diff options
Diffstat (limited to 'files/mod_security/custom_rules/blacklist2.conf')
| -rw-r--r-- | files/mod_security/custom_rules/blacklist2.conf | 583 |
1 files changed, 0 insertions, 583 deletions
diff --git a/files/mod_security/custom_rules/blacklist2.conf b/files/mod_security/custom_rules/blacklist2.conf deleted file mode 100644 index e44e462..0000000 --- a/files/mod_security/custom_rules/blacklist2.conf +++ /dev/null @@ -1,583 +0,0 @@ -# http://www.gotroot.com/mod_security+rules -# Gotroot.com ModSecurity rules -# Blacklist of rootkit sites, owned machines and other bad players for modsec 2.x -# -# Download from: http://www.gotroot.com/downloads/ftp/mod_security/2.0/blacklist2.conf -# -# Created by Michael Shinn of the Prometheus Group (http://www.prometheus-group.com) -# Copyright 2005 and 2006 by Michael Shinn and the Prometheus Group, all rights reserved. -# Redistribution is strictly prohibited in any form, including whole or in part. -# -# modsecurity is a trademark of Thinking Stone, Ltd. -# -# Version: N-20061022-01 -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF -# THE POSSIBILITY OF SUCH DAMAGE. - - -SecRule REQUEST_URI|ARGS "\.frauenfinanzzentrum\.at" -SecRule REQUEST_URI|ARGS "von-der-igelhoehe\.de" -SecRule REQUEST_URI|ARGS "danger-soft\.com" -SecRule REQUEST_URI|ARGS "(\.|/)altunerhost\.com" -SecRule REQUEST_URI|ARGS "\.netfast\.org" -SecRule REQUEST_URI|ARGS "\.redcrew\.de" -SecRule REQUEST_URI|ARGS "(\.|/)elektroteh\.com/" -SecRule REQUEST_URI|ARGS "(\.|/)see-my-ip\.info/" -SecRule REQUEST_URI|ARGS "kanalia\.bimber\.pl" -SecRule REQUEST_URI|ARGS "(\.|/)flinttalk\.com" -SecRule REQUEST_URI "https?:.*(\.|/)myspace\.si/" -SecRule REQUEST_URI|ARGS "uarg\.unpa\.edu\.ar" -SecRule REQUEST_URI|ARGS "(\.|/)wileyc\.edu/" -SecRule REQUEST_URI|ARGS "(\.|/)eks-darmstadt\.de" -SecRule REQUEST_URI|ARGS "(\.|/)flinttalk\.com" -SecRule REQUEST_URI|ARGS "\.albacrew\.us/" -SecRule REQUEST_URI|ARGS "\.tebel-gmbh\.de/" -SecRule REQUEST_URI|ARGS "(/|\.)defensacivil\.gov\.ec/" -SecRule REQUEST_URI|ARGS "(/|\.)wwop\.org" -SecRule REQUEST_URI|ARGS "\.kalin\.ru/" -SecRule REQUEST_URI|ARGS "destructive\.by\.ru/" -SecRule REQUEST_URI|ARGS "gulfchamber\.org/" -SecRule REQUEST_URI|ARGS "tckct\.co\.uk" -SecRule REQUEST_URI|ARGS "crimsonaddict\.com/" -SecRule REQUEST_URI|ARGS "(\.|/)webstorch\.com" -SecRule REQUEST_URI|ARGS "/213\.133\.108\.122/" -SecRule REQUEST_URI|ARGS "freewebtown\.com/" -SecRule REQUEST_URI|ARGS "(\.|/)tinypath\.com/" -SecRule REQUEST_URI|ARGS "rve\.cjb\.hu/" -SecRule REQUEST_URI|ARGS "69\.25\.64\.78" -SecRule REQUEST_URI|ARGS "(\.|/)xgamers\.com\.tw/" -SecRule REQUEST_URI|ARGS "(\.|/)balikesir\.edu\.tr/" -SecRule REQUEST_URI|ARGS "(\.|/)ocprojects\.com/" -SecRule REQUEST_URI|ARGS "(\.|/)casadejoaodebarro\.com\.br/" -SecRule REQUEST_URI|ARGS "\.extremus\.info/" -SecRule REQUEST_URI|ARGS "\.parit\.org/" -SecRule REQUEST_URI|ARGS "\.awardspace\.com" -SecRule REQUEST_URI|ARGS "(/|\.)haztek-software\.com" -SecRule REQUEST_URI|ARGS "(/|\.)geocities\.com/nirkan2k3/" -SecRule REQUEST_URI|ARGS "(/|\.)libracomm\.co\.uk/" -SecRule REQUEST_URI|ARGS "(/|\.)kloeckner-web\.de" -SecRule REQUEST_URI|ARGS "(/|\.)mirckurdu\.net/" -SecRule REQUEST_URI|ARGS "(/|\.)apk\.pt/" -SecRule REQUEST_URI|ARGS "(/|\.)asksevda\.net" -SecRule REQUEST_URI|ARGS "(/|\.)kacaktc\.com" -SecRule REQUEST_URI|ARGS "(/|\.)3-bius\.com" -SecRule REQUEST_URI|ARGS "(/|\.)injek-gw\.com" -SecRule REQUEST_URI|ARGS "(/|\.)brtdata\.com\.br/" -SecRule