{"enabled":1,"blocked_msg":"PGJyIC8+PGJyIC8+PGJyIC8+PGJyIC8+PGNlbnRlcj5Tb3JyeSA8Yj4lJVJFTV9BRERSRVNTJSU8L2I+LCB5b3VyIHJlcXVlc3QgY2Fubm90IGJlIHByb2Nlc3NlZC48YnIgLz5Gb3Igc2VjdXJpdHkgcmVhc29ucywgaXQgd2FzIGJsb2NrZWQgYW5kIGxvZ2dlZC48YnIgLz48YnIgLz4lJU5JTkpBX0xPR08lJTxiciAvPjxiciAvPklmIHlvdSBiZWxpZXZlIHRoaXMgd2FzIGFuIGVycm9yIHBsZWFzZSBjb250YWN0IHRoZTxiciAvPndlYm1hc3RlciBhbmQgZW5jbG9zZSB0aGUgZm9sbG93aW5nIGluY2lkZW50IElEOjxiciAvPjxiciAvPlsgPGI+IyUlTlVNX0lOQ0lERU5UJSU8L2I+IF08L2NlbnRlcj4=","logo":"https:\/\/jensjaeger.de\/wp-content\/plugins\/ninjafirewall\/images\/ninjafirewall_75.png","ret_code":403,"scan_protocol":"3","get_scan":1,"anon_ip":0,"debug":0,"uploads":1,"sanitise_fn":0,"get_sanitise":0,"post_scan":1,"post_sanitise":0,"cookies_scan":1,"cookies_sanitise":0,"ua_scan":1,"ua_sanitise":1,"referer_scan":0,"referer_sanitise":1,"referer_post":0,"no_host_ip":0,"allow_local_ip":1,"php_errors":1,"php_self":1,"php_path_t":1,"php_path_i":1,"wp_dir":"","no_post_themes":0,"force_ssl":0,"disallow_edit":0,"disallow_mods":0,"disable_error_handler":0,"wl_admin":1,"a_0":"0","a_11":1,"a_12":1,"a_13":0,"a_14":0,"a_15":1,"a_16":0,"a_21":1,"a_22":1,"a_23":0,"a_24":0,"a_31":1,"a_41":0,"a_51":0,"sched_scan":0,"report_scan":0,"secupdates":0,"a_52":0,"a_61":1,"alert_email":"changeme@domain.xyz","alert_sa_only":"2","nt_show_status":1,"post_b64":1,"disallow_creation":1,"disallow_settings":1,"disallow_privesc":1,"no_xmlrpc":0,"no_xmlrpc_multi":0,"no_xmlrpc_pingback":0,"enum_archives":0,"enum_login":0,"request_sanitise":0,"fg_enable":0,"fg_mtime":10,"fg_exclude":"","auto_del_log":0,"enable_updates":1,"sched_updates":"3","notify_updates":0,"clogs_enable":0,"clogs_pubkey":"","welcome":1,"response_headers":"0003000000","referrer_policy_enabled":0,"engine_version":"4.2.1","rules_version":"20200525.3","substitute":"X","csp_frontend_data":"","csp_backend_data":"script-src 'self' 'unsafe-inline' 'unsafe-eval' *.videopress.com *.google.com *.wp.com;","admin_ajax":0,"enum_restapi":0,"no_restapi":0,"snapdir":""} :-: {"1":{"why":"Directory traversal","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_USER_AGENT|PHP_SELF|PATH_INFO","wha":"(?:\\.{2}[\\\/]+){2}\\b[a-zA-Z]","ope":5,"nor":1,"tra":3}}},"2":{"why":"ASCII character 0x00 (NULL byte)","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|SERVER:HTTP_USER_AGENT|SERVER:HTTP_REFERER|REQUEST_URI|PHP_SELF|PATH_INFO","wha":"\\x0","ope":5,"nor":1,"noc":1}}},"3":{"why":"Local file inclusion","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|SERVER:HTTP_USER_AGENT","wha":"\\b(?:proc\/self\/|etc\/passwd)\\b","ope":5,"nor":1,"tra":3}}},"4":{"why":"Local file inclusion","lev":3,"ena":1,"cha":{"1":{"whe":"POST","wha":"\\betc\/passwd$","ope":5,"nor":1,"tra":3}}},"5":{"why":"Local file inclusion","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|SERVER:HTTP_USER_AGENT","wha":"\\b(?i)(?:include|require)(?:_once)?\\s*.{0,10}\\s*sys_get_temp_dir\\b","ope":5}}},"7":{"why":"XML External Entity","lev":2,"ena":1,"cha":{"1":{"whe":"RAW","wha":"","ope":5,"nor":1}}},"101":{"why":"Cross-site scripting","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"\\W(?:background(-image)?|-moz-binding)\\s*:[^}]*?\\burl\\s*\\([^)]+?(https?:)?\/\/\\w","ope":5,"nor":1}}},"102":{"why":"Cross-site scripting","lev":2,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_USER_AGENT|HTTP_REFERER","wha":"<.+?(?i)\\b(?:href|(?:form)?action|background|code|data|location|name|poster|src|value)\\s*=\\s*\\\\?['\"]?(?:(?:f|ht)tps?:)?\\\\?