D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
opt
/
bitninja-waf
/
etc
/
BitNinja
/
Filename :
401-WORDPRESS-BACKDOOR-PROTECTION.conf
back
Copy
SecRule REQUEST_URI ".*/wp-admin/admin-ajax.php" \ "id:401004, \ phase:2,\ rev:'1',\ msg:'Wordpress Backdoor Protection. Arbitrary file upload in Fancy Product Designer. CVE-2021-24370 (%{IP.wp_admin_in})',\ logdata:'Wordpress Backdoor Protection. Arbitrary file upload in Fancy Product Designer. CVE-2021-24370 (%{IP.wp_admin_in})',\ block,\ severity:CRITICAL,\ chain" SecRule ARGS_GET:action "fpd_custom_uplod_file" "chain" SecRule REQUEST_BODY "(?:(?:<\?php|<\?)\s)" "setvar:tx.bn_inbound_found=+1" SecRule &ARGS_POST "@gt 0" \ "id:401002, \ phase:2,\ rev:'1',\ msg:'Wordpress Backdoor Protection. Block HTTP POST method php calls for the themes directory (*/wp-includes/*.php)',\ logdata:'Wordpress Backdoor Protection. Block HTTP POST method php calls for the themes directory (*/wp-includes/*.php)',\ block,\ severity:CRITICAL,\ chain" SecRule REQUEST_URI ".*/wp-includes/.*.php" "setvar:tx.bn_inbound_found=+1" SecRule &ARGS_POST "@gt 0" \ "id:401001, \ phase:2,\ rev:'1',\ msg:'Wordpress Backdoor Protection. Block HTTP POST method php calls for the themes directory (*/themes/*.php)',\ logdata:'Wordpress Backdoor Protection. Block HTTP POST method php calls for the themes directory (*/themes/*.php)',\ block,\ severity:CRITICAL,\ chain" SecRule REQUEST_URI ".*/themes/.*.php" "setvar:tx.bn_inbound_found=+1" SecRule &ARGS_POST "@gt 0" \ "id:401003, \ phase:2,\ rev:'1',\ msg:'Wordpress Backdoor Protection. Block HTTP POST method php calls for the themes directory (*/wp-content/uploads/*.php)',\ logdata:'Wordpress Backdoor Protection. Block HTTP POST method php calls for the themes directory (*/wp-content/uploads/*.php)',\ block,\ severity:CRITICAL,\ chain" SecRule REQUEST_URI ".*/wp-content/uploads/.*.php" "setvar:tx.bn_inbound_found=+1" SecRule REQUEST_URI ".*/wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php" \ "id:401005, \ phase:2,\ rev:'1',\ msg:'Wordpress Backdoor Protection. Arbitrary file upload in Fancy Product Designer. CVE-2021-24370',\ logdata:'Wordpress Backdoor Protection. Arbitrary file upload in Fancy Product Designer. CVE-2021-24370',\ block,\ severity:CRITICAL,\ chain" SecRule REQUEST_BODY "(?:(?:<\?php|<\?)\s)" "setvar:tx.bn_inbound_found=+1" SecRule REQUEST_METHOD "@rx ^POST$" \ "id:401006,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ logdata:'Login attempt to WordPress with different referer',\ msg:'Login attempt to WordPress with different referer'" SecRule REQUEST_URI "@contains /wp-login.php" "chain,t:none" SecRule REQUEST_HEADERS:Referer "!@contains %{SERVER_NAME}" "t:none,setvar:'tx.bn_inbound_found=+1'"