REQUEST_URI|ARGS "(/|\.)uaivip\.com\.br/" -SecRule REQUEST_URI|ARGS "(/|\.)boardtr\.com/" -SecRule REQUEST_URI|ARGS "(/|\.)radiouniversity\.net/" -SecRule REQUEST_URI|ARGS "(/|\.)velvet\.jp/" -SecRule REQUEST_URI|ARGS "(/|\.)loved\.com/" -SecRule REQUEST_URI|ARGS "(/|\.)kit\.net/" -SecRule REQUEST_URI|ARGS "(/|\.)warezworld\.cx/" -SecRule REQUEST_URI|ARGS "(/|\.)void\.ru/" -SecRule REQUEST_URI|ARGS "(/|\.)itabaiana\.se\.gov\.br" -SecRule REQUEST_URI|ARGS "(/|\.)ajadp\.net/" -SecRule REQUEST_URI|ARGS "(/|\.)perian-a\.biz" -SecRule REQUEST_URI|ARGS "(/|\.)rootshell\.be" -SecRule REQUEST_URI|ARGS "(/|\.)tododescargas\.com\.ve/" -SecRule REQUEST_URI|ARGS "(/|\.)caucasus\.net/" -SecRule REQUEST_URI|ARGS "(/|\.)iespana\.es/" -SecRule REQUEST_URI|ARGS "(/|\.)the-tronix\.net/" -SecRule REQUEST_URI|ARGS "(/|\.)classi-find\.net/" -SecRule REQUEST_URI|ARGS "(/|\.)albanet\.biz\.tc/" -SecRule REQUEST_URI|ARGS "(/|\.)wendyscountrycloset\.biz/" -SecRule REQUEST_URI|ARGS "(/|\.)meiemees\.pri\.ee" -SecRule REQUEST_URI|ARGS "(/|\.)geirinn\.is" -SecRule REQUEST_URI|ARGS "(/|\.)skullbocks\.org/" -SecRule REQUEST_URI|ARGS "(/|\.)byethost9\.com/" -SecRule REQUEST_URI|ARGS "(/|\.)hackermail2010\.ifrance\.com" -SecRule REQUEST_URI|ARGS "(/|\.)ifrance\.com/hackermail2010" -SecRule REQUEST_URI|ARGS "(/|\.)paul\.net\.pl/" -SecRule REQUEST_URI|ARGS "(/|\.)interfree\.it/" -SecRule REQUEST_URI|ARGS "\.albados\.com" -SecRule REQUEST_URI|ARGS "\.perqafohu\.com" -SecRule REQUEST_URI|ARGS "\.cside21\.com/" -SecRule REQUEST_URI|ARGS "200\.24\.117\.125" -SecRule REQUEST_URI|ARGS "elitemorgan\.com/" -SecRule REQUEST_URI|ARGS "\acesso\.t35\.com" -SecRule REQUEST_URI|ARGS "(\.|/)geocities\.com/" -SecRule REQUEST_URI|ARGS "(\.|/)geocities\.com/jefferyladun/" -SecRule REQUEST_URI|ARGS "(\.|/)geocities\.com/junhendra/" -SecRule REQUEST_URI|ARGS "(\.|/)geocities\.com/xpl_gibson/" -SecRule REQUEST_URI|ARGS "(\.|/)geocities\.com/kelvinkappa1/" -SecRule REQUEST_URI|ARGS "(\.|/)geocities\.com/damon_shaft/" -SecRule REQUEST_URI|ARGS "(\.|/)geocities\.com/gettoprince4u/" -SecRule REQUEST_URI|ARGS "(\.|/)geocities\.com/brennanventures/" -SecRule REQUEST_URI|ARGS "(\.|/)geocities\.com/solohackerlinks/" -SecRule REQUEST_URI|ARGS "(\.|/)albahost\.host\.sk/" -SecRule REQUEST_URI|ARGS "uarg\.unpa\.edu\.ar/" -SecRule REQUEST_URI|ARGS "\.manhattanservice\.com" -SecRule REQUEST_URI|ARGS "\.kurddomain\.net" -SecRule REQUEST_URI|ARGS "elmorgan\.com\.ar" -SecRule REQUEST_URI|ARGS "61\.1\.197\.244" -SecRule REQUEST_URI|ARGS "home\.arcor\.de" -SecRule REQUEST_URI|ARGS "\.turx\.nl" -SecRule REQUEST_URI|ARGS "\.members\.lycos\.co\.uk/albacr3w/" -SecRule REQUEST_URI|ARGS "\.ifrance\.com" -SecRule REQUEST_URI|ARGS "pivadesign\.com\.br" -SecRule REQUEST_URI|ARGS "\.pc-phasechange\.it" -SecRule REQUEST_URI|ARGS "ciberia\.ya\.com" -SecRule REQUEST_URI|ARGS "\.starhack\.org" -SecRule REQUEST_URI|ARGS "sweet-serenity\.org" -SecRule REQUEST_URI|ARGS "\.uol\.com\.br" -SecRule REQUEST_URI|ARGS "aviozone\.com" -SecRule REQUEST_URI|ARGS "mptechno\.cz" -SecRule REQUEST_URI|ARGS "\.piranho\.de" -SecRule REQUEST_URI|ARGS "\.lilspage\.de" -SecRule REQUEST_URI|ARGS "209\.136\.48\.69" -SecRule REQUEST_URI|ARGS "216\.12\.103\.29" -SecRule REQUEST_URI|ARGS "209\.232\.227\.224" -SecRule REQUEST_URI|ARGS "200\.72\.130\.29" -SecRule REQUEST_URI|ARGS "209\.123\.16\.34" -SecRule REQUEST_URI|ARGS "\.mitchellwhite\.com" -SecRule REQUEST_URI|ARGS "full-comandos\.com" -SecRule REQUEST_URI|ARGS "members\.lycos\.co\.uk/tiara" -SecRule REQUEST_URI|ARGS "sharonfamilyandtravel\.com" -SecRule REQUEST_URI|ARGS "72\.18\.195\.161" -SecRule REQUEST_URI|ARGS "geocities\.com/hitam_putih_dalnet/" -SecRule REQUEST_URI|ARGS "cyberspiderwebdesign\.com" -SecRule REQUEST_URI|ARGS "\.softcarein\.com" -SecRule REQUEST_URI|ARGS "\.netmisphere2\.com" -SecRule REQUEST_URI|ARGS "juniorenkammer\.be" -SecRule REQUEST_URI|ARGS "\.itunisie\.com" -SecRule REQUEST_URI|ARGS "mitchellgeo\.com" -SecRule REQUEST_URI|ARGS "hackexpert\.net" -SecRule REQUEST_URI|ARGS "agi-zagi\.co\.kr" -SecRule REQUEST_URI|ARGS "\.f1-kingpin\.de" -SecRule REQUEST_URI|ARGS "(http|https|ftp)\:/.*\.free\.fr" -SecRule REQUEST_URI|ARGS "www\.designerwear\.co\.uk" -SecRule REQUEST_URI|ARGS "(http|https|ftp)\:/.*\.i8\.com" -SecRule REQUEST_URI|ARGS "danzarte\.cl" -SecRule REQUEST_URI|ARGS "\.ripway\.com" -SecRule REQUEST_URI|ARGS "81\.174\.26\.111" -SecRule REQUEST_URI|ARGS "128\.173\.40\.113" -SecRule REQUEST_URI|ARGS "\.lycos\.co\.uk/metlak/" -SecRule REQUEST_URI|ARGS "\.xcop\.biz/" -SecRule REQUEST_URI|ARGS "sca\.postech\.ac\.kr" -SecRule REQUEST_URI|ARGS "www\.aauto\.no" -SecRule REQUEST_URI|ARGS "dsoulzin\.net" -SecRule REQUEST_URI|ARGS "\.altervista\.org" -SecRule REQUEST_URI|ARGS "\.yatas\.com" -SecRule REQUEST_URI|ARGS "bocor-team\.org" -SecRule REQUEST_URI|ARGS "s0l4r1sr0x\.com" -SecRule REQUEST_URI|ARGS "209\.16\.85\.15" -SecRule REQUEST_URI|ARGS "217\.160\.242\.90" -SecRule REQUEST_URI|ARGS "81\.174\.26\.111" -SecRule REQUEST_URI|ARGS "216\.15\.209\.12" -SecRule REQUEST_URI|ARGS "216\.103\.82\.214" -SecRule REQUEST_URI|ARGS "usuarios\.lycos\.es/angienuka" -SecRule REQUEST_URI|ARGS "usuarios\.lycos\.es/saxalt/" -SecRule REQUEST_URI|ARGS "\.members\.lycos\.co\.uk/hackersclup" -SecRule REQUEST_URI|ARGS "spykids\.info" -SecRule REQUEST_URI|ARGS "smellthecoffee\.com" -SecRule REQUEST_URI|ARGS "\.nana\.co\.il" -SecRule REQUEST_URI|ARGS "yavnek12\.co\.il" -SecRule REQUEST_URI|ARGS "billing\.veloxinternet\.com/" -SecRule REQUEST_URI|ARGS "usuarios\.lycos\.es" -SecRule REQUEST_URI|ARGS "217\.114\.109\.11" -SecRule REQUEST_URI|ARGS "217\.160\.255\.44" -SecRule REQUEST_URI|ARGS "217\.160\.242\.90" -SecRule REQUEST_URI|ARGS "148\.81\.141\.12" -SecRule REQUEST_URI|ARGS "131\.155\.98\.128" -SecRule REQUEST_URI|ARGS "212\.114\.84\.18" -SecRule REQUEST_URI|ARGS "81\.174\.26\.111" -SecRule REQUEST_URI|ARGS "192\.112\.220\.37" -SecRule REQUEST_URI|ARGS "pc-clinic\.fr" -SecRule REQUEST_URI|ARGS "clientes\.netvisao\.pt" -SecRule REQUEST_URI|ARGS "\.sanicentrum\.be" -SecRule REQUEST_URI|ARGS "www\.brain\.net\.pk" -SecRule REQUEST_URI|ARGS "web\.un1xtech\.com" -SecRule REQUEST_URI|ARGS "\.schost\.com\.br/" -SecRule REQUEST_URI|ARGS "neto5a\.iitalia\.com" -SecRule REQUEST_URI|ARGS "mesahigh\.com" -SecRule REQUEST_URI|ARGS "216\.111\.31\.2" -SecRule REQUEST_URI|ARGS "24\.224\.174\.18" -SecRule REQUEST_URI|ARGS "\.mcarthur.\org" -SecRule REQUEST_URI|ARGS "\.v10\.com\.br/" -SecRule REQUEST_URI|ARGS "agaman\.net" -SecRule REQUEST_URI|ARGS "\.what-a-pair\.com" -SecRule REQUEST_URI|ARGS "62\.101\.193\.244" -SecRule REQUEST_URI|ARGS "\.tutoworld\.org" -SecRule REQUEST_URI|ARGS "jupiterhost\.net/" -SecRule REQUEST_URI|ARGS "\.iyscrew\.com" -SecRule REQUEST_URI|ARGS "\.server4free\.de" -SecRule REQUEST_URI|ARGS "\.tikla\.org" -SecRule REQUEST_URI|ARGS "\.dps-ct\.com/" -SecRule REQUEST_URI|ARGS "66\.235\.216\.137" -SecRule REQUEST_URI|ARGS "labserver\.veter\.ucv\.ve" -SecRule