\/\\\\?\/\\w+\\.\\w","ope":5,"nor":1}}},"104":{"why":"Cross-site scripting","lev":2,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_USER_AGENT","wha":"\\b(?:alert|confirm|eval|expression|prompt|set(?:Timeout|Interval)|String\\s*\\.\\s*fromCharCode|\\.\\s*substr)\\s*\\(.*?\\)","ope":5,"nor":1}}},"105":{"why":"Cross-site scripting","lev":2,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_USER_AGENT","wha":"\\bdocument\\s*\\.\\s*(?:body|cookie|domain|location|open|write(?:ln)?)\\b","ope":5,"nor":1}}},"106":{"why":"Cross-site scripting","lev":2,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_USER_AGENT","wha":"\\blocation\\s*\\.\\s*(?:href|replace)\\b","ope":5,"nor":1}}},"107":{"why":"Cross-site scripting","lev":2,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_USER_AGENT","wha":"\\bwindow\\s*\\.\\s*(?:open|location)\\b","ope":5,"nor":1}}},"108":{"why":"Cross-site scripting","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"(?i)<\\s*s\\s*t\\s*y\\s*l\\s*e\\b.*?>.*?<\\s*\\\\?\/\\s*s\\s*t\\s*y\\s*l\\s*e\\b.*?>","ope":5,"nor":1}}},"109":{"why":"Cross-site scripting","lev":2,"ena":1,"cha":{"1":{"whe":"POST","wha":"\\beval\\s*\\(\\s*String\\s*\\.\\s*fromCharCode\\s*\\(\\s*\\d","ope":5,"nor":1}}},"110":{"why":"Cross-site scripting","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"(?i)<[a-z].+?\\bon[a-z]{3,29}\\s*=.{5}","ope":5,"nor":1}}},"111":{"why":"Cross-site scripting","lev":3,"ena":1,"cha":{"1":{"whe":"POST|RAW","wha":"(?i)<.+?\\bon[a-z]{3,29}\\s*=\\s*\\\\?['\"]?(?!\\s*return false\\b).*?\\\\?['\"]?.*?>","ope":5,"nor":1}}},"112":{"why":"Cross-site scripting","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"<.+?(?i)[a-z]+\\s*=.*?(?:java|vb)script:.+?>","ope":5,"nor":1}}},"113":{"why":"Cross-site scripting","lev":3,"ena":1,"cha":{"1":{"whe":"POST","wha":"<.+?(?i)[a-z]+\\s*=.*?(?:java|vb)script:.+?>","ope":5,"nor":1}}},"114":{"why":"Cross-site scripting","lev":3,"ena":1,"cha":{"1":{"whe":"QUERY_STRING|GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT|REQUEST_URI","wha":"(?i)<\\s*s\\s*c\\s*r\\s*i\\s*p\\s*t\\b.*?>.*?<\\s*\\\\?\/\\s*s\\s*c\\s*r\\s*i\\s*p\\s*t.*?>","ope":5,"nor":1}}},"115":{"why":"Cross-site scripting","lev":3,"ena":1,"cha":{"1":{"whe":"POST|RAW","wha":"(?i)<\\s*s\\s*c\\s*r\\s*i\\s*p\\s*t\\b.*?>.*?<\\s*\\\\?\/\\s*s\\s*c\\s*r\\s*i\\s*p\\s*t.*?>","ope":5,"nor":1}}},"116":{"why":"Cross-site scripting","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE|HTTP_REFERER|HTTP_USER_AGENT|RAW","wha":".*?<\\\\?\/x:script.*?>","ope":5,"nor":1}}},"117":{"why":"Cross-site scripting","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"[{}+[\\]\\s]\\+\\s*\\[\\s*]\\s*\\)\\s*\\[[{!}+[\\]\\s]","ope":5,"nor":1}}},"118":{"why":"Cross-site scripting","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"\\+A(?:Dw|ACIAPgA8)-.+?\\+AD4(?:APAAi)?-","ope":5,"nor":1}}},"119":{"why":"Cross-site scripting","lev":3,"ena":1,"cha":{"1":{"whe":"POST|GET|HTTP_REFERER|HTTP_USER_AGENT","wha":"['\"]\\s*(?i)on(?:blur|change|click|close|dblclick|endevent|error|exit|focus|focusin|focusout|formchange|formdata|forminput|input|keydown|keypress|keystatuschange|keyup|load(?:ed|ing|ingdone|ingerror|start)?|(?:mouse|pointer)(?:down|enter|leave|move|out|over|up|wheel)|move|moveend|movestart|noupdate|scroll|select|submit|success|svgload|timeout|unload)\\s*=.{5}","ope":5,"nor":1}}},"120":{"why":"Cross-site scripting","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE|HTTP_REFERER|HTTP_USER_AGENT|RAW","wha":"(?i)<[a-z]+\\\\?