| Server IP : 23.111.136.34 / Your IP : 216.73.216.136 Web Server : Apache System : Linux servidor.eurohost.com.br 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 User : meusitei ( 1072) PHP Version : 5.6.40 Disable Function : show_source, system, shell_exec, passthru, proc_open MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /opt/bitninja-waf/etc/BitNinja/ |
Upload File : |
SecRule REQUEST_FILENAME "^.*\/[a-z]{8}\.php$" \
"chain,\
phase:2,\
id:407001,\
t:none,\
auditlog,\
block,\
severity:CRITICAL,\
msg:'Protection against HEXA botnet',\
logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
SecRule REQUEST_HEADERS:Content-Type ^application/x-www-form-urlencoded$ "t:lowercase,chain"
SecRule &ARGS_POST "@eq 1" "chain"
SecRule ARGS_POST "^[0-9a-fA-F]+$" "chain"
SecRule REQUEST_BODY_LENGTH "@gt 2000" \
"setvar:tx.bn_inbound_found=+1"
SecRule ARGS|REQUEST_HEADERS|REQUEST_URI|REQUEST_BODY|REQUEST_COOKIES|REQUEST_LINE|QUERY_STRING "jndi:ldap:|jndi:dns:|jndi:rmi:|jndi:rni:|\${jndi:" \
"phase:1, \
id:407002, \
t:none, \
deny, \
status:403, \
log, \
auditlog, \
msg:'DVT: CVE-2021-44228 - deny known \"jndi:\" pattern', \
severity:'2', \
rev:1, \
tag:'no_ar',\
setvar:'tx.bn_inbound_found=+1'"
SecRule ARGS|REQUEST_HEADERS|REQUEST_URI|REQUEST_BODY|REQUEST_COOKIES|REQUEST_LINE|QUERY_STRING "jndi:ldap:|jndi:dns:|jndi:rmi:|jndi:rni:|\${jndi:" \
"phase:2, \
id:407003, \
t:none, \
deny, \
status:403, \
log, \
auditlog, \
msg:'DVT: CVE-2021-44228 - deny known \"jndi:\" pattern', \
severity:'2', \
rev:1, \
tag:'no_ar',\
setvar:'tx.bn_inbound_found=+1'"