REQUEST_URI|ARGS "\.eformidler\.dk" -SecRule REQUEST_URI|ARGS "febronio\.org" -SecRule REQUEST_URI|ARGS "zavisnici\.com" -SecRule REQUEST_URI|ARGS "\.2x4\.ru" -SecRule REQUEST_URI|ARGS "\.k4boom\.biz" -SecRule REQUEST_URI|ARGS "theperfecttitle\.com" -SecRule REQUEST_URI|ARGS "\.yhrhosting\.com" -SecRule REQUEST_URI|ARGS "\.nitrofx\.com" -SecRule REQUEST_URI|ARGS "(/|\.)ownsalldomains\.org" -SecRule REQUEST_URI|ARGS "(/|\.)ocktober\.com" -SecRule REQUEST_URI|ARGS "\.s5\.com" -SecRule REQUEST_URI|ARGS "\.systemcrew\.net" -SecRule REQUEST_URI|ARGS "www\.tutoworld\.org" -SecRule REQUEST_URI|ARGS "\.supereva\.it/" -SecRule REQUEST_URI|ARGS "\.frsirt\.com" -SecRule REQUEST_URI|ARGS "(www\.|/)geocities\.com/anangkd" -SecRule REQUEST_URI|ARGS "geocities\.com/anugerahnet" -SecRule REQUEST_URI|ARGS "(www\.|/)geocities\.com/bacardi_marv" -SecRule REQUEST_URI|ARGS "\.geocities\.com/" -SecRule REQUEST_URI|ARGS "/geocities\.com/" -SecRule REQUEST_URI|ARGS "\.freshmaker\.us" -SecRule REQUEST_URI|ARGS "packetx\.org" -SecRule REQUEST_URI|ARGS "\.de-soc-mac\.de" -SecRule REQUEST_URI|ARGS "\.leohissa\.oi\.com\.br" -SecRule REQUEST_URI|ARGS "\.fig0\.com" -SecRule REQUEST_URI|ARGS "\.brasilhoster\.net" -SecRule REQUEST_URI|ARGS "\.riteweld\.com" -SecRule REQUEST_URI|ARGS "216\.111\.31\.2" -SecRule REQUEST_URI|ARGS "\.fineca\.net" -SecRule REQUEST_URI|ARGS "r00nin\.vila\.bol\.com\.br" -SecRule REQUEST_URI|ARGS "\.bol\.com\.br" -SecRule REQUEST_URI|ARGS "freewebbe\.supereva\.it" -SecRule REQUEST_URI|ARGS "asianfiles\.deluxepass\.com" -SecRule REQUEST_URI|ARGS "sei26\.tripod\.com" -SecRule REQUEST_URI|ARGS "gigachat\.net" -SecRule REQUEST_URI|ARGS "www\.sos-deces\.be" -SecRule REQUEST_URI|ARGS "\.sosha\.it/" -SecRule REQUEST_URI|ARGS "\.pbholland\.com" -SecRule REQUEST_URI|ARGS "\.newtontidy\.com" -SecRule REQUEST_URI|ARGS "\.barretttree\.com" -SecRule REQUEST_URI|ARGS "agaman\.net" -SecRule REQUEST_URI|ARGS "anti-clones\.com" -SecRule REQUEST_URI|ARGS "www\.members\.lycos\.nl/sesli" -SecRule REQUEST_URI|ARGS "geocities\.yahoo\.com\.br/toolsandcmd/" -SecRule REQUEST_URI|ARGS "geocities\.yahoo\.com\.br/" -SecRule REQUEST_URI|ARGS "chancom\.webpal\.info" -SecRule REQUEST_URI|ARGS "geocities\.yahoo\.com\.br/h4x0r_club/" -SecRule REQUEST_URI|ARGS "\.argaio\.net" -SecRule REQUEST_URI|ARGS "baixinhoo\.hpgvip\.com\.br" -SecRule REQUEST_URI|ARGS "\.zeldalegacies\.com" -SecRule REQUEST_URI|ARGS "simbafriends\.com/" -SecRule REQUEST_URI|ARGS "webshells\.org" -SecRule REQUEST_URI|ARGS "groupiys\.net" -SecRule REQUEST_URI|ARGS "megahostbr\.com" -SecRule REQUEST_URI|ARGS "geocities\.yahoo\.com\.br/slash_slink" -SecRule REQUEST_URI|ARGS "\.357is\.com" -SecRule REQUEST_URI|ARGS "northfox\.uw\.hu" -SecRule REQUEST_URI|ARGS "\.dynalith\.com" -SecRule REQUEST_URI|ARGS "\.xplmanager\.com" -SecRule REQUEST_URI|ARGS "\.members\.lycos\.co\.uk/thoronnn/" -SecRule REQUEST_URI|ARGS "\.terra\.com\.br/" -SecRule REQUEST_URI|ARGS "f58\.aaacafe\.ne.\jp/" -SecRule REQUEST_URI|ARGS "www\.derf\.hpgvip\.ig\.com\.br/" -SecRule REQUEST_URI|ARGS "rodrigo\.hcerto\.com/" -SecRule REQUEST_URI|ARGS "\.terror\.as\.ro/" -SecRule REQUEST_URI|ARGS "\.tntt\.org/meu/" -SecRule REQUEST_URI|ARGS "\.syscore\.hpgvip\.com\.br/" -SecRule REQUEST_URI|ARGS "\.hpgvip\.com\.br/" -SecRule REQUEST_URI|ARGS "ijoo\.homelinux\.com/" -SecRule REQUEST_URI|ARGS "\.derf\.hpgvip\.ig\.com\.br/" -SecRule REQUEST_URI|ARGS "\.100free\.com/" -SecRule REQUEST_URI|ARGS "\.lorenzo4ever\.de/" -SecRule REQUEST_URI|ARGS "visualcoders\.net/" -SecRule REQUEST_URI|ARGS "\.fendora\.net" -SecRule REQUEST_URI|ARGS "gigashell\.org/" -SecRule REQUEST_URI|ARGS "\.prir0x\.com/" -SecRule REQUEST_URI|ARGS "geocities\.com/madb0ss/" -SecRule REQUEST_URI|ARGS "geocities\.com/sapulinux/" -SecRule REQUEST_URI|ARGS "geocities\.yahoo\.com\.br/dh4x0r/" -SecRule REQUEST_URI|ARGS ".