\/[a-z]+.+?=.+?>","ope":5,"nor":1}}},"121":{"why":"Cross-site scripting","lev":2,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"\\batob\\s*(?:['\"\\x60]\\s*\\]\\s*)?\\(\\s*(['\"\\x60])[a-zA-Z0-9\/+=]+\\1\\s*\\)","ope":5,"nor":1,"tra":2}}},"122":{"why":"Cross-site scripting","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"\\[\\s*\\]\\s*\\[\\s*['\"\\x60]filter['\"\\x60]\\s*\\]\\s*\\[\\s*['\"\\x60]constructor['\"\\x60]\\s*\\]\\s*\\(\\s*","ope":5,"nor":1,"tra":2}}},"123":{"why":"Cross-site scripting","lev":2,"ena":1,"cha":{"1":{"whe":"GET","wha":"\\b(?:document|window|this)\\s*\\[.+?\\]\\s*[\\[(]","ope":5,"nor":1,"tra":2}}},"124":{"why":"Cross-site scripting","lev":3,"ena":1,"cha":{"1":{"whe":"SERVER:HTTP_REFERER|SERVER:HTTP_USER_AGENT","wha":"javascript:","ope":4,"nor":1,"tra":2}}},"125":{"why":"Cross-site scripting","lev":2,"ena":1,"cha":{"1":{"whe":"GET|HTTP_USER_AGENT","wha":"(?:(?:\\b(?:self|this|top|window)\\s*\\[.+?\\]|\\(\\s*(?:alert|confirm|eval|expression|prompt)\\s*\\)|\\[.*?\\]\\s*\\.\\s*find)|(?:\\.\\s*(?:re(?:ject|place)|constructor)))\\s*\\(.*?\\)","ope":5,"nor":1,"tra":2}}},"126":{"why":"Cross-site scripting","lev":2,"ena":1,"cha":{"1":{"whe":"GET|HTTP_USER_AGENT","wha":"\\b(\\w+)\\s*=\\s*(?:alert|confirm|eval|expression|prompt)\\s*[;,]\\1\\s*\\(.*?\\)","ope":5,"nor":1,"tra":2}}},"127":{"why":"Cross-site scripting","lev":2,"ena":1,"cha":{"1":{"whe":"GET|HTTP_USER_AGENT","wha":"\\bFunction\\s*[({].*?[})]\\s*\\(.*?\\)|\\bfunction\\s*\\(.*?\\)\\s*{.*?}|(?:\\[|new)\\s*class\\s*extends\\b|\\bArray\\s*.\\s*from\\b","ope":5,"nor":1,"tra":2}}},"150":{"why":"Mail header injection","lev":2,"ena":1,"cha":{"1":{"whe":"GET|POST","wha":"\\x0A\\b(?i:(?:reply-)?to|b?cc|content-[td]\\w)\\s*:.*?\\@","ope":5,"nor":1,"noc":1}}},"153":{"why":"SSI command injection","lev":2,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE|HTTP_USER_AGENT|HTTP_REFERER","wha":"","ope":5,"nor":1}}},"154":{"why":"Code injection","lev":3,"ena":1,"cha":{"1":{"whe":"COOKIE|HTTP_USER_AGENT|HTTP_REFERER","wha":"(?s:<\\?.+)|#!\/(?:usr|bin)\/.+?\\s","ope":5,"nor":1}}},"155":{"why":"Code injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE|HTTP_USER_AGENT","wha":"(?:<\\?(?![Xx][Mm][Ll]).*?(?:\\$_?(?:COOKIE|ENV|FILES|GLOBALS|(?:GE|POS|REQUES)T|SE(RVER|SSION))\\s*[=\\[)]|\\b(?i:array_map|assert|base64_(?:de|en)code|curl_exec|eval|(?:ex|im)plode|file(?:_get_contents)?|fsockopen|function_exists|gzinflate|move_uploaded_file|passthru|[ep]reg_replace|phpinfo|stripslashes|strrev|substr|system|(?:shell_)?exec)\\s*(?:\/\\*.+?\\*\/\\s*)?\\())|#!\/(?:usr|bin)\/.+?\\s|\\W\\$\\{\\s*['\"]\\w+['\"]","ope":5,"nor":1}}},"156":{"why":"Code injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE|HTTP_USER_AGENT","wha":"\\b(?i:eval)\\s*\\(\\s*(?i:base64_decode|exec|file_get_contents|gzinflate|passthru|shell_exec|stripslashes|system)\\s*\\(","ope":5,"nor":1}}},"160":{"why":"Shellshock vulnerability (CVE-2014-6271)","lev":3,"ena":1,"cha":{"1":{"whe":"GET|SERVER","wha":"^\\s*\\(\\s*\\)\\s*\\{","ope":5,"nor":1}}},"250":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST","wha":"^[-\\d';].+\\w.+(?:--[\\x00-\\x20\\x7f]*|#|\/\\*)$","ope":5,"nor":1,"cap":1},"2":{"wha":"(?i)(?:\\b|\\d)(?:alter|(?:group_)?concat(?:_ws)?|benchmark|create|database|delete|drop|(?:dump|out)file|extractvalue|grant|insert|is\\s+(?:not\\s+)?null|limit|load(?:_file)?