11
●2.378
$rev:0.16;changed:Sun, 08 Oct 2006 16:13:09 +0200 #################################################################### # # Created by Audun Larsen (audun.larsen@lkonsult.no) # # Copyright 2006 Larsen Konsult (www.lkonsult.no) # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS # FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; # OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # #################################################################### # # Data set Where (regex) Search for (regex) Action Log msg # ############################################################################################################################### HTTP_HEADERS "^HTTP_USER_AGENT$" "^spybot" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Mosiac 1.*" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Brutus\/AET" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "cgichk" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "DataCha0s\/2.0" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Morzilla" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "xmlrpc exploit" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Wordpress Hash Grabber" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "lwp" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Web Downloader" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "WebZIP" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "WebCopier" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Webster" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "WebStripper" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "teleport pro" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "combine" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Black Hole" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "SiteSnagger" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "ProWebWalker" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "CheeseBot" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Mozilla\/(4|5).0$" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "FooBar\/42" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Microsoft Internet Explorer\/5.0$" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Nessus" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Nikto" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Faxobot" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Crescent Internet ToolPak" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "WebBandit" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "WEBMOLE" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Telesoft" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "WebEMailExtractor" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "CherryPicker" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "NICErsPRO" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Advanced Email Extractor" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "EmailSiphon" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Extractorpro" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "webbandit" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "EmailCollector" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "WebEMailExtrac" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "EmailWolf" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "CopyRightCheck" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "CopyGuard" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Digimarc WebReader" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "DTS Agent" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "WISEbot" block Bad user-agent HTTP_HEADERS "^HTTP_USER_AGENT$" "Missigua" block Bad user-agentsqlinjection.txt
HTTP_POST "" "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)" block SQL injection in POST data HTTP_GET "" "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)" block SQL injection in GET data HTTP_COOKIE "" "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)" block SQL injection in GET data HTTP_HEADERS "^HTTP_REFERER$ "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)" block SQL injection in HTTP_REFERERyalnız o robots.txt idi yazmakta fayda var. Artık robots.txt ide ne kadar tınladıkalrınada bağlı
En kısa zamanda bende deneyeceğim.
