Gecko [ www.finalhopeacademy.com ]

Name	Size	Permission
00_Init_Initialization.conf	3.27 KB	-rw-r--r--
01_Init_AppsInitialization.con...	1.84 KB	-rw-r--r--
02_Global_Generic.conf	23.78 KB	-rw-r--r--
03_Global_Agents.conf	5.15 KB	-rw-r--r--
04_Global_Domains.conf	3.3 KB	-rw-r--r--
05_Global_Incoming.conf	1.42 KB	-rw-r--r--
06_Global_Backdoor.conf	2.2 KB	-rw-r--r--
07_XSS_XSS.conf	36.21 KB	-rw-r--r--
08_Global_Other.conf	7.44 KB	-rw-r--r--
09_Bruteforce_Bruteforce.conf	5.98 KB	-rw-r--r--
10_HTTP_HTTP.conf	4.11 KB	-rw-r--r--
11_HTTP_HTTPDoS.conf	3.95 KB	-rw-r--r--
12_HTTP_Protocol.conf	12.1 KB	-rw-r--r--
13_HTTP_Request.conf	2.42 KB	-rw-r--r--
14_Outgoing_FilterGen.conf	5.35 KB	-rw-r--r--
15_Outgoing_FilterASP.conf	1.75 KB	-rw-r--r--
16_Outgoing_FilterPHP.conf	2.54 KB	-rw-r--r--
17_Outgoing_FilterSQL.conf	11.83 KB	-rw-r--r--
18_Outgoing_FilterOther.conf	3.57 KB	-rw-r--r--
19_Outgoing_FilterInFrame.conf	1.86 KB	-rw-r--r--
20_Outgoing_FiltersEnd.conf	2.49 KB	-rw-r--r--
21_PHP_PHPGen.conf	1.59 KB	-rw-r--r--
22_SQL_SQLi.conf	13.72 KB	-rw-r--r--
23_ROR_RORGen.conf	2.97 KB	-rw-r--r--
24_Apps_Joomla.conf	7.85 KB	-rw-r--r--
25_Apps_JComponent.conf	42.66 KB	-rw-r--r--
26_Apps_WordPress.conf	10.96 KB	-rw-r--r--
27_Apps_WPPlugin.conf	414.97 KB	-rw-r--r--
28_Apps_WHMCS.conf	967 B	-rw-r--r--
29_Apps_Drupal.conf	83.09 KB	-rw-r--r--
30_Apps_OtherApps.conf	484.08 KB	-rw-r--r--
LICENSE.txt	11.09 KB	-rw-r--r--
bl_IPs	0 B	-rw-r--r--
bl_URLs	714 B	-rw-r--r--
bl_agents	1.92 KB	-rw-r--r--
bl_domains	134.24 KB	-rw-r--r--
bl_input	3.84 KB	-rw-r--r--
bl_os_files	29.46 KB	-rw-r--r--
bl_output	2.17 KB	-rw-r--r--
bl_output_java	240 B	-rw-r--r--
bl_output_php	8.88 KB	-rw-r--r--
bl_output_sql	1.77 KB	-rw-r--r--
bl_php_functions	589 B	-rw-r--r--
bl_scanners	539 B	-rw-r--r--
bl_scanners_headers	216 B	-rw-r--r--
bl_scanners_urls	418 B	-rw-r--r--
categories.conf	262.29 KB	-rw-r--r--
cwatch_managed_domains	0 B	-rw-r--r--
cwatch_protected_domains	0 B	-rw-r--r--
rules.conf.main	975 B	-rw-r--r--
rules.dat	5 B	-rw-r--r--
userdata_bl_IPs	50 B	-rw-r--r--
userdata_bl_URLs	109 B	-rw-r--r--
userdata_bl_agents	37 B	-rw-r--r--
userdata_bl_cookies	34 B	-rw-r--r--
userdata_bl_domains	34 B	-rw-r--r--
userdata_bl_extensions	375 B	-rw-r--r--
userdata_bl_headers	98 B	-rw-r--r--
userdata_bl_referers	35 B	-rw-r--r--
userdata_login_pages	149 B	-rw-r--r--
userdata_wl_IPs	125 B	-rw-r--r--
userdata_wl_URLs	48 B	-rw-r--r--
userdata_wl_agents	37 B	-rw-r--r--
userdata_wl_content_type	193 B	-rw-r--r--
userdata_wl_domains	34 B	-rw-r--r--
userdata_wl_extensions	54 B	-rw-r--r--
userdata_wl_methods	30 B	-rw-r--r--