|order\\s+by|password|rename|r?like|select|(?:pg_)?sleep|substring|table|truncate|union|update|version)\\b","ope":5,"nor":1}}},"251":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"(?i)(?:\\b|\\d)(?:ceil|concat|conv|floor|version)\\b","ope":5,"nor":1,"cap":1},"2":{"wha":"(?i)(?:\\b|\\d)(?:pi\\s*\\(.*?\\).+?){3}","ope":5,"nor":1}}},"252":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"(?:\/\\*.*?\\*\/.+){2}","ope":5,"nor":1,"cap":1},"2":{"wha":"(?i)(?:\\b|\\d)(?:alter|(?:group_)?concat(?:_ws)?|benchmark|create|database|delete|drop|(?:dump|out)file|extractvalue|grant|insert|is\\s+(?:not\\s+)?null|limit|load(?:_file)?|order\\s+by|password|rename|r?like|select|(?:pg_)?sleep|substring|table|truncate|union|update|version)\\b","ope":5,"nor":1}}},"253":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE","wha":"^(?i:admin(?:istrator)?)['\"].*?(?:--|#|\/\\*)","ope":5,"nor":1}}},"254":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST","wha":"(?i)\\b[-\\w]+@(?:[-a-z0-9]+\\.)+[a-z]{2,8}'.{0,20}[^a-z](?:\\band\\b|&&).{0,20}=[\\s\/*]*'","ope":5,"nor":1}}},"256":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_USER_AGENT|HTTP_REFERER","wha":"(?:\\band\\b|\\bor\\b|\\bhaving\\b|&&|\\|\\|)\\s*(?:\\d+\\s*)+(?:[!<]?=|=>?|[<>]|(?:not\\s+)?like)(?:\\s*\\d)+","ope":5,"nor":1,"tra":1}}},"257":{"why":"SQL injection","lev":2,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_USER_AGENT|HTTP_REFERER","wha":"(?:\\band\\b|\\bor\\b|\\bhaving\\b|&&|\\|\\|).{0,250}\\b(\\w+)\\b\\s*(?:[!<]?=|=>?|[<>]|(?:not\\s+)?like)\\s*\\1\\b","ope":5,"nor":1,"tra":1}}},"258":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|SERVER","wha":".{5}\\bfrom\\b.{1,30}\\b(?:information|performance)_schema\\s*\\.\\s*\\w","ope":5,"nor":1,"tra":1}}},"259":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"^-?\\d+.{0,30}(?:\\band\\b.{0,30})?\\b(?i:union|select)\\b","ope":5,"nor":1,"cap":1},"2":{"wha":"(?i)(?:\\b|\\d)(?:alter|(?:group_)?concat(?:_ws)?|benchmark|create|database|delete|drop|(?:dump|out)file|extractvalue|grant|insert|is\\s+(?:not\\s+)?null|limit|load(?:_file)?|order\\s+by|password|rename|r?like|(?:pg_)?sleep|substring|table|truncate|update|version)\\b","ope":5,"nor":1}}},"260":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"^(?:\\b(?:null|and|or)\\b|\\|\\||&&)?\\s*union\\s+(?:all\\s+)?select\\b","ope":5,"nor":1,"tra":1}}},"261":{"why":"SQL injection","lev":2,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT|REQUEST_URI","wha":"(?:\\b(?:null|and|or)\\b|\\|\\||&&)\\s*.{0,50}\\bselect\\b.","ope":5,"nor":1,"tra":1,"cap":1},"2":{"wha":"(?i)(?:\\b|\\d)(?:alter|(?:group_)?concat(?:_ws)?|benchmark|create|database|delete|drop|(?:dump|out)file|extractvalue|grant|insert|is\\s+(?:not\\s+)?null|limit|load(?:_file)?|order\\s+by|password|rename|r?like|(?:pg_)?sleep|substring|table|truncate|union|update|version)\\b","ope":5,"nor":1}}},"262":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"^.{0,10}\\bselect\\b\\s.{1,150}\\bfrom\\b.","ope":5,"nor":1,"tra":1,"cap":1},"2":{"wha":"(?i)(?:\\b|\\d)(?:alter|(?:group_)?concat(?:_ws)?|benchmark|create|database|delete|drop|(?:dump|out)file|extractvalue|grant|insert|is\\s+(?:not\\s+)?null|limit|load(?:_file)?|order\\s+by|password|rename|r?like|(?:pg_)?sleep|substring|table|truncate|union|update|version|where)\\b","ope":5,"nor":1}}},"263":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"union all select","ope":3,"nor":1,"tra":1}}},"264":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"select concat","ope":3,"nor":1,"tra":1}}},"265":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"POST","wha":"^.