aboutsummaryrefslogtreecommitdiffstats
path: root/config/apache_mod_security/rules/blacklist.conf
diff options
context:
space:
mode:
Diffstat (limited to 'config/apache_mod_security/rules/blacklist.conf')
-rw-r--r--config/apache_mod_security/rules/blacklist.conf97
1 files changed, 97 insertions, 0 deletions
diff --git a/config/apache_mod_security/rules/blacklist.conf b/config/apache_mod_security/rules/blacklist.conf
new file mode 100644
index 00000000..5864ab49
--- /dev/null
+++ b/config/apache_mod_security/rules/blacklist.conf
@@ -0,0 +1,97 @@
+# http://www.gotroot.com/mod_security+rules
+# Comment Spam Rules for modsec 2.x
+# NOTICE: THESE RULES ARE OBSOLETE AND ARE NO LONGER SUPPORTED
+# Visit http://www.gotroot.com to download supported rules
+#
+# Download from: http://www.gotroot.com/downloads/ftp/mod_security/2.0/blacklist.conf
+#
+# Created by Michael Shinn of the Prometheus Group (http://www.prometheus-group.com)
+# Copyright 2005 and 2006 by Michael Shinn and the Prometheus Group, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+#Version: N-20061022-01
+#
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+
+
+#http://www.gotroot.com
+#see website for more information
+SecRule REQUEST_URI "!(/compose\.php\?)" chain
+SecRule ARGS|REQUEST_BODY|REQUEST_URI "Subject\:" chain
+SecRule ARGS:Bcc ".*\@"
+SecRule REQUEST_URI "!(/compose\.php\?)" chain
+SecRule ARGS|REQUEST_BODY|REQUEST_URI "Subject\:" chain
+SecRule ARGS|REQUEST_BODY|REQUEST_URI "\s*bcc\:"
+SecRule REQUEST_URI "!(/compose\.php\?)" chain
+SecRule ARGS|REQUEST_BODY|REQUEST_URI "\s*bcc\:\s*[a-z0-9._%-]+@[A-Z0-9.-]+\.[a-z]{2,}"
+SecRule REQUEST_URI "!(/compose\.php\?)" chain
+SecRule ARGS "\n[[:space:]]*(to|b?cc)[[:space:]]*:.*@"
+SecRule REQUEST_URI "!(/compose\.php\?)" chain
+SecRule ARGS "\s*bcc\:\s*[a-z0-9._%-]+\@.*\.[a-z]{2,}"
+SecRule HTTP_x-aaaaaaaaa|HTTP_XAAAAAAAAA ".+$"
+SecRule HTTP_x-aaaaaaaaaaa|HTTP_XAAAAAAAAAAA ".+$"
+SecRule HTTP_x-aaaaaaaaaaaa|HTTP_X_AAAAAAAAAAAA ".+$"
+#SecRule HTTP_XXXXXXXXXXXXXXX ".+$"
+
+#unknown pattern in testing, logging only, please send
+#any patterns RELATED TO SPAM OR ATTACKS you log with with these rules
+#please do not send false positives for this rule set, just turn it off
+#SecRule HTTP_aaaaaaaaa|HTTP_AAAAAAAAA ".+$" "log,pass"
+#SecRule HTTP_aaaaaaaaaaa|HTTP_AAAAAAAAAAA ".+$" "log,pass"
+#SecRule HTTP_aaaaaaaaaaaa|HTTP_AAAAAAAAAAAA ".+$" "log,pass"
+#SecRule HTTP_aaaaaaaaaaaaaaa|HTTP_AAAAAAAAAAAAAAA ".+$" "log,pass"
+
+SecRule HTTP_Referer|ARGS "(blow)+[\w\-_.]*(jobs?)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(gay)+[\w\-_.]*(beastiality)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(beastilality)+[\w\-_.]*(stories)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(free)+[\w\-_.]*(beastiality)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(horse|animal|dog)+[\w\-_.]*(porn|cocks|dick|sex|penis|blowj.*)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(buy)+[\w\-_.]*online[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(diet|penis)+[\w\-_.]*(pills|enlargement)[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(enlarg|enhanc).*(male|penis|natural).*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(enlarg|enhanc).*(male|penis|natural)\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(online)+[\w\-_.]*pharmacy"
+SecRule HTTP_Referer|ARGS "(i|la)-sonneries?[\w\-_.]*\.[a-z]{2,}"
+SecRule REQUEST_URI "!(/sugarcrm/index\.php)" chain
+SecRule HTTP_Referer|ARGS "(silagra|morphine|ritalin|levitra|lolita|carisoprodol|phentermine|amitriptyline|diethylpropion|viagra|lisinopril|vig-?rx|zyban|valtex|xenical|adipex|meridia)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(ephedrine|neurontin|glucosamine|testosterone|cialis|lipitor|effexor|propecia|celebrex|gluclosamine|lexapro|ephedra|levitra)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(magazine)+[\w\-_.]*(finder|netfirms)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(male|penis)enlarg*\.(biz|com|net|org|us|info)"
+SecRule HTTP_Referer|ARGS "(male|penis).*(enlarg|enhanc|natural|pill|surgery|traction)"
+SecRule HTTP_Referer|ARGS "(mike)+[\w\-_.]*apartment[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(milf)+[\w\-_.]*(hunter|moms|fucking|lessons)[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(natural|penis|male).*(enlarg.*|enhanc.*)"
+SecRule HTTP_Referer|ARGS "(natural|penis|male)+[\w\-_.]*(enlarg.*|enhanc.*)"
+SecRule HTTP_Referer|ARGS "(online)+[\w\-_.]*(prescription|casino|roulette|slot)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "[\w\-_.]*(casino|roulette)\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "[\w\-_.]*(casino|roulette).*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(slot)+[\w\-_.]*machines\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(prozac|zoloft|xanax|valium|hydrocodone|vicodin|paxil|vioxx)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(ragazze)-?\w+\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(texas)+[\w\-_.]*holdem"
+SecRule HTTP_Referer|ARGS "(phentermine)+[\w\-_.]*online"
+SecRule HTTP_Referer|ARGS "(texas)+[\w\-_.]*hold[\w\-_.].*em"
+SecRule HTTP_Referer|ARGS "texas[\w\-_.]hold[\w\-_.]em"
+SecRule HTTP_Referer|ARGS "pacific+[\w\-_.]*poke.*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "poker+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "[\w\-_.]*poker\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "[\w\-_.]*poker.*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "poker.*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(random|free|internet)+[\w\-_.]*slots\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(wellbutrin|tenuate|tramadol|pheromones|phendimetrazine|ionamin|ortho.?tricyclen|retin.?a\b)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "ultram\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(celexa|valtrex|zyrtec|\bhgh\b|ambien\b|flonase|allegra|didrex|renova|bontril|nexium)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "([\w\-_.]+\.)?(l(so|os)tr)\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(lose[\w\-_.]*weight|weight[\w\-_.]*loss).*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(prices|pills|buy|diet*|medic(ine|ation|al)|dru.*)\.pharma.*\.[a-z]{2,}"
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-23 08:35:45 +0000