Code Editor : 26_Apps_WordPress.conf

# ---------------------------------------------------------------
# Comodo ModSecurity Rules
# Copyright (C) 2022 Comodo Security solutions All rights reserved.
#
# The COMODO SECURITY SOLUTIONS Mod Security Rule Set is distributed under
# THE COMODO SECURITY SOLUTIONS END USER LICENSE AGREEMENT,
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# ---------------------------------------------------------------

SecRule &TX:WordPress "@eq 0" \
	"id:225250,msg:'COMODO WAF: Track unauthenticated request in WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,t:none,skipAfter:'WP_Skip_URF_225040',rev:1,severity:2,tag:'CWAF',tag:'WordPress'"

SecRule &TX:XSS_SQLi "@eq 0" \
	"id:225230,msg:'COMODO WAF: Track same forbidden symbols to Ignore signature for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,t:none,skipAfter:'IGNORE_SFS_XSS_SQLi_WP',rev:1,severity:2,tag:'CWAF',tag:'WordPress'"

SecRule TX:WordPress "@eq 1" \
	"id:225040,chain,msg:'COMODO WAF: XSS vulnerability in WordPress 3.7 to 4.4 (CVE-2016-1564)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule ARGS:theme "@contains <" \
	"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_BASENAME "@streq customize.php" \
	"t:none,t:urlDecodeUni,t:lowercase"

SecRule TX:WordPress "@eq 1" \
	"id:225120,chain,msg:'COMODO WAF: XSS vulnerability in WordPress before 4.6.1 (CVE-2016-7168)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule REQUEST_BASENAME "@streq media-new.php" \
	"chain,t:none,t:urlDecodeUni"
SecRule FILES "@rx (?:\<(.+)\>)" \
	"chain,capture,t:none,t:urlDecodeUni"
SecRule TX:1 "@contains =" \
	"t:none"

SecRule TX:WordPress "@eq 1" \
	"id:225100,chain,msg:'COMODO WAF: XSS vulnerability in the network settings page in WordPress 4.4.4 (CVE-2016-6634)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule REQUEST_FILENAME "@contains wp-admin/network/settings.php" \
	"chain,t:none,t:normalizePath"
SecRule ARGS_POST:first_comment_author "@rx \x22" \
	"t:none,t:urlDecodeUni,t:htmlEntityDecode"

SecRule TX:WordPress "@eq 1" \
	"id:225140,chain,msg:'COMODO WAF: XSS vulnerability in the in WordPress before 4.5.3 (CVE-2016-5834)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule ARGS_POST:action "@streq upload-attachment" \
	"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule FILES "@contains <" \
	"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_BASENAME "@streq async-upload.php" \
	"t:none,t:urlDecodeUni,t:lowercase"

SecRule TX:WordPress "@eq 1" \
	"id:225141,chain,msg:'COMODO WAF: XSS vulnerability in the in WordPress before 4.5.3 (CVE-2016-5834)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule ARGS_POST:html-upload "@streq upload" \
	"chain,t:none,t:lowercase"
SecRule FILES "@contains <" \
	"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@streq media-new.php" \
	"t:none,t:urlDecodeUni,t:lowercase"

SecRule TX:Wordpress "@eq 1" \
	"id:225150,chain,msg:'COMODO WAF: XSS vulnerability in WordPress before 4.3.1 (CVE-2015-7989)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule ARGS_POST:email "@contains '" \
	"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@rx \/wp-admin\/(?:user\-(?:new|edit)|profile)\.php$" \
	"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"