{0,15}\\bunion\\s+select\\b.{1,100}(from|where)\\b","ope":5,"nor":1,"tra":1}}},"267":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"^.{0,30}(?:(?:\\b(?:and|or|union)\\b|\\|\\||&&).{0,20})?\\balter\\s+(?:(?:database|schema)\\b|table\\s+.{1,70}\\s+rename\\b|(?:ignore\\s+)?table\\b|user\\b(?:\\s+if\\s+exists\\s)?.{1,38}@).{1,70}","ope":5,"nor":1,"tra":1}}},"268":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"^.{0,30}(?:(?:\\b(?:and|or|union)\\b|\\|\\||&&).{0,20})?\\bcreate\\s+(?:(?:database|schema|(?:temporary\\s+)?table)\\s+(?:if\\s+not\\s+exists\\b)?.{1,70}|user\\s+.{1,38}@.{1,38}\\s+identified\\s+by\\s+)","ope":5,"nor":1,"tra":1}}},"269":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"^.{0,30}(?:(?:\\b(?:and|or|union)\\b|\\|\\||&&).{0,20})?\\bdrop\\s+(?:(?:table\\b|index\\b.{1,60}\\son\\b|(?:database|schema)\\s+(?:if\\s+exists\\b)?).{1,70}|user\\s+(?:if\\s+exists\\b)?.{1,38}@.{1,38})","ope":5,"nor":1,"tra":1}}},"270":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"^.{0,30}(?:(?:\\b(?:and|or|union)\\b|\\|\\||&&).{0,20})?\\brename\\s+table\\s+.{1,70}\\s+to\\s.{1,70}","ope":5,"nor":1,"tra":1}}},"271":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"^.{0,30}(?:(?:\\b(?:and|or|union)\\b|\\|\\||&&).{0,20})?\\bload\\s+data\\s+(?:(?:low_priority\\s+|concurrent\\s+)?local\\s+)?infile\\b.{1,500}\\binto\\s+table\\b.{2}","ope":5,"nor":1,"tra":1}}},"272":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"^.{0,30}(?:(?:\\b(?:and|or|union)\\b|\\|\\||&&).{0,20})?\\btruncate\\s+table\\s.{1,70}","ope":5,"nor":1,"tra":1}}},"273":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"^.{0,30}(?:(?:\\b(?:and|or|union)\\b|\\|\\||&&).{0,20})?\\bselect\\b.{1,200}\\binto\\s+(?:(?:dump|out)file\\s|@\\w).{10}","ope":5,"nor":1,"tra":1}}},"274":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"^.{0,50}(?:(?:\\b(?:and|or|union)\\b|\\|\\||&&).{0,30})?\\bload_file\\s+\/.{3,15}\/\\w","ope":5,"nor":1,"tra":1}}},"275":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"^.{0,50}(?:(?:\\b(?:and|or|union)\\b|\\|\\||&&).{0,30})?\\bdelete\\b.{1,100}\\bfrom\\b.{1,100}\\bwhere\\b.{1,100}(?:=|null)","ope":5,"nor":1,"tra":1}}},"276":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"^.{0,50}(?:(?:\\b(?:and|or|union)\\b|\\|\\||&&).{0,30})?\\bset\\s+password\\b(?:\\s+for\\s.{1,38}@.{1,60}=|\\s*=.+?\\bwhere\\s+user\\s*=)","ope":5,"nor":1,"tra":1}}},"277":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"(?i)(?:\\b|\\d)insert\\b.+?(?:\\b|\\d)into\\b.{1,150}(?:\\b|\\d)values\\b.*?\\(.+?\\)","ope":5,"nor":1}}},"278":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"^.{0,50}(?:(?:\\b(?:and|or|union)\\b|\\|\\||&&).{0,30})?\\bupdate\\s.{1,100}\\bset\\s.{1,50}=.","ope":5,"nor":1,"tra":1}}},"279":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"\\bgroup\\s+\\bby\\s.{1,200}\\bhaving\\s.{1,50}(?:[!<]?=|=>?|[<>])","ope":5,"nor":1,"tra":1}}},"280":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"^.{0,10}\\border\\s+by\\s+\\d","ope":5,"nor":1,"tra":1}}},"281":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"^.{0,10}\\band\\s+extractvalue\\s+\\w","ope":5,"nor":1,"tra":1}}},"282":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"\\bbenchmark\\s+\\d{5,10}\\s+[a-z]{2}","ope":5,"nor":1,"tra":1}}},"283":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"\\bfloor\\s+rand\\s+(?:\\d+\\s*)?\\*\\s*\\d+","ope":5,"nor":1,"tra":1}}},"284":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"\\bcase\\b.+?\\bwhen\\b.+?