtual honeypot location. No POST data allowed.',\ block,\ setvar:tx.bn_inbound_found=+1,\ severity:CRITICAL" # Many user enabled virtual honeypotification on / and made there sites unreachable. # This is not the way this should be used. SecRule TX:BN_PATTERN_CAN_HONEYPOTIFY "@lt 1" "phase:1, id:400012, nolog,noauditlog,pass,skipAfter:VIRTUAL-HONEYPOT" SecRule REQUEST_BODY "(?:(?:<\?php|<\?)\s)" \ "setvar:tx.bn_inbound_found=+1,\ id:400114, \ phase:2,\ rev:'1',\ msg:'PHP file upload not allowed on this location',\ logdata:'PHP file upload not allowed on this location',\ block,\ severity:CRITICAL" SecMarker "VIRTUAL-HONEYPOT" SecRule &ARGS_GET "@gt 0" \ "id:400113, \ phase:2,\ rev:'1',\ msg:'Requested location is a virtual honeypot location. No GET data allowed.',\ logdata:'Requested location is a virtual honeypot location. No GET data allowed.',\ block,\ setvar:tx.bn_inbound_found=+1,\ severity:CRITICAL" SecRule &ARGS_POST "@gt 0" \ "id:400111,\ phase:1, \ msg:'Requested location [${tx.pattern}] is on lockdown. No POST data allowed.',\ logdata:'POST data not allowed.',\ deny,\ status:405,\ severity:WARNING" SecMarker "BITNINJA-LOCKDOWN" SecRule REQUEST_URI "@contains /wp-admin/" \ "id:301090, \ phase:3,\ nolog,\ rev:'1',\ severity:info,\ pass,\ chain" SecRule &REQUEST_COOKIES:/^wordpress_logged_in_/ "@ge 1" "t:none,chain" SecRule RESPONSE_STATUS "@streq 200" "t:none,chain" SecRule REQUEST_URI "!@contains wp-login.php" "t:none,chain" SecRule REQUEST_URI "!@contains admin-ajax.php" "t:none,t:normalizePath,setvar:tx.wp_admin_in=1" SecRule REQUEST_URI "@endsWith /xmlrpc.php" "id:301091,phase:2,nolog,severity:info,t:none,t:normalizePath,pass,chain" SecRule REQUEST_BODY "@contains <methodCall>" "t:none,chain" SecRule REQUEST_BODY "@endsWith </methodCall>" "setvar:tx.bn_xmlrpc_call=1" SecRule ARGS_POST_NAMES "^cpanel_jsonapi_module$" "id:301092,phase:2,nolog,severity:info,t:none,t:normalizePath,pass,chain" SecRule ARGS_POST_NAMES "^cpanel_jsonapi_func$" "setvar:tx.bn_cpanel_call=1"