*\.verizon\.net\.do/carlos.*" -SecRule REQUEST_URI|ARGS "mi\.verizon\.net\.do/carlos.*" -SecRule REQUEST_URI|ARGS "\.stanlley\.ubbi\.com\.br/" -SecRule REQUEST_URI|ARGS "xthost\.info/" -SecRule REQUEST_URI|ARGS "yaoibr\.vila\.bol\.com\.br/" -SecRule REQUEST_URI|ARGS "geocities\.com/catalin1713/" -SecRule REQUEST_URI|ARGS "visualcoders\.net/spy\." -SecRule REQUEST_URI|ARGS "\.digitalmedia\.org\.mk" -SecRule REQUEST_URI|ARGS "pharoeste\.net" -SecRule REQUEST_URI|ARGS "userbr\.info" -SecRule REQUEST_URI|ARGS "\.foxcf\.hpgvip\.ig\.com\.br" -SecRule REQUEST_URI|ARGS "medicine\.bjmu\.edu\.cn" -SecRule REQUEST_URI|ARGS "\.blueconnection\.com\.br" -SecRule REQUEST_URI|ARGS "\.ph4nt4sm4\.hpgvip\.ig\.com\.br" -SecRule REQUEST_URI|ARGS "\.mvhosted\.com" -SecRule REQUEST_URI|ARGS "\.0catch\.com" -SecRule REQUEST_URI|ARGS "newton\.100free\.com" -SecRule REQUEST_URI|ARGS "\.forplay\.com\.br" -SecRule REQUEST_URI|ARGS "\.geocities\.com/my_lusy" -SecRule REQUEST_URI|ARGS "lol\.freecoolsite\.com" -SecRule REQUEST_URI|ARGS "winscp\.net" -SecRule REQUEST_URI|ARGS "\.karpit\.net" -SecRule REQUEST_URI|ARGS "www\.partyradio\.ca" -SecRule REQUEST_URI|ARGS "\.triple-hhh\.de" -SecRule REQUEST_URI|ARGS "\.gottablaze\.com" -SecRule REQUEST_URI|ARGS "xanutz\.3x\.ro" -SecRule REQUEST_URI|ARGS "geocities\.com/anak_indekost" -SecRule REQUEST_URI|ARGS "themis\.geocities\.yahoo\.com" -SecRule REQUEST_URI|ARGS "\.geocities\.com/my_sweet_cute/" -SecRule REQUEST_URI|ARGS "\.angelfire\.com/zine2/" -SecRule REQUEST_URI|ARGS "72\.20\.34\.[0-9]+" -SecRule REQUEST_URI|ARGS "animehost\.de" -SecRule REQUEST_URI|ARGS "home\.online\.no/~p-shahr" -SecRule REQUEST_URI|ARGS "indragostit\.net" -SecRule REQUEST_URI|ARGS "hdr\.atspace\.com" -SecRule REQUEST_URI|ARGS "\.thecurse\.pop\.com\.br" -SecRule REQUEST_URI|ARGS "www\.w3zone\.com" -SecRule REQUEST_URI|ARGS "freecoolsite\.com" -SecRule REQUEST_URI|ARGS "freewebs\.com" -SecRule REQUEST_URI|ARGS "\.geocities\.com/chnsekip" -SecRule REQUEST_URI|ARGS "webcindario\.com" -SecRule REQUEST_URI|ARGS "ripdisk\.ma\.cx" -SecRule REQUEST_URI|ARGS "sinanreklam\.net" -SecRule REQUEST_URI|ARGS "members\.cox\.net/xjasonx" -SecRule REQUEST_URI|ARGS "\.bh-net\.dk" -SecRule REQUEST_URI|ARGS "\.mediaserve\.net" -SecRule REQUEST_URI|ARGS "\.inchon\.ne\.kr" -SecRule REQUEST_URI|ARGS "\.noti-auto.\com\.ar" -SecRule REQUEST_URI|ARGS "go0gler\.com" -SecRule REQUEST_URI|ARGS "hackbox\.t35\.com" -SecRule REQUEST_URI|ARGS ".*\.hpgvip\.ig\.com\.br" -SecRule REQUEST_URI|ARGS "honestgame\.net" -SecRule REQUEST_URI|ARGS "\.ecobook\.or\.kr" -SecRule REQUEST_URI|ARGS "\.fasecolda\.com" -SecRule REQUEST_URI|ARGS "212\.50\.30\.60" -SecRule REQUEST_URI|ARGS "\.nbail\.com" -SecRule REQUEST_URI|ARGS "\.kit\.net/" -SecRule REQUEST_URI|ARGS "\.ubbi\.com\.br" -SecRule REQUEST_URI|ARGS "\.k4boom\.biz/" -SecRule REQUEST_URI|ARGS "00freehost\.com" - -#Sites that host remote shells, etc. -SecRule REQUEST_URI|ARGS "security-protocols\.com" - -#Known sources that leak thru proxies -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.26\.46\.168" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR 69\.50\.182\.154 -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR 202\.81\.60\.58 -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "66\.246\.252\.91" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR 211\.185\.59\.124 -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "209\.165\.131\.23" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "66\.246\.246\.22" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "202\.89\.50\.28" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.38\.208\.48" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "159\.148\.29\.158" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.59\.188\.73" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "200\.168\.0\.246" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "193\.95\.90\.52" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "193\.95\.27\.2" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "195\.55\.222\.19" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "196\.203\.32\.81" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.150\.163\.82" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.237\.226\.70" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.96\.125\.38" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.97\.97\.168" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.98\.122\.111" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "217\.8\.64\.21" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.191\.119\.122" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.33\.104\.158" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.38\.171\.131" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "81\.109\.180\.3" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "81\.37\.184\.196" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "83\.57\.132\.206" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "84\.94\.13\.249" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "85\.129\.229\.111" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "86\.60\.16\.81" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "172\.168\.0\.1" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "196\.203\.4\.62" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "202\.123\.250\.184" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "212\.116\.209\.234" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "217\.127\.56\.24" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.26\.46\.168" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.36\.245\.100" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "84\.94\.78\.98" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.59\.91\.33" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "unsecure-services" -SecRule HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "205\.177\.122\.162" - - - -#bad proxies -SecRule HTTP_FORWARDED "mangostino\.ut\.edu\.co" -SecRule HTTP_FORWARDED ".*\.cnh\.com" -SecRule HTTP_FORWARDED "phenix-prog-phr" -SecRule HTTP_FORWARDED "alfred\.nssi\.telus\.com" -SecRule HTTP_FORWARDED "wadsworth\.nssi\.telus\.com" -SecRule HTTP_VIA "\.ownsalldomains\.org" -SecRule HTTP_VIA "cache\.topflash\.co\.kr" -SecRule HTTP_VIA "\.quasar\.net\.id:8080" -SecRule HTTP_VIA "\.serverpronto\.com" -SecRule HTTP_VIA "\.fetish-expert\.org" -SecRule HTTP_VIA "proxy\.hwai\.edu\.tw" -SecRule HTTP_VIA "interno-1-1\.edn\.org\.br" -SecRule HTTP_VIA "\.pt-server1\.bt\.com" -SecRule HTTP_VIA "1\.1 cache-test-dtv-kno" -SecRule HTTP_VIA "kdnproxy\.kdn\.gov\.my" -SecRule HTTP_VIA "\.wisdomchina\.com" -SecRule HTTP_VIA "1\.1 PALACIOISA" -SecRule HTTP_VIA "1\.1 cache7\:80 \(squid" -SecRule HTTP_VIA "1\.1 www\.pt-server1\.bt\.com" -SecRule HTTP_VIA "revProxy\.foredu\.com\.cn" -SecRule HTTP_VIA "\.salmanetwork\.com" -SecRule HTTP_VIA "\.warnet\.com" -SecRule HTTP_VIA "moses\.frc\.org" -SecRule HTTP_VIA "1\.0 SQCNT3" -SecRule HTTP_VIA "phenix-prog-phr" -SecRule HTTP_VIA "1\.0 TIETONG" -SecRule HTTP_VIA "webshield\.beitberl\.ac\.il" -SecRule HTTP_VIA "1\.1 www\.any\.com" -SecRule HTTP_VIA "intra\.ckus\.rmutp\.ac\.th" -SecRule HTTP_VIA "poczta\.prochowa12\.waw\.pl" -SecRule HTTP_VIA "1\.1 ICACHE1" -SecRule HTTP_VIA "1\.1 New-Proxy2" -SecRule HTTP_VIA "1\.1 SERVEUR2000" -SecRule HTTP_VIA "intra\.ckus\.rmutp\.ac\.th" -SecRule HTTP_VIA "1\.1 PROXY, 1\.0 NC2100" -SecRule HTTP_VIA "1\.1 www\.rolnas\.com\.pl" -SecRule HTTP_VIA "1\.1 revproxy2" -SecRule HTTP_VIA "1\.1 webmail\.siamcom\.co\.th" -SecRule HTTP_VIA "1\.1 SMS2000\.tutsys\.com" -SecRule HTTP_VIA "1\.1 CAE-SERVER" -SecRule HTTP_VIA "1\.1 WORKGROU-OYOU4X" -SecRule HTTP_VIA "1\.1 INKABANPINPROXY" -SecRule HTTP_VIA "1\.1 DNS4" -SecRule HTTP_VIA "1\.1 www\.rolnas\.com\.pl" -SecRule HTTP_VIA "1\.1 DBSV1008" -SecRule HTTP_VIA "1\.1 NEWISA" -SecRule HTTP_VIA "1\.1 CPGATEWAY02" -SecRule HTTP_VIA "1\.1 router\:3128 \(KEN\!\)" -SecRule HTTP_VIA "1\.1 PROXYSRV\, 1\.0 supercache5" -SecRule HTTP_VIA "1\.1 ATIPLS1" -SecRule HTTP_VIA "1\.0 SMART\, 1\.0 LOIER2800\:" -SecRule HTTP_VIA "1\.1 62\.93\.34\.160" -SecRule HTTP_VIA "1\.1 fwall\.belcomct\.net" -SecRule HTTP_VIA "1\.1 ZERT-EWDGNMVXUF" -SecRule HTTP_VIA "1\.1 su\.tkp\.edu\.hk" -#SecRule HTTP_VIA "HTTP/1\.1 proxy\[AC1.*" -SecRule HTTP_VIA "HTTP/1\.1 proxy\[AC1E0247" -SecRule HTTP_VIA "1\.1 compujuan\.com\.es" -SecRule HTTP_VIA "1\.1 FEDERATION" -#SecRule HTTP_VIA "1\.1 SERVER-ISA" -SecRule HTTP_VIA "1\.1 EXACTWAPPROXY" -SecRule HTTP_VIA "1\.1 GRNSERVER" -SecRule HTTP_VIA "1\.1 www\.satem\.gob\.ve" -SecRule HTTP_VIA "1\.1 nilcombi\.nilcom\.fr" -SecRule HTTP_VIA "1\.1 cellulant\.lifeismobile\.com" -SecRule HTTP_VIA "1\.1 SR2300-SE7501-H" -SecRule HTTP_VIA "1\.1 www\.dmi\.es" -#SecRule HTTP_VIA "1\.0 cache2\.jed" -SecRule HTTP_VIA "1\.1 BRHCYBER" -SecRule HTTP_VIA "1\.1 132\.110\.2\.12" -SecRule HTTP_VIA "1\.1 .*\.pivotoffice\.com" -SecRule HTTP_VIA "1\.1 .*\.mundo-r\.com" -SecRule HTTP_VIA "1\.1 FAMILYCAREREHAB" -SecRule HTTP_VIA "1\.1 INFORMASERVER" -SecRule HTTP_VIA "1\.1 ITISA" -#SecRule HTTP_VIA "1\.1 NetCache-CLNS-STACK-1" -SecRule HTTP_VIA "1\.1 .*\.as5587\.net" -SecRule HTTP_VIA "1\.1 Maua" -SecRule HTTP_VIA "1\.1 JUNIOR" -SecRule HTTP_VIA "1\.1 offsetinternet" -SecRule HTTP_VIA ".*codevasf\.gov\.br" -SecRule HTTP_VIA "1\.1 www\.aha\.at" -SecRule HTTP_VIA "1\.1 ucavilapruebas\.es" -SecRule HTTP_VIA "1\.1 .*\.insightfirst\.com" -SecRule HTTP_VIA "1\.1 if3\.insightfirst\.com" -SecRule HTTP_VIA "1\.1 SERV132" -SecRule HTTP_VIA "1\.1 CacheFORCE" -SecRule HTTP_VIA "1\.1 dgc-squid" -#SecRule HTTP_VIA "1\.1 CS6200C" -SecRule HTTP_VIA "1\.1 NTS-SERVER" -SecRule HTTP_VIA "1\.1 AJF-JTC-ISA01" -SecRule HTTP_VIA "1\.1 neptun\.ci\.uw\.edu\.pl" -SecRule HTTP_VIA "1\.1 2-net\.ro" -SecRule HTTP_VIA "1\.1 .*\.usscript\.com" -SecRule HTTP_VIA "1\.1 SSIP_SERVER3" -SecRule HTTP_VIA "1\.1 SYVKOV422GX" -SecRule HTTP_VIA "1\.1 .