From 82f545