Important: The following are free for non commercial use. This means you can download and use them as an end user only. Any commercial use of those rules is prohibited without the consent of the organization. 001-backdoors.conf Known URL line injections that take advantage of known (php) vulnerablities. # PHP Shells SecFilterSelective REQUEST_URI "/phpterm" SecFilterSelective THE_REQUEST "/phpshell\.ph(p(3|4)?|tml)" SecFilterSelective THE_REQUEST "/phpshell\.(gif|jpg|txt|bmp)\?" SecFilterSelective THE_REQUEST "/shell\.ph(p(3|4)?|tml)\?" SecFilterSelective THE_REQUEST "/shell\.(gif|jpg|txt|bmp)\?" SecFilterSelective THE_REQUEST "/bash\.ph(p(3|4)?|tml)\?" SecFilterSelective THE_REQUEST "/bash\.(gif|jpg|txt|bmp)\?" #Backdoor SecFilterSelective THE_REQUEST "/phpbackdoor" SecFilterSelective THE_REQUEST "/phpbackdoor\.php\?cmd=" SecFilterSelective THE_REQUEST "/phpbackdoor.*\.php\?cmd=" #Wiki up SecFilterSelective THE_REQUEST "/img/wiki_up/.*\.(php(3|4)?|tml|cgi|sh)" SecFilterSelective THE_REQUEST "wiki_up/gif\.ph(p(3|4)?|tml)" SecFilterSelective THE_REQUEST "wiki_up/ion\.ph(p(3|4)?|tml)" SecFilterSelective THE_REQUEST "wiki_up/jpg\.ph(p(3|4)?|tml)" SecFilterSelective THE_REQUEST "wiki_up/lala\.ph(p(3|4)?|tml)" SecFilterSelective THE_REQUEST "wiki_up/.*\.ph(p(3|4)?|tml)"

(c) 2005-2006 WebSecurityAuthority.org
ModSecurity and mod_security are trademarks of Thinking Stone Ltd (http://www.thinkingstone.com)
For more information or enquires please send us an email at info@WebSecurityAuthority.org