*\.arbuzowa\.net" -SecRule HTTP_VIA "1\.1 www\.kevsclub\.com" -SecRule HTTP_VIA "1\.0 KALIMBA" -SecRule HTTP_VIA "1\.0 NETOUT-SERVER" -SecRule HTTP_VIA "1\.0 NTMARVWALL01" -SecRule HTTP_VIA "1\.0 PROXYSES2" -SecRule HTTP_VIA "1\.0 ptcdb\.edu\.ps" -SecRule HTTP_VIA "1\.0 px1nr \(NetCache NetApp/5\.6\.1D25\)" -SecRule HTTP_VIA "1\.0 px8so \(NetCache NetApp/5\.6\.1D25\)" -SecRule HTTP_VIA "1\.0 SERV132, 1\.0 netcache1 \(NetCache NetApp/6\.0\.1\)" -SecRule HTTP_VIA "1\.0 TEKIYA02 \(NetCache NetApp/5\.6\.2\), TEKIYA03, 1\.0 TEKIYA02 \(NetCache NetApp/5\.6\.2\)" -#SecRule HTTP_VIA "1\.1 10\.0\.1\.20" -#SecRule HTTP_VIA "1\.1 127\.0\.0\.1" -SecRule HTTP_VIA "1\.1 146\.83\.216\.207" -SecRule HTTP_VIA "1\.1 202\.88\.250\.211" -SecRule HTTP_VIA "1\.1 213\.155\.209\.204" -SecRule HTTP_VIA "1\.1 accel10\.click21\.com\.br" -SecRule HTTP_VIA "1\.1 alcyonix\.dyndns\.ws" -SecRule HTTP_VIA "1\.1 athos\.chem\.demokritos\.gr" -SecRule HTTP_VIA "1\.1 ATIPLS1" -SecRule HTTP_VIA "1\.1 BBSM52" -#SecRule HTTP_VIA "1\.1 bnb-cache1 \(NetCache NetApp.*\), 1\.1 rba-cache1" -SecRule HTTP_VIA "1\.1 cacheB\.ipko\.net" -SecRule HTTP_VIA "1\.1 CAE-SERVER" -SecRule HTTP_VIA "1\.1 CATHODE" -#SecRule HTTP_VIA "1\.1 cha-cache1 \(NetCache NetApp.*" -SecRule HTTP_VIA "1\.1 CSB-NC2 \(NetCache NetApp.*" -SecRule HTTP_VIA "1\.1 cuchimilco\.huaral\.org" -SecRule HTTP_VIA "1\.1 DBSV1008" -SecRule HTTP_VIA "1\.1 dns2\.araxa\.com\.br" -SecRule HTTP_VIA "1\.1 EMERSON, 1\.0 C6100 \(NetCache NetApp.*" -SecRule HTTP_VIA "1\.1 EPPD_SERVER" -SecRule HTTP_VIA "1\.1 fox-server1\.foxschool\.lan" -SecRule HTTP_VIA "1\.1 http-istcf1" -SecRule HTTP_VIA "1\.1 JUNIOR" -#SecRule HTTP_VIA "1\.1 lnac2 \(NetCache NetApp.*" -SecRule HTTP_VIA "1\.1 LTSP03\.glenwood\.k12\.mo\.us" -#SecRule HTTP_VIA "1\.1 MAILSERVER" -SecRule HTTP_VIA "1\.1 natty\.intranet" -#SecRule HTTP_VIA "1\.1 netcache1-ctn \(NetCache NetApp.*" -#SecRule HTTP_VIA "1\.1 netcache1 \(NetCache NetApp.*" -#SecRule HTTP_VIA "1\.1 NetCache3 \(NetCache NetApp.*" -SecRule HTTP_VIA "1\.1 NetCache-CLNS-STACK-1 \(NetCache NetApp.*" -#SecRule HTTP_VIA "1\.1 nme-nxg-pr1\.tpg\.com\.au" -SecRule HTTP_VIA "1\.1 no-dns\.as5587\.net" -SecRule HTTP_VIA "1\.1 ns07\.contentex\.net" -SecRule HTTP_VIA "1\.1 NYNETSRV01" -SecRule HTTP_VIA "1\.1 OTXXSERV" -SecRule HTTP_VIA "1\.1 proxy\.marshall\.k12\.wi\.us" -SecRule HTTP_VIA "1\.1 SERV132, 1\.0 netcache1 \(NetCache NetApp.*" -SecRule HTTP_VIA "1\.1 SERVER-ISA" -SecRule HTTP_VIA "1\.1 SERVEUR-CYBER" -SecRule HTTP_VIA "1\.1 slave02\.terrarica\.net" -SecRule HTTP_VIA "1\.1 SMS2000\.tutsys\.com" -SecRule HTTP_VIA "1\.1 spacebears" -SecRule HTTP_VIA "1\.1 squid2-sydny\.eftel\.com" -SecRule HTTP_VIA "1\.1 SSIP_SERVER3" -SecRule HTTP_VIA "1\.1 SYVKOV422GX" -SecRule HTTP_VIA "1\.1 trixie" -SecRule HTTP_VIA "1\.1 wc-02 \(NetCache NetApp.*" -SecRule HTTP_VIA "1\.1 webmail\.siamcom\.co\.th" -SecRule HTTP_VIA "1\.1 www\.arbuzowa\.net" -SecRule HTTP_VIA "1\.1 www\.gkcabunoc\.com" -SecRule HTTP_VIA "1\.1 addyon\.webair\.com" -SecRule HTTP_VIA "1\.1 alcyonix\.dyndns\.ws" -SecRule HTTP_VIA "1\.1 proxy\.pcdl\.gov\.br" -SecRule HTTP_VIA "1\.1 ichigo\.icsmail\.net" -SecRule HTTP_VIA "1\.1 80\.177\.18\.74" -SecRule HTTP_VIA "1\.1 raptor[0-9][a-z]\.watchdog\.net\.nz" -SecRule HTTP_VIA "1\.0 proxy[0-9]\..*\.maxnet\.net\.nz" -SecRule HTTP_VIA "1\.0 proxy[0-9]\.akl[0-9]\.maxnet\.net\.nz" -SecRule HTTP_VIA "1\.1 POMGFIREWALL" -SecRule HTTP_VIA "1\.1 alfred\.nssi\.telus\.com" -SecRule HTTP_VIA "1\.1 .*\.acdi-cida\.gc\.ca" -SecRule HTTP_VIA "CIDA13\.acdi-cida\.gc\.ca" - -#generic sig for a bad site -SecRule REQUEST_URI "(http|https|ftp).*\.exs\.cx/.*/nc4hk\.swf" - |