SecMarker IGNORE_SFS_XSS_SQLi_WP
SecRule TX:WordPress "@eq 1" \
	"id:225110,chain,msg:'COMODO WAF: Authenticated Denial of Service by Path Traversal in WordPress 4.5.3 (CVE-2016-6896)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule ARGS:action "@streq update-plugin" \
	"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
	"chain,t:none,t:urlDecodeUni"
SecRule ARGS_POST:plugin "@rx (?:^[\\\/]|:|\.\.)[\\\/]" \
	"t:none,t:urlDecodeUni"

SecRule TX:WordPress "@eq 1" \
	"id:225210,chain,msg:'COMODO WAF: Unrestricted file upload vulnerability in WordPress 4.9.7 (CVE-2018-14028)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule REQUEST_BASENAME "@streq update.php" \
	"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:action "@rx ^upload-(?:plugin|theme)$" \
	"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule FILES "!@rx \.zip$" \
	"t:none,t:urlDecodeUni,t:lowercase"

SecRule TX:WordPress "@eq 1" \
	"id:225240,chain,msg:'COMODO WAF: LFI vulnerability in WordPress through 5.0.3 (CVE-2019-8943)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule &ARGS_POST:attachment_url "@ge 1" \
	"chain,t:none"
SecRule ARGS_POST:meta_input[_wp_attached_file] "@contains ../" \
	"t:none,t:urlDecodeUni"

SecMarker WP_Skip_URF_225040
SecRule REQUEST_FILENAME "@contains /wp-content/plugins/sexy-contact-form/includes/fileupload/" \
	"id:240020,chain,msg:'COMODO WAF: Protecting WordPress Creative Contact Form Files folder||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,t:none,t:urlDecodeUni,t:lowercase,t:normalizePath,rev:5,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule FILES "@rx \.(?:php|js|pl)(?:\.|$)" \
	"t:none,t:lowercase,t:urlDecodeUni"

SecRule REQUEST_FILENAME "@contains /wp-content/plugins/sexy-contact-form/includes/fileupload/files/" \
	"id:240022,chain,msg:'COMODO WAF: Protecting WordPress Creative Contact Form Files folder||%{tx.domain}|%{tx.mode}|2',phase:2,deny,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,t:normalizePath,rev:5,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule REQUEST_BASENAME "@rx \.(?:php|js|pl)(?:\.|$)" \
	"t:none,t:urlDecodeUni,t:lowercase"

SecRule ARGS:comment "@ge 65536" \
	"id:225010,chain,msg:'COMODO WAF: XSS vulnerability in WordPress before 4.2.1 (CVE-2015-3440,CVE-2015-8834)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:length,rev:4,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule REQUEST_FILENAME "@endsWith wp-comments-post.php" \
	"t:none,t:lowercase"

SecRule ARGS:content "@ge 65536" \
	"id:225011,chain,msg:'COMODO WAF: XSS vulnerability in WordPress before 4.2.1 (CVE-2015-3440)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:length,rev:4,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule REQUEST_FILENAME "@endsWith comment.php" \
	"chain,t:none,t:lowercase"
SecRule REQUEST_COOKIES_NAMES "@contains wordpress_" \
	"t:none"

SecRule ARGS:comment "@contains %u" \
	"id:225030,chain,msg:'COMODO WAF: XSS vulnerability in WordPress before 4.1.2 (CVE-2015-3438)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:5,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule REQUEST_FILENAME "@endsWith wp-comments-post.php" \
	"chain,t:none,t:lowercase"
SecRule ARGS:comment "@rx (\%u[a-f0-9]{5,8})" \
	"chain,capture,t:none,t:utf8toUnicode"
SecRule TX:1 "@beginsWith 0" \
	"chain,t:none,t:urlDecodeUni,t:hexEncode"
SecRule TX:1 "@eq 4" \
	"t:none,t:urlDecodeUni,t:hexEncode,t:length"

