summaryrefslogtreecommitdiff
path: root/files/mod_security/custom_rules/recons.conf
diff options
context:
space:
mode:
Diffstat (limited to 'files/mod_security/custom_rules/recons.conf')
-rw-r--r--files/mod_security/custom_rules/recons.conf50
1 files changed, 50 insertions, 0 deletions
diff --git a/files/mod_security/custom_rules/recons.conf b/files/mod_security/custom_rules/recons.conf
new file mode 100644
index 0000000..d0d113f
--- /dev/null
+++ b/files/mod_security/custom_rules/recons.conf
@@ -0,0 +1,50 @@
+# http://www.gotroot.com/mod_security+rules
+# Gotroot.com ModSecurity rules
+# Search Engine Recon/Google Hacks Security Rules for modsec 2.x
+#
+# Download from: http://www.gotroot.com/downloads/ftp/mod_security/2.0/recons.conf
+#
+# Created by Michael Shinn of the Prometheus Group (http://www.prometheus-group.com)
+# Copyright 2005 and 2006 by Michael Shinn and the Prometheus Group, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Version: N-20061022-01
+#
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+
+# Note: For modsecurity 2.x and above only
+
+SecRule HTTP_Referer "Powered by Gravity Board" "id:350000,rev:1,severity:2,msg:'Gravity Board Google Recon attempt'"
+SecRule HTTP_Referer "Powered by SilverNews" "id:350001,rev:1,severity:2,msg:'SilverNews Google Recon attempt'"
+SecRule HTTP_Referer "Powered.*PHPBB.*2\.0\.\ inurl\:" "id:350002,rev:1,severity:2,msg:'PHPBB 2.0 Google Recon attempt'"
+SecRule HTTP_Referer "PHPFreeNews inurl\:Admin\.php" "id:350003,rev:1,severity:2,msg:'PHPFreeNews Google Recon attempt'"
+SecRule HTTP_Referer "inurl.*/cgi-bin/query" "id:350004,rev:1,severity:2,msg:'/cgi-bin/guery Google Recon attempt'"
+SecRule HTTP_Referer "inurl.*tiki-edit_submission\.php" "id:350005,rev:1,severity:2,msg:'tiki-edit Google Recon attempt'"
+SecRule HTTP_Referer "inurl.*wps_shop\.cgi" "id:350006,rev:1,severity:2,msg:'wps_shop.cgi Google Recon attempt'"
+SecRule HTTP_Referer "inurl.*edit_blog\.php.*filetype\:php" "id:350007,rev:1,severity:2,msg:'edit_blog.php Google Recon attempt'"
+SecRule HTTP_Referer "inurl.*passwd.txt.*wwwboard.*webadmin" "id:350008,rev:1,severity:2,msg:'passwd.txt Google Recon attempt'"
+SecRule HTTP_Referer "inurl.*admin\.mdb" "id:350008,rev:1,severity:2,msg:'admin.mdb Google Recon attempt'"
+SecRule HTTP_Referer "filetype:sql \x28\x22passwd values.*password values.*pass values"
+SecRule HTTP_Referer "filetype.*blt.*buddylist"
+SecRule HTTP_Referer "File Upload Manager v1\.3.*rename to"
+SecRule HTTP_Referer "filetype\x3Aphp HAXPLORER .*Server Files Browser"
+SecRule HTTP_Referer "inurl.*passlist\.txt"
+SecRule HTTP_Referer "wwwboard WebAdmininurl\x3Apasswd\.txt wwwboard\x7Cwebadmin"
+SecRule HTTP_Referer "Enter ip.*inurl\x3A\x22php-ping\.php\x22"
+SecRule HTTP_Referer "intitle\.*PHP Shell.*Enable stderr.*filetype\.php"
+SecRule HTTP_Referer "inurl\.*install.*install\.php"
+SecRule HTTP_Referer "Powered by PHPFM.*filetype\.php -username"
+SecRule HTTP_Referer "inurl\.*phpSysInfo.*created by phpsysinfo"
+SecRule HTTP_Referer "SquirrelMail version 1\.4\.4.*inurl:src ext\.php"
+SecRule HTTP_Referer "inurl\.*webutil\.pl"
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-11 02:23:52 +0000