\\bthen\\b","ope":5,"nor":1,"tra":1}}},"285":{"why":"SQL injection","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"^.{0,100}\\s(?:pg_)?sleep\\s\\d+","ope":5,"nor":1,"tra":1}}},"286":{"why":"SQL injection","lev":2,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"(?i)\\d\\s+procedure\\s+analyse\\b","ope":5,"nor":1}}},"287":{"why":"SQL injection","lev":2,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"waitfor\\s+delay\\s*\\d+(?:\\.\\d+)?:\\d+(?:\\.\\d+)?:\\d+(?:\\.\\d+)?","ope":5,"nor":1,"tra":1}}},"300":{"why":"Leading quote","lev":2,"ena":1,"cha":{"1":{"whe":"GET","wha":"^'","ope":5,"nor":1}}},"301":{"why":"Potential reflected file download attempt","lev":3,"ena":1,"cha":{"1":{"whe":"REQUEST_URI","wha":"(?i)^[^?]*\\.(?:bat|cmd)(?:\\W|$)","ope":5,"nor":1}}},"302":{"why":"PHP variable","lev":2,"ena":1,"cha":{"1":{"whe":"QUERY_STRING|PATH_INFO","wha":"\\bHTTP_RAW_POST_DATA|HTTP_(?:POS|GE)T_VARS\\b","ope":5,"nor":1}}},"303":{"why":"phpinfo.php access","lev":1,"ena":1,"cha":{"1":{"whe":"SCRIPT_NAME","wha":"phpinfo.php","ope":4}}},"304":{"why":"Malformed Host header","lev":2,"ena":1,"cha":{"1":{"whe":"HTTP_HOST","wha":"[^-a-zA-Z0-9._:\\[\\]]","ope":5}}},"305":{"why":"PHP handler obfuscation","lev":2,"ena":1,"cha":{"1":{"whe":"SCRIPT_NAME","wha":"[^\/]\\.ph(?:p([34x7]|5\\d?)?|t(ml)?)\\.","ope":5}}},"306":{"why":"Bogus user-agent signature","lev":1,"ena":1,"cha":{"1":{"whe":"SERVER:HTTP_USER_AGENT","wha":"\\b(?:compatible; MSIE [1-6]|(?i)Mozilla\/[0-3])\\.\\d","ope":5}}},"307":{"why":"Excessive user-agent string length (400+ characters)","lev":2,"ena":1,"cha":{"1":{"whe":"HTTP_USER_AGENT","wha":"^.{400}","ope":5}}},"308":{"why":"Suspicious multibyte character","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"[\\xaf\\xbf]\\x27","ope":5,"nor":1}}},"309":{"why":"PHP predefined variables","lev":2,"ena":1,"cha":{"1":{"whe":"QUERY_STRING|PATH_INFO|COOKIE|SERVER:HTTP_USER_AGENT|HTTP_REFERER","wha":"\\b(?:\\$?_(COOKIE|ENV|FILES|(?:GE|POS|REQUES)T|SE(RVER|SSION))|HTTP_(?:(?:POST|GET)_VARS|RAW_POST_DATA)|GLOBALS)\\s*[=\\[)]|\\W\\$\\{\\s*['\"]\\w+['\"]","ope":5,"nor":1}}},"310":{"why":"Access to a configuration file","lev":2,"ena":1,"cha":{"1":{"whe":"SCRIPT_NAME|GET","wha":"\\b(?i:(?:conf(?:ig(?:ur(?:e|ation)|\\.inc|_global)?)?)|settings?(?:\\.?inc)?)\\.php$","ope":5}}},"311":{"why":"Large set of Hex characters","lev":2,"ena":1,"cha":{"1":{"whe":"GET|POST","wha":"(?i:\\\\x[a-f0-9]{2}){25}","ope":5}}},"312":{"why":"Non-compliant IP","lev":1,"ena":1,"cha":{"1":{"whe":"HTTP_X_FORWARDED_FOR|HTTP_CF_CONNECTING_IP|HTTP_CLIENT_IP|HTTP_FORWARDED_FOR|HTTP_INCAP_CLIENT_IP|HTTP_X_CLUSTER_CLIENT_IP|HTTP_X_FORWARDED|HTTP_X_REAL_IP|HTTP_X_SUCURI_CLIENTIP","wha":"[^.0-9a-fA-F:\\x20,unkow\\[\\]]","ope":5}}},"313":{"why":"PHP-CGI exploit (CVE-2012-1823)","lev":3,"ena":1,"cha":{"1":{"whe":"QUERY_STRING","wha":"^-[bcndfiswzT].{20}","ope":5,"nor":1}}},"315":{"why":"Reverse shell","lev":3,"ena":1,"cha":{"1":{"whe":"GET|HTTP_HOST|SERVER:HTTP_USER_AGENT|QUERY_STRING|SERVER:HTTP_REFERER|HTTP_COOKIE","wha":">.*?\/[.\/]*dev\/[.\/]*(?:tc|ud)p\/[.\/]*[^\/]{5,255}\/[.\/]*\\d{1,5}\\b","ope":5,"nor":1,"tra":3}}},"316":{"why":"Reverse shell","lev":3,"ena":1,"cha":{"1":{"whe":"GET|HTTP_HOST|SERVER:HTTP_USER_AGENT|QUERY_STRING|SERVER:HTTP_REFERER|HTTP_COOKIE","wha":"\\bnc\\s+(?:\\d+(\\.\\d+){3}\\s+\\d+|-\\w+\\s+(?:\\d+|\/[\\w\/]+\\s+\\d+(\\.\\d+){3}\\s+))","ope":5,"nor":1,"tra":3}}},"317":{"why":"Hidden PHP script","lev":2,"ena":1,"cha":{"1":{"whe":"SCRIPT_NAME","wha":"\/\\.