Backup_Repos/filestash
1
0
Fork 0
mirror of https://github.com/mickael-kerjean/filestash synced 2025-12-06 16:32:31 +01:00
Code Issues Projects Releases Wiki Activity

improve (plg_security_scanner): add a bunch of other rules found from production logs

Browse source
This commit is contained in:
= 2019-04-22 16:56:57 +10:00
parent 4300867113
commit 17a4123f8e
1 changed files with 82 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

83
server/plugin/plg_security_scanner/index.go
View file

@ -62,8 +62,20 @@ func Init(config *Configuration) {
r.PathPrefix("/wp-admin/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/wp-content/").Handler(http.HandlerFunc(WelcomePackHandle))
r.HandleFunc("/wp-config.php", WelcomePackHandle)
r.HandleFunc("/wp-login.php", WelcomePackHandle)
r.PathPrefix("/wp1/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/wp2/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/wp3/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/wp4/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/wp5/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/wp6/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/wp7/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/wp8/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/images/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/joomla/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/libraries/joomla/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/administrator/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/components/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/templates/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/includes/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/modules/").Handler(http.HandlerFunc(WelcomePackHandle))
@ -99,6 +111,7 @@ func Init(config *Configuration) {
r.HandleFunc("/muhstiks.php", WelcomePackHandle)
r.HandleFunc("/muhstik.php", WelcomePackHandle)
r.HandleFunc("/jmx-console", WelcomePackHandle)
r.HandleFunc("/status.php", WelcomePackHandle)
r.PathPrefix("/TP/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/HNAP1/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/manager/").Handler(http.HandlerFunc(WelcomePackHandle))
@ -106,12 +119,80 @@ func Init(config *Configuration) {
r.PathPrefix("/shopdb/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/programs/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/jenkins/").Handler(http.HandlerFunc(WelcomePackHandle))
r.HandleFunc("/w00tw00t.at.blackhats.romanian.anti-sec:)", WelcomePackHandle)
r.HandleFunc("/judge.php", WelcomePackHandle)
r.HandleFunc("/muieblackcat", WelcomePackHandle)
r.HandleFunc("/.env", WelcomePackHandle)
r.HandleFunc("/log", WelcomePackHandle)
r.HandleFunc("/configs", WelcomePackHandle)
r.HandleFunc("/config", WelcomePackHandle)
r.HandleFunc("/cfg", WelcomePackHandle)
r.HandleFunc("/gs", WelcomePackHandle)
r.HandleFunc("/gsProvision", WelcomePackHandle)
r.HandleFunc("/overrides", WelcomePackHandle)
r.HandleFunc("/polycom", WelcomePackHandle)
r.HandleFunc("/spa.xml", WelcomePackHandle)
r.HandleFunc("/yealink", WelcomePackHandle)
r.HandleFunc("/help.php", WelcomePackHandle)
r.HandleFunc("/java.php", WelcomePackHandle)
r.HandleFunc("/_query.php", WelcomePackHandle)
r.HandleFunc("/test.php", WelcomePackHandle)
r.HandleFunc("/db_cts.php", WelcomePackHandle)
r.HandleFunc("/db_pma.php", WelcomePackHandle)
r.HandleFunc("/logon.php", WelcomePackHandle)
r.HandleFunc("/help-e.php", WelcomePackHandle)
r.HandleFunc("/license.php", WelcomePackHandle)
r.HandleFunc("/log.php", WelcomePackHandle)
r.HandleFunc("/hell.php", WelcomePackHandle)
r.HandleFunc("/pmd_online.php", WelcomePackHandle)
r.HandleFunc("/x.php", WelcomePackHandle)
r.HandleFunc("/htdocs.php", WelcomePackHandle)
r.HandleFunc("/b.php", WelcomePackHandle)
r.HandleFunc("/desktop.ini.php", WelcomePackHandle)
r.HandleFunc("/z.php", WelcomePackHandle)
r.HandleFunc("/lala.php", WelcomePackHandle)
r.HandleFunc("/lala-dpr.php", WelcomePackHandle)
r.HandleFunc("/wpc.php", WelcomePackHandle)
r.HandleFunc("/wpo.php", WelcomePackHandle)
r.HandleFunc("/t6nv.php", WelcomePackHandle)
r.HandleFunc("/text.php", WelcomePackHandle)
r.HandleFunc("/muhstik2.php", WelcomePackHandle)
r.HandleFunc("/muhstik-dpr.php", WelcomePackHandle)
r.HandleFunc("/lol.php", WelcomePackHandle)
r.HandleFunc("/cmv.php", WelcomePackHandle)
r.HandleFunc("/cmdd.php", WelcomePackHandle)
r.HandleFunc("/knal.php", WelcomePackHandle)
r.HandleFunc("/appserv.php", WelcomePackHandle)
r.HandleFunc("/d7.php", WelcomePackHandle)
r.HandleFunc("/rxr.php", WelcomePackHandle)
r.HandleFunc("/1x.php", WelcomePackHandle)
r.HandleFunc("/home.php", WelcomePackHandle)
r.HandleFunc("/undx.php", WelcomePackHandle)
r.HandleFunc("/spider.php", WelcomePackHandle)
r.HandleFunc("/payload.php", WelcomePackHandle)
r.HandleFunc("/composers.php", WelcomePackHandle)
r.HandleFunc("/izom.php", WelcomePackHandle)
r.HandleFunc("/hue2.php", WelcomePackHandle)
r.HandleFunc("/new_license.php", WelcomePackHandle)
r.HandleFunc("/up.php", WelcomePackHandle)
r.PathPrefix("/pmd/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/PMA/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/PMA2/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/pmamy/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/pmamy2/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/dbadmin/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/tools/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/phpma/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/php-my-admin/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/websql/").Handler(http.HandlerFunc(WelcomePackHandle))
r.PathPrefix("/dbadmin/").Handler(http.HandlerFunc(WelcomePackHandle))
r.HandleFunc("/xmlrpc.php", WelcomePackHandle)
return nil
})
}
func WelcomePackHandle(res http.ResponseWriter, req *http.Request) {
Log.Info("Attack attempt %s %s %s", req.Host, req.URL.String(), req.Header.Get("User-Agent"))
Log.Info("Attack attempt %s %s %s", req.RemoteAddr, req.URL.String(), req.Header.Get("User-Agent"))
r := rand.Intn(100)
if r < 5 {
HandleWrongContentSmall(res, req)