Created
August 9, 2010 18:51
-
-
Save aenigme/515905 to your computer and use it in GitHub Desktop.
Perishable Press 4G Blacklist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### PERISHABLE PRESS 4G BLACKLIST ### | |
# ESSENTIALS | |
RewriteEngine on | |
ServerSignature Off | |
Options All -Indexes | |
Options +FollowSymLinks | |
# FILTER REQUEST METHODS | |
<IfModule mod_rewrite.c> | |
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC] | |
RewriteRule ^(.*)$ - [F,L] | |
</IfModule> | |
# BLACKLIST CANDIDATES | |
<Limit GET POST PUT> | |
Order Allow,Deny | |
Allow from all | |
Deny from 75.126.85.215 "# blacklist candidate 2008-01-02 = admin-ajax.php attack " | |
Deny from 128.111.48.138 "# blacklist candidate 2008-02-10 = cryptic character strings " | |
Deny from 87.248.163.54 "# blacklist candidate 2008-03-09 = block administrative attacks " | |
Deny from 84.122.143.99 "# blacklist candidate 2008-04-27 = block clam store loser " | |
Deny from 210.210.119.145 "# blacklist candidate 2008-05-31 = block _vpi.xml attacks " | |
Deny from 66.74.199.125 "# blacklist candidate 2008-10-19 = block mindless spider running " | |
Deny from 203.55.231.100 "# 1048 attacks in 60 minutes" | |
Deny from 24.19.202.10 "# 1629 attacks in 90 minutes" | |
</Limit> | |
# QUERY STRING EXPLOITS | |
<IfModule mod_rewrite.c> | |
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR] | |
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR] | |
RewriteCond %{QUERY_STRING} tag\= [NC,OR] | |
RewriteCond %{QUERY_STRING} ftp\: [NC,OR] | |
RewriteCond %{QUERY_STRING} http\: [NC,OR] | |
RewriteCond %{QUERY_STRING} https\: [NC,OR] | |
RewriteCond %{QUERY_STRING} mosConfig [NC,OR] | |
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|'|"|;|\?|\*).* [NC,OR] | |
RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3E|%5C|%7B|%7C).* [NC,OR] | |
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR] | |
RewriteCond %{QUERY_STRING} ^.*(globals|encode|config|localhost|loopback).* [NC,OR] | |
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC] | |
RewriteRule ^(.*)$ - [F,L] | |
</IfModule> | |
# CHARACTER STRINGS | |
<IfModule mod_alias.c> | |
# BASIC CHARACTERS | |
RedirectMatch 403 \, | |
RedirectMatch 403 \: | |
RedirectMatch 403 \; | |
RedirectMatch 403 \= | |
RedirectMatch 403 \@ | |
RedirectMatch 403 \[ | |
RedirectMatch 403 \] | |
RedirectMatch 403 \^ | |
RedirectMatch 403 \` | |
RedirectMatch 403 \{ | |
RedirectMatch 403 \} | |
RedirectMatch 403 \~ | |
RedirectMatch 403 \" | |
RedirectMatch 403 \$ | |
RedirectMatch 403 \< | |
RedirectMatch 403 \> | |
RedirectMatch 403 \| | |
RedirectMatch 403 \.\. | |
RedirectMatch 403 \/\/ | |
RedirectMatch 403 \%0 | |
RedirectMatch 403 \%A | |
RedirectMatch 403 \%B | |
RedirectMatch 403 \%C | |
RedirectMatch 403 \%D | |
RedirectMatch 403 \%E | |
RedirectMatch 403 \%F | |
RedirectMatch 403 \%22 | |
RedirectMatch 403 \%27 | |
RedirectMatch 403 \%28 | |
RedirectMatch 403 \%29 | |
RedirectMatch 403 \%3C | |
RedirectMatch 403 \%3E | |
RedirectMatch 403 \%3F | |
RedirectMatch 403 \%5B | |
RedirectMatch 403 \%5C | |
RedirectMatch 403 \%5D | |
RedirectMatch 403 \%7B | |
RedirectMatch 403 \%7C | |
RedirectMatch 403 \%7D | |
# COMMON PATTERNS | |
Redirectmatch 403 \_vpi | |
RedirectMatch 403 \.inc | |
Redirectmatch 403 xAou6 | |
Redirectmatch 403 db\_name | |
Redirectmatch 403 select\( | |
Redirectmatch 403 convert\( | |
Redirectmatch 403 \/query\/ | |
RedirectMatch 403 ImpEvData | |
Redirectmatch 403 \.XMLHTTP | |
Redirectmatch 403 proxydeny | |
RedirectMatch 403 function\. | |
Redirectmatch 403 remoteFile | |
Redirectmatch 403 servername | |
Redirectmatch 403 \&rptmode\= | |
Redirectmatch 403 sys\_cpanel | |
RedirectMatch 403 db\_connect | |
RedirectMatch 403 doeditconfig | |
RedirectMatch 403 check\_proxy | |
Redirectmatch 403 system\_user | |
Redirectmatch 403 \/\(null\)\/ | |
Redirectmatch 403 clientrequest | |
Redirectmatch 403 option\_value | |
RedirectMatch 403 ref\.outcontrol | |
# SPECIFIC EXPLOITS | |
RedirectMatch 403 errors\. | |
RedirectMatch 403 config\. | |
RedirectMatch 403 include\. | |
RedirectMatch 403 display\. | |
RedirectMatch 403 register\. | |
Redirectmatch 403 password\. | |
RedirectMatch 403 maincore\. | |
RedirectMatch 403 authorize\. | |
Redirectmatch 403 macromates\. | |
RedirectMatch 403 head\_auth\. | |
RedirectMatch 403 submit\_links\. | |
RedirectMatch 403 change\_action\. | |
Redirectmatch 403 com\_facileforms\/ | |
RedirectMatch 403 admin\_db\_utilities\. | |
RedirectMatch 403 admin\.webring\.docs\. | |
Redirectmatch 403 Table\/Latest\/index\. | |
</IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
http://perishablepress.com/press/2009/03/16/the-perishable-press-4g-blacklist/