[^\/]+\\.ph(?:p([34x7]|5\\d?)?|t(ml)?)","ope":5}}},"318":{"why":"Obfuscated data","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"(?i:\\bchr\\s*\\(\\s*\\d{1,3}\\s*\\).+?){4}","ope":5,"nor":1}}},"319":{"why":"Obfuscated data","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"(?i)concat|select|database|insert|update|union|table","ope":5,"nor":1,"cap":1},"2":{"wha":"\\bchar\\b\\s(?:\\d{1,3}\\s){3}|(?:\\bchar\\b\\s\\d{1,3}\\s(?:\\|\\||or|&&|and)?\\s?){3}","ope":5,"tra":1,"nor":1}}},"320":{"why":"Obfuscated data","lev":3,"ena":1,"cha":{"1":{"whe":"GET|COOKIE|HTTP_REFERER|HTTP_USER_AGENT","wha":"(?i:\\\\x[a-f0-9]{2}){4}","ope":5}}},"321":{"why":"Adminer script","lev":2,"ena":1,"cha":{"1":{"whe":"SCRIPT_NAME","wha":"\/_?adminer(?:(?:-\\d\\.\\d.\\d)(?:-[\\w-]+)?)?\\.php$","ope":5}}},"322":{"why":"Attempt to modify NinjaFirewall settings","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST","wha":"(^|\\S['\"])nfw_(?:options|rules)\\b","ope":5}}},"351":{"why":"Shell\/backdoor","lev":3,"ena":1,"cha":{"1":{"whe":"REQUEST:nixpasswd","wha":"","ope":7}}},"352":{"why":"Shell\/backdoor","lev":3,"ena":1,"cha":{"1":{"whe":"QUERY_STRING","wha":"\\bact=img&img=\\w","ope":5,"nor":1}}},"353":{"why":"Shell\/backdoor","lev":3,"ena":1,"cha":{"1":{"whe":"QUERY_STRING","wha":"\\bc=img&name=\\w","ope":5,"nor":1}}},"354":{"why":"Shell\/backdoor","lev":3,"ena":1,"cha":{"1":{"whe":"QUERY_STRING","wha":"^image=(?:arrow|file|folder|smiley)$","ope":5,"nor":1}}},"355":{"why":"Shell\/backdoor","lev":3,"ena":1,"cha":{"1":{"whe":"COOKIE","wha":"\\buname=.+?;\\ssysctl=","ope":5,"nor":1}}},"356":{"why":"Shell\/backdoor","lev":3,"ena":1,"cha":{"1":{"whe":"REQUEST:sql_passwd","wha":"","ope":7}}},"357":{"why":"Shell\/backdoor","lev":3,"ena":1,"cha":{"1":{"whe":"POST:nowpath","wha":"","ope":7}}},"358":{"why":"Shell\/backdoor","lev":3,"ena":1,"cha":{"1":{"whe":"POST:view_writable","wha":"","ope":7}}},"359":{"why":"Shell\/backdoor","lev":3,"ena":1,"cha":{"1":{"whe":"COOKIE","wha":"phpspypass=","ope":3,"nor":1}}},"360":{"why":"Shell\/backdoor","lev":3,"ena":1,"cha":{"1":{"whe":"POST:a","wha":"^(?:Bruteforce|Console|Files(?:Man|Tools)|Network|Php|SecInfo|SelfRemove|Sql|StringTools)$","ope":5}}},"361":{"why":"Shell\/backdoor","lev":3,"ena":1,"cha":{"1":{"whe":"POST:nst_cmd","wha":"","ope":7}}},"362":{"why":"Shell\/backdoor","lev":3,"ena":1,"cha":{"1":{"whe":"POST:cmd","wha":"^(?:c(?:h_|URL)|db_query|echo\\s\\\\.*|(?:edit|download|save)_file|find(?:_text|\\s.+)|ftp_(?:brute|file_(?:down|up))|mail_file|mk|mysql(?:b|_dump)|php_eval|ps\\s.*|search_text|safe_dir|sym[1-2]|test[1-8]|zend)$","ope":5}}},"363":{"why":"Shell\/backdoor","lev":3,"ena":1,"cha":{"1":{"whe":"GET:p","wha":"^(?:chmod|cmd|edit|eval|delete|headers|md5|mysql|phpinfo|rename)$","ope":5}}},"364":{"why":"Shell\/backdoor","lev":3,"ena":1,"cha":{"1":{"whe":"QUERY_STRING","wha":"^act=(?:bind|cmd|encoder|eval|feedback|ftpquickbrute|gofile|ls|mkdir|mkfile|processes|ps_aux|search|security|sql|tools|update|upload)&d=\/","ope":5,"nor":1}}},"365":{"why":"Shell\/backdoor","lev":3,"ena":1,"cha":{"1":{"whe":"SERVER","wha":"\\b(?i)(eval|base64_decode)\\s*\\(.+?\\)","ope":5}}},"500":{"why":"ASCII control characters (1-8 and 14-31)","lev":2,"ena":0,"cha":{"1":{"whe":"GET|POST|SERVER:HTTP_USER_AGENT|SERVER:HTTP_REFERER","wha":"[\\x01-\\x08\\x0e-\\x1f]","ope":5,"nor":1}}},"510":{"why":"DOCUMENT_ROOT variable in HTTP request","lev":2,"ena":0,"cha":{"1":{"whe":"GET|POST|REQUEST_URI","wha":"\/[.\/]*var\/[.\/]*www\/[.