1 files changed, 0 insertions, 229 deletions
diff --git a/files/mod_security/custom_rules/useragents.conf b/files/mod_security/custom_rules/useragents.conf
deleted file mode 100644
index d969960..0000000
--- a/files/mod_security/custom_rules/useragents.conf
+++ /dev/null
@@ -1,229 +0,0 @@
-# http://www.gotroot.com/mod_security+rules
-# Gotroot.com ModSecurity rules
-# User Agent Security Rules for modsec 2.x
-#
-# Download from: http://www.gotroot.com/downloads/ftp/mod_security/2.0/useragents.conf
-#
-# Created by Michael Shinn of the Prometheus Group (http://www.prometheus-group.com)
-# Copyright 2005 and 2006 by the Michael Shinn and the Prometheus Group, all rights reserved.
-# Redistribution is strictly prohibited in any form, including whole or in part.
-#
-# Version: N-20061022-01
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
-# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
-# THE POSSIBILITY OF SUCH DAMAGE.
-
-
-#Comment spam header line
-SecRule REQUEST_HEADERS "x-aaaaaa.*"
-SecRule REQUEST_BODY "X-AAAAAA.*"
-
-#check for bad meta characters in User-Agent field
-#SecRule HTTP_User-Agent ".*\'"
-
-#XSS in the UA field
-SecRule HTTP_User-Agent "<(.|\s|\n)?(script|about|applet|activex|chrome|object)(.|\s|\n)?>.*<(.|\s|\n)?(script|about|applet|activex|chrome|object)"
-
-#PHP code injection attack
-SecRule HTTP_User-Agent "(<\?php|<[[:space:]]*\?[[:space:]]*php)" 
-SecRule HTTP_User-Agent ".*HTTP_GET_VARS"
-
-#recursion attack in UA field
-SecRule HTTP_User-Agent "\.\./\.\."
-
-#May cause false positives with some software, comment out if it does
-#SecRule REMOTE_ADDR "!^127\.0\.0\.1$" "chain,id:390000,rev:1,severity:1,msg:'Suspicious Automated or Manual Request'"
-#SecRule "HTTP_User-Agent|HTTP_HOST|HTTP_Accept" "^$"
-
-#Exploit agent
-SecRule HTTP_User-Agent "Mosiac 1\.*"
-
-#Bad agent
-SecRule HTTP_User-Agent "Brutus/AET"
-
-#CGI vuln scan tool
-SecRule HTTP_User-Agent cgichk
-SecRule HTTP_User-Agent "DataCha0s/2\.0"
-
-#Damn fine UA
-SecRule HTTP_User-Agent ".*THIS IS AN EXPLOIT*"
-SecRule HTTP_User-Agent "Morzilla"
-
-#CIRT.DK Webroot auditing tool
-SecRule HTTP_User-Agent ".*WebRoot "
-
-#Exploit UA
-SecRule HTTP_User-Agent ".*T H A T \' S  G O T T A  H U R T*"
-
-#XML RPC exploit tool
-SecRule HTTP_User-Agent "xmlrpc exploit*"
-
-#A friendly little exploit banner for a WP vuln
-SecRule HTTP_User-Agent "Wordpress Hash Grabber"
-
-#Blocks scripts
-SecRule HTTP_User-Agent lwp
-
-#Web leaches
-SecRule HTTP_User-Agent "Web Downloader"
-SecRule HTTP_User-Agent WebZIP
-SecRule HTTP_User-Agent WebCopier
-SecRule HTTP_User-Agent Webster
-SecRule HTTP_User-Agent WebZIP
-SecRule HTTP_User-Agent WebStripper
-SecRule HTTP_User-Agent "teleport pro"
-SecRule HTTP_User-Agent combine
-SecRule HTTP_User-Agent "Black Hole"
-SecRule HTTP_User-Agent "SiteSnagger" 
-SecRule HTTP_User-Agent "ProWebWalker" 
-SecRule HTTP_User-Agent "CheeseBot" 
-
-#Bogus Mozilla UA lines
-SecRule HTTP_User-Agent "Mozilla/(4|5)\.0$"
-SecRule HTTP_User-Agent "Mozilla/3\.Mozilla/2\.01$"
-
-#Bogus IE UA line
-SecRule HTTP_User-Agent "Microsoft Internet Explorer/5\.0$"
-
-#Bogus UA
-SecRule HTTP_User-Agent "FooBar/42"
-
-#Nessus Vuln scanner UA
-SecRule HTTP_User-Agent "Mozilla.*Nessus"
-
-#Nikto vuln scanner UA
-SecRule HTTP_User-Agent ".*Nikto"
-
-#BAd/Bogus UAs
-SecRule HTTP_User-Agent "Indy Library"
-SecRule HTTP_User-Agent "Faxobot"
-SecRule HTTP_User-Agent ".*SAFEXPLORER TL"
-
-#Spam spinder UAs
-SecRule HTTP_User-Agent ".*fantomBrowser"
-SecRule HTTP_User-Agent ".*fantomCrew Browser"
-
-#VB development library used by many spammers, might block legite VBscripts
-#comment out if you have problems
-SecRule HTTP_User-Agent "Crescent Internet ToolPak"
-
-#Borland Delphi signature, as above, comment out if it gives you problems
-#spammers sometimes use these UAs
-SecRule HTTP_User-Agent "NEWT ActiveX\; Win32"
-SecRule HTTP_User-Agent "Mozilla.*NEWT"
-
-#Part of the Microsoft MSINET.OCX, as above, spammers sometimes use this, if
-#it causes problems, comment out.  If you are a member of the Microsoft Site 
-#Builder Network, you probably do NOT want to block this ID.
