| Server IP : 15.235.198.142 / Your IP : 216.73.216.190 Web Server : Apache/2.4.58 (Ubuntu) System : Linux ballsack 6.8.0-45-generic #45-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 30 12:02:04 UTC 2024 x86_64 User : www-data ( 33) PHP Version : 8.3.6 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : OFF Directory : /var/www/rhodeworks/wp-content/plugins/bulletproof-security/admin/htaccess/ |
Upload File : |
<?php
/******************************************************* */
/* MScan Pattern Matching code
/* Version: 2.0
/* This file is called once and deleted:
/* The MScan pattern matching code is saved to the WP DB
/* on BPS upgrades and new installations and then deleted.
/******************************************************* */
## MScan File Scan patterns
$js_pattern = '/(\|MakeFrameEx\||\|yahoo_api\||\|exec\||ww=window|ww\.document|visibility:hidden|rotatingtext\[\d\]=\"I\sMISS\sYOU\"|\(!l1l&&!ll1&&!lll\)|s(\W){2,6}c(\W){2,6}r|(\'|")i(\'|")(\.|\+|\s)(\+|\'|"|\.)(\s|f)(\'|")(f|\+|\.)|scr("|\')(|\s)\+(|\s)("|\')ipt|(\\\x(\d|\w[^a])(\d[^0]|\w))+|((%\d(\w|\d){1})+%)|%\d(\w|\d){3}|\(\'hideme\'\)|\["style"\]\["visibility"\]|useragent\.match\(\/(\^(\w|\d){1,}\.\*\|)+|xtrackPageview|document\.write\(\'<\'\+x\[\d\]\+\'>|\\\u00(\d|\w){5,}|(\\\x22(.*)\\\x22)+|(\$(\d){2}){2}|(0|1){8}|_0x(\d|\w){4}|lave(\(|\))|(\(|\))lave|\|iframe\|)/i';
$htaccess_pattern = '/(RewriteCond\s%\{HTTP_REFERER\}\s(.*)[^!](google|yahoo|aol|bing|ask|facebook|twitter|msn)|ErrorDocument\s(400|403|404)\s(http|https|):|(RewriteCond\s%\{HTTP_USER_AGENT\}(.*\]\s*)){4}|RewriteRule(.*)(\w|\d){1,8}\.php\?(\w|\d){1,6}=(\$|)(\s|\d){1,3}|RewriteRule(.*)\(htm\|pdf\|jar\)|RewriteRule(.*)\{QUERY_STRING\})/i';
// 4.8: New patterns added
$php_pattern = '/(base64_decode\(|edoced_46esab|base\'\.\(\d{1,3}(|\s)(\*|\/)(|\s)\d{1,3}\)\.\'_de\'\.\'code|("|\')base(.*)\.(.*)64(.*)(_|\.|)decode("|\')|gzinflate\(|O0|ev("|\')(.*)\.("|\')al\(|lave(\(|\))|(\(|\))lave|preg_replace\(("|\')(\/(\w{1,}|\.\*))\/e|(\\\x(\d|\w){2,3}\\\x(\d|\w){2,3})|__halt_compiler|k2ll33d|\(!l1l&&!ll1&&!lll\)|\|iframe\||\|MakeFrameEx\||\|yahoo_api\||ww=window|ww\.document|ekibastos|scr("|\')(|\s)\+(|\s)("|\')ipt|\(\'hideme\'\)|\["style"\]\["visibility"\]|useragent\.match\(\/(\^(\w|\d){1,}\.\*\|)+|xtrackPageview|\$_COOKIE(|\s)\[str_replace\(.*\$_SERVER\[\'HTTP_HOST\'\]\)\]|\$_\w___\w|\'Windows-1251\'|document\.write\(\'<\'\+x\[\d\]\+\'>|\+(|\s)(\'|")\w(\'|")(|\s)\+|(\\\x22(.*)\\\x22)+|(|\[)_0x(\w|\d){1,6}\[\d{1,3}\]{1,2}|\\\142\\\141\\\x73|\\\u00(\d|\w){5,}|(\'|")i(\'|")(\.|\+|\s)(\+|\'|"|\.)(\s|f)(\'|")(f|\+|\.)|s(\W){2,6}c(\W){2,6}r|(\$\w{1,3}\{\d{1,2}\}(|\s)\.(|\s)){3}|\$<(\d|\w){2}>|\$_(\/\*)|%3C%21|%3Cscript%3E|%253C|(%\d(\w|\d)){5}|\$(\d|\w){1,}\[\'(\d|\w){1,}\'\]\[(\d){1,3}\](\s\.|\.)(\$|\s\$)|(\$(\w){2}\[\d{1,2}\]\.)+|(0|1){8}|_0x(\d|\w){4}|\(64\)(\s|)\.(\s|)(\'|")_(\'|")|([a-z0-9]){40,}\+|\$_REQUEST\[\'cmd\'\]|\$_GET\[\'cmd\'\]|system\(|shell_exec\(|passthru\(|exec\(|eval\(|ALREADY_RUN_|hastebin|((chr\()\d+\)\.){1,}|((\\\\|\\\\\\\)\d+[a-z]+([0-9]|)){1,}|\$([a-z0-9])+\{\d+\}(\,|\.){1,})/i';
// 4.8: No longer scanning image files
$image_pattern = '/(<\?php|eval\(|exec\(|popen\(|create_function\(|passthru\(|shell_exec\(|proc_open\(|pcntl_exec\(|fopen\(|fputs\(|file_put_contents\(|fwrite\(|gzinflate\(|base64_decode\(|isset|\$_REQUEST|\$_FILES|\$_GET|\$_POST|\$_SERVER|\$_SESSION|system\(|\'cmd\'|__halt_compiler|<script|javascript|function|createElement|<html>|visibility:|<textarea)/i';
## MScan Database Scan patterns
$search1 = 'eval(';
$search2 = '(lave';
$search3 = 'base64_decode';
$search4 = 'edoced_46esab';
$search5 = '<script';
$search6 = '<iframe';
$search7 = '<noscript';
$search8 = 'display:';
$search9 = 'visibility:';
$eval_match = '/(eval\(|\(lave)/i';
$base64_decode_match = '/(base64_decode|edoced_46esab)/i';
$eval_text = 'eval( or (lave';
$base64_decode_text = 'base64_decode or edoced_46esab';
?>