\/]*vhosts\/[.\/]*jensjaeger.de\/[.\/]*htdocs","ope":5,"nor":1,"tra":3}}},"520":{"why":"Data URI scheme or PHP wrappers","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|COOKIE|SERVER:HTTP_USER_AGENT|SERVER:HTTP_REFERER","wha":"^.{0,90}\\b(?i)(?:(expect|file|ph(ar|p)|zip):\/\/.|data:(?!image\/(?:je?pg|png|gif)).*?;\\s*base64.*?,)","ope":5,"nor":1}}},"525":{"why":"Serialized PHP object","lev":3,"ena":1,"cha":{"1":{"whe":"GET|POST|SERVER:HTTP_USER_AGENT|SERVER:HTTP_REFERER","wha":"^.{0,25}[;{}]?\\b[OC]:\\+?\\d+:\"[a-zA-Z_\\x7f-\\xff][a-zA-Z0-9_\\x7f-\\xff]*\":\\+?\\d+:{.*?}","ope":5,"nor":1}}},"531":{"why":"Suspicious bots\/scanners","lev":1,"ena":1,"cha":{"1":{"whe":"HTTP_USER_AGENT","wha":"(?i:acunetix|backdoor|bandit|blackwidow|BOT for JCE|core-project|dts agent|emailmagnet|ex(ploit|tract)|flood|grabber|harvest|httrack|havij|hunter|indy library|LoadTimeBot|mfibot|Microsoft URL Control|Miami Style|morfeus|nessus|NetLyzer|pmafind|scanner|siphon|spbot|sqlmap|survey|teleport|updown_tester|xovibot|zgrap|zmap)","ope":5,"nor":1}}},"540":{"why":"Localhost IP in GET\/POST request","lev":2,"ena":1,"cha":{"1":{"whe":"GET|POST","wha":"^(?i:127\\.0\\.0\\.1|localhost|::1)$","ope":5,"nor":1}}},"1006":{"why":"TimThumb WebShot Remote Code Execution","lev":3,"ena":1,"cha":{"1":{"whe":"GET:src","wha":"$","ope":3}}},"1007":{"why":"phpMyAdmin hacking attempt","lev":2,"ena":1,"cha":{"1":{"whe":"SCRIPT_NAME","wha":"\/scripts\/(?:setup|signon)\\.php","ope":5}}},"1011":{"why":"Unrestricted file access","lev":3,"ena":1,"cha":{"1":{"whe":"SCRIPT_NAME","wha":"\/uploadify.php","ope":3}}},"1014":{"why":"Potential Remote File inclusion","lev":3,"ena":1,"cha":{"1":{"whe":"SCRIPT_NAME","wha":"(?:thumb|img)\\.php","ope":5},"2":{"whe":"GET:src","wha":"\\.(?:png|gif|jpe?g|jf?if|svg)$","ope":6}}},"1017":{"why":"Apache Struts2 remote code execution CVE-2017-5638","lev":3,"ena":1,"cha":{"1":{"whe":"CONTENT_TYPE","wha":"^%{\\(#","ope":5}}},"1350":{"why":"Arbitrary File Upload","lev":3,"ena":1,"cha":{"1":{"whe":"SCRIPT_NAME","wha":"\/fckeditor\/editor\/filemanager\/","ope":3}}},"1351":{"why":"Unauthorized file access","lev":2,"ena":1,"cha":{"1":{"whe":"GET|POST","wha":"\/wp-config.php$","ope":5,"nor":1}}},"1352":{"why":"WP vulnerability","lev":3,"ena":1,"cha":{"1":{"whe":"REQUEST:action","wha":"^mapp_(tpl_)?(save|delete)$","ope":5}}},"1353":{"why":"Arbitrary file upload","lev":3,"ena":1,"cha":{"1":{"whe":"REQUEST:action","wha":"dnd_codedropz_upload","ope":1},"2":{"whe":"FILES:upload-file","wha":"\\.ph(?:p([34x7]|5\\d?)?|t(ml)?)","ope":5}}},"1354":{"why":"WP Vulnerability","lev":3,"ena":1,"cha":{"1":{"whe":"REQUEST:cwp_rev_product_name","wha":"[<>'\"]","ope":5,"nor":1}}},"1355":{"why":"Unauthorized action","lev":3,"ena":1,"cha":{"1":{"whe":"GET:action|POST:action","wha":"^(ampforwp_get_licence_activate_update|ampforwp_deactivate_license|ampforwp_save_installer)$","ope":5}}},"1356":{"why":"Unauthorized action","lev":3,"ena":1,"cha":{"1":{"whe":"GET:action|POST:action","wha":"^(enable_amp_pagebuilder|amppb_export_layout_data|amppb_save_layout_data|ampforwp_get_image)$","ope":5},"2":{"whe":"RAW","wha":"verify_nonce","ope":8}}},"1357":{"why":"WP vulnerability","lev":3,"ena":1,"cha":{"1":{"whe":"REQUEST:action","wha":"import_widget_data","ope":1}}},"1358":{"why":"WP vulnerability","lev":2,"ena":1,"cha":{"1":{"whe":"REQUEST:action","wha":"gallery_bank_ftp_directory","ope":1}}},"1359":{"why":"Server-side includes injection","lev":3,"ena":1,"cha":{"1":{"whe":"POST","wha":"