-#SecRule HTTP_User-Agent "Microsoft URL Control"
-#SecRule HTTP_User-Agent  "^Microsoft URL"
-
-#e-mail collectors and spammers
-SecRule HTTP_User-Agent "WebBandit"
-SecRule HTTP_User-Agent "WEBMOLE"
-SecRule HTTP_User-Agent "Telesoft*"
-SecRule HTTP_User-Agent "WebEMailExtractor"
-SecRule HTTP_User-Agent "CherryPicker*"
-SecRule HTTP_User-Agent NICErsPRO
-SecRule HTTP_User-Agent "Advanced Email Extractor*"
-SecRule HTTP_User-Agent EmailSiphon
-SecRule HTTP_User-Agent Extractorpro
-SecRule HTTP_User-Agent webbandit
-SecRule HTTP_User-Agent EmailCollector
-SecRule HTTP_User-Agent "WebEMailExtrac*"
-SecRule HTTP_User-Agent EmailWolf
-
-#Spiders that eat up bandwidth for their customers
-#Not a spammer, just a spider, comment out if you like
-SecRule HTTP_User-Agent "CopyRightCheck"
-SecRule HTTP_User-Agent "CopyGuard"
-SecRule HTTP_User-Agent "Digimarc WebReader"
-
-#MArketing spiders
-SecRule HTTP_User-Agent  "Zeus .*Webster Pro*"
-
-#Poker spam
-SecRule HTTP_User-Agent  "8484 Boston Project"
-
-#collectors
-SecRule HTTP_User-Agent  "autoemailspider"
-SecRule HTTP_User-Agent  "ecollector"
-SecRule HTTP_User-Agent  "grub crawler"
-
-#referrer spam, not the real weblogs
-SecRule HTTP_User-Agent  "^www\.weblogs\.com"
-
-#spam bots
-SecRule HTTP_User-Agent  "DTS Agent"
-SecRule HTTP_User-Agent  "POE-Component-Client"
-SecRule HTTP_User-Agent  "WISEbot"
-SecRule HTTP_User-Agent  "^Shockwave Flash"
-SecRule HTTP_User-Agent  "Missigua"
-
-#comment spam sign
-SecRule HTTP_User-Agent  "compatible \; MSIE"
-
-#Some regexps to catch silly bots
-SecRule REQUEST_URI "!/ps(zones\|comp).txt1" chain
-SecRule HTTP_User-Agent "^(google|i?explorer?\.exe|(MS)?IE( [0-9.]+)?[ ]?(Compatible( Browser)?)?)$"
-SecRule HTTP_User-Agent "^(Mozilla( [0-9.]+)?[ ]?\((Windows|Linux|(IE )?Compatible)\))$"
-SecRule HTTP_User-Agent "^Mozilla/5\.0 \(X11; U; Linux i686; en-US; rv\:0\.9\.6\+\) Gecko/2001112$"
-SecRule HTTP_User-Agent "^Mozilla/[0-9.]+ \(compatible; MSIE [0-9.]+; Windows( NT)?( [0-9.]*)?;[0-9./ ]*\)?$"
-SecRule HTTP_User-Agent "^Mozilla/.+[. ]+$"
-
-#spammer
-SecRule HTTP_User-Agent "Butch__2\.1\.1"
-SecRule HTTP_User-Agent "agdm79@mail\.ru"
-
-#Fake Gameboy UA
-SecRule HTTP_User-Agent "GameBoy\, Powered by Nintendo"
-
-#bogus amiga UA
-SecRule HTTP_User-Agent "Amiga-AWeb/3\.4"
-
-#exploit UA
-SecRule HTTP_User-Agent "Internet Ninja x\.0"
-
-#bogus googlebot UA
-SecRule HTTP_User-Agent "Nokia-WAPToolkit.* googlebot.*googlebot"
-
-#recently caught sending spam referrals, from their actual crawler IP
-SecRule HTTP_User-Agent "BecomeBot"
-
-#Suverybot
-#SecRule HTTP_User-Agent "SurveyBot"
-
-#exploit
-SecRule HTTP_User-Agent "S\.T\.A\.L\.K\.E\.R\."
-SecRule HTTP_User-Agent "NeuralBot/0\.2"
-SecRule HTTP_User-Agent "Kenjin Spider"
-
-#WebvulnScan
-SecRule HTTP_User-Agent "WebVulnScan"
-
-#broken spam tool
-SecRule HTTP_User-Agent "Mozilla/4\.0 \(compatible\; MSIE 6\.0\; Windows NT 5\.1$"
-
-#PHPBB worm UA
-SecRule HTTP_User-Agent "INTERNET EXPLOITER SUX"
-
-#fake UA
-SecRule HTTP_User-Agent "Windows-Update-Agent"
-
-#exploit
-SecRule HTTP_User-Agent "Internet-exprorer"
-
-# Bad Spider
-SecRule HTTP_User-Agent "hl_ftien_spider"
-
-# PMAFind 
-SecRule HTTP_User-Agent "PMAFind"