SecRule TX:WordPress "@eq 1" \
	"id:225031,chain,msg:'COMODO WAF: XSS vulnerability in WordPress before 4.1.2 (CVE-2015-3438)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:5,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule &ARGS:comment_ID "@ge 1" \
	"chain,t:none"
SecRule ARGS:comment "@contains %u" \
	"chain,t:none,t:lowercase"
SecRule ARGS:content "@rx (\%u[a-f0-9]{5,8})" \
	"chain,capture,t:none,t:utf8toUnicode"
SecRule REQUEST_FILENAME "@rx (?:admin\-ajax|comment).php$" \
	"chain,t:none,t:lowercase"
SecRule TX:1 "@eq 4" \
	"chain,t:none,t:urlDecodeUni,t:hexEncode,t:length"
SecRule TX:1 "@beginsWith 0" \
	"t:none,t:urlDecodeUni,t:hexEncode"

SecRule REQUEST_FILENAME "@contains /wp-includes/js/" \
	"id:225080,chain,msg:'COMODO WAF: XSS vulnerability in Plupload before 2.1.9 or MediaElement.js before 2.21.0, as used in WordPress before 4.5.2 (CVE-2016-4566 &amp; CVE-2016-4567)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule REQUEST_BASENAME "@within flashmediaelement.swf plupload.flash.swf" \
	"chain,t:none,t:lowercase"
SecRule ARGS_GET "!@rx ^[\d\.ab]+$" \
	"t:none"

SecRule REQUEST_FILENAME "@contains wp/v2/posts" \
	"id:225160,chain,msg:'COMODO WAF: Content injection vulnerability in WordPress 4.7.x before 4.7.2 (CVE-2017-1001000)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule ARGS:id "@rx \D" \
	"t:none"

SecRule REQUEST_URI "@contains /wp-json/wp/v2/users" \
	"id:225170,chain,msg:'COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:3,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule &REQUEST_COOKIES_NAMES:/^wordpress_logged_in_[0-9a-fA-F]{32}$/ "@eq 0" \
	"chain,t:none"
SecRule &REQUEST_COOKIES_NAMES:/^wordpress_[0-9a-fA-F]{32}$/ "@eq 0" \
	"t:none"

SecRule &IP:wp_pressthis_dos "@eq 0" \
	"id:225180,chain,msg:'COMODO WAF: Tracking possible DoS attempt in WordPress before 4.7.3 (CVE-2017-6819)||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,t:none,rev:3,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule ARGS:url-scan-submit|ARGS:u "!@rx ^$" \
	"chain,t:none"
SecRule REQUEST_FILENAME "@endsWith wp-admin/press-this.php" \
	"setvar:'ip.wp_pressthis=+1',expirevar:'ip.wp_pressthis=10',t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"

SecRule &IP:wp_pressthis_dos "@eq 0" \
	"id:225181,chain,msg:'COMODO WAF: Tracking possible DoS attempt in WordPress before 4.7.3 (CVE-2017-6819)||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,t:none,rev:3,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule IP:wp_pressthis "@ge 5" \
	"setvar:'ip.wp_pressthis_dos=1',expirevar:'ip.wp_pressthis_dos=300',t:none"

SecRule IP:wp_pressthis_dos "@eq 1" \
	"id:225182,chain,msg:'COMODO WAF: Possible DoS attempt in WordPress before 4.7.3 (CVE-2017-6819)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule &ARGS:url-scan-submit "@ge 1" \
	"chain,t:none"
SecRule REQUEST_FILENAME "@endsWith wp-admin/press-this.php" \
	"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"

SecRule ARGS_GET:fn "@contains .." \
	"id:225190,chain,msg:'COMODO WAF: Unauthenticated Directory traversal vulnerability in Javo Spot Premium Theme for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:1,severity:2,tag:'CWAF',tag:'WordPress'"
SecRule ARGS_GET:action "@streq jvfrm_spot_get_json" \
	"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
	"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"

${this.title}

Code Editor : 26_Apps_WordPress.conf