Gecko [ fernandoquevedodop.com ]

Name	Size	Permission
10_modsecurity_crs_10_config.c...	36.14 KB	-rw-r--r--
999_dreamhost_request_limits.c...	5.18 KB	-rw-r--r--
99_dreamhost_rules.conf	14 KB	-rw-r--r--
99_modsec-crs-setup.conf	31.99 KB	-rw-r--r--
REQUEST-00-LOCAL-WHITELIST.con...	8.83 KB	-rw-r--r--
REQUEST-901-INITIALIZATION.con...	14.37 KB	-rw-r--r--
REQUEST-903.9001-DRUPAL-EXCLUS...	13.24 KB	-rw-r--r--
REQUEST-903.9002-WORDPRESS-EXC...	25.21 KB	-rw-r--r--
REQUEST-903.9003-NEXTCLOUD-EXC...	10.39 KB	-rw-r--r--
REQUEST-903.9004-DOKUWIKI-EXCL...	7.64 KB	-rw-r--r--
REQUEST-905-COMMON-EXCEPTIONS....	1.61 KB	-rw-r--r--
REQUEST-911-METHOD-ENFORCEMENT...	2.91 KB	-rw-r--r--
REQUEST-913-SCANNER-DETECTION....	3.54 KB	-rw-r--r--
REQUEST-920-PROTOCOL-ENFORCEME...	62.98 KB	-rw-r--r--
REQUEST-921-PROTOCOL-ATTACK.co...	20.54 KB	-rw-r--r--
REQUEST-930-APPLICATION-ATTACK...	7.94 KB	-rw-r--r--
REQUEST-931-APPLICATION-ATTACK...	8.72 KB	-rw-r--r--
REQUEST-933-APPLICATION-ATTACK...	32.12 KB	-rw-r--r--
REQUEST-934-APPLICATION-ATTACK...	3.83 KB	-rw-r--r--
REQUEST-942-APPLICATION-ATTACK...	94.3 KB	-rw-r--r--
REQUEST-943-APPLICATION-ATTACK...	5.5 KB	-rw-r--r--
REQUEST-944-APPLICATION-ATTACK...	21.99 KB	-rw-r--r--
REQUEST-949-BLOCKING-EVALUATIO...	7.98 KB	-rw-r--r--
RESPONSE-999-EXCLUSION-RULES-A...	4.03 KB	-rw-r--r--
WPtoolUA.data	318 B	-rw-r--r--
cachefly.ips.data	166 B	-rw-r--r--
crawlers-user-agents.data	786 B	-rw-r--r--
dh_whitelist_ip.data	0 B	-rw-r--r--
fastly.ips.data	189 B	-rw-r--r--
incapsula.ips.data	110 B	-rw-r--r--
java-classes.data	1.78 KB	-rw-r--r--
java-code-leakages.data	264 B	-rw-r--r--
java-errors.data	240 B	-rw-r--r--
lfi-os-files.data	11.44 KB	-rw-r--r--
maxcdn.ips.data	623 B	-rw-r--r--
mod_sec.conf	2.03 KB	-rw-r--r--
modsecurity_46_slr_et_joomla.d...	1.69 KB	-rw-r--r--
modsecurity_46_slr_et_wordpres...	1.69 KB	-rw-r--r--
php-config-directives.data	12.43 KB	-rw-r--r--
php-errors.data	74.21 KB	-rw-r--r--
php-function-names-933150.data	3.33 KB	-rw-r--r--
php-function-names-933151.data	37.21 KB	-rw-r--r--
php-variables.data	610 B	-rw-r--r--
restricted-files.data	3.97 KB	-rw-r--r--
restricted-upload.data	2.45 KB	-rw-r--r--
scanners-headers.data	216 B	-rw-r--r--
scanners-urls.data	418 B	-rw-r--r--
scanners-user-agents.data	1.9 KB	-rw-r--r--
scripting-user-agents.data	717 B	-rw-r--r--
sig_inspect.lua	66.56 KB	-rw-r--r--
spam-mailer.data	84 B	-rw-r--r--
sql-errors.data	4.27 KB	-rw-r--r--
staminus.ips.data	228 B	-rw-r--r--
unix-shell.data	7.65 KB	-rw-r--r--
windows-powershell-commands.da...	7.05 KB	-rw-r--r--

Code Editor : 999_dreamhost_request_limits.conf

#WhiteListing common WordPress Tool UAs
SecRule REQUEST_HEADERS:User-Agent "@pmFromFile WPtoolUA.data" "id:999000,phase:1,nolog,allow,ctl:ruleEngine=off"

#Wordpress Spam Bruteforce Mitigation
SecRule REQUEST_FILENAME "/xmlrpc.php" "chain,phase:1,id:999001,nolog,auditlog,deny,msg:'More than 11 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_XMLRPC=+1,expirevar:IP.HITCOUNT_XMLRPC=60"
		SecRule IP:HITCOUNT_XMLRPC "@gt 11"

#Bruteforce Mitigation
SecRule REQUEST_FILENAME "/article_add.php" "chain,phase:1,id:999002,nolog,auditlog,deny,msg:'More than 3 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_ARTICLE_ADD=+1,expirevar:IP.HITCOUNT_ARTICLE_ADD=60"
		SecRule IP:HITCOUNT_ARTICLE_ADD "@gt 3"

#Wordpress Spam Bruteforce Mitigation
SecRule REQUEST_FILENAME "/wp-comments-post.php" "chain,phase:1,id:999003,nolog,auditlog,deny,msg:'More than 11 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_WP_COMMENTS=+1,expirevar:IP.HITCOUNT_WP_COMMENTS=60"
		SecRule IP:HITCOUNT_WP_COMMENTS "@gt 11"

#MoveableType Spam Bruteforce Mitigation
SecRule REQUEST_FILENAME "/mt-comments.cgi" "chain,phase:1,id:999004,nolog,auditlog,deny,msg:'More than 3 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_MT_COMMENTS=+1,expirevar:IP.HITCOUNT_MT_COMMENTS=60"
		SecRule IP:HITCOUNT_MT_COMMENTS "@gt 3"

#Forum Spam  Bruteforce Mitigation
SecRule REQUEST_FILENAME "/register.php" "chain,phase:2,id:999005,nolog,auditlog,deny,msg:'More than 3 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule ARGS "do\=addmember" "chain"
		SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_REGISTER=+1,expirevar:IP.HITCOUNT_REGISTER=60"
			SecRule IP:HITCOUNT_REGISTER "@gt 3"

#Forum Spam Bruteforce Mitigation
SecRule REQUEST_FILENAME "/ucp.php" "chain,phase:2,id:999006,nolog,auditlog,deny,msg:'More than 3 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule ARGS "mode\=register" "chain"
		SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_UCP=+1,expirevar:IP.HITCOUNT_UCP=60"
			SecRule IP:HITCOUNT_UCP "@gt 3"

#Comment Spam Bruteforce Mitigation
SecRule REQUEST_FILENAME "/add_comment.php" "chain,phase:1,id:999007,nolog,auditlog,deny,msg:'More than 3 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_ADD_COMMENT=+1,expirevar:IP.HITCOUNT_ADD_COMMENT=60"
		SecRule IP:HITCOUNT_ADD_COMMENT "@gt 3"

#Drupal Spam Bruteforce Mitigation
SecRule REQUEST_FILENAME "/register/" "chain,phase:2,id:999008,nolog,auditlog,deny,msg:'More than 3 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule ARGS "q\=user/register" chain
		SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_DRUPAL_REGISTER=+1,expirevar:IP.HITCOUNT_DRUPAL_REGISTER=60"
			SecRule IP:HITCOUNT_DRUPAL_REGISTER "@gt 3"

#MediaWiki Spam Bruteforce Mitigation
SecRule REQUEST_FILENAME "/index.php" "chain,phase:2,id:999009,nolog,auditlog,deny,msg:'More than 3 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule ARGS "title\=Special\:Userlogin" "chain"
		SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_WIKI=+1,expirevar:IP.HITCOUNT_WIKI=60"
			SecRule IP:HITCOUNT_WIKI "@gt 3"

#WP-Login.php Bruteforce Mitigation
SecRule RESPONSE_STATUS "@eq 302" "chain,phase:3,t:none,nolog,setvar:IP.HITCOUNT_WP_LOGIN=0,id:999016,pass"
        SecRule REQUEST_FILENAME "/wp-login.php" "t:none,t:lowercase,chain"
                SecRule REQUEST_METHOD "@streq post"

SecRule REQUEST_FILENAME "/wp-login.php" "chain,phase:3,id:999017,t:none,nolog,allow"
        SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_WP_LOGIN=+1,expirevar:IP.HITCOUNT_WP_LOGIN=60"
                SecRule RESPONSE_STATUS "@eq 200"

SecRule IP:HITCOUNT_WP_LOGIN "@ge 5" "chain,phase:2,id:999012,nolog,auditlog,t:none,deny,msg:'More than 4 Invalid Authentication attempts to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
        SecRule REQUEST_METHOD "@streq POST" "setvar:IP.HITCOUNT_WP_LOGIN=0"

#Wordpress DDos Attack Mitigation
SecRule REQUEST_FILENAME "/load-scripts.php" "chain,phase:1,id:999013,nolog,auditlog,deny,msg:'More than 5 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_LOAD_SCRIPTS=+1,expirevar:IP.HITCOUNT_LOAD_SCRIPTS=60"
		SecRule IP:HITCOUNT_LOAD_SCRIPTS "@gt 5"

#Wordpress DDos Attack Mitigation
SecRule REQUEST_FILENAME "/load-styles.php" "chain,phase:1,id:999014,nolog,auditlog,deny,msg:'More than 5 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
    SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_LOAD_STATS=+1,expirevar:IP.HITCOUNT_LOAD_STATS=60"
	SecRule IP:HITCOUNT_LOAD_STATS "@gt 5"

${this.title}

Code Editor : 999_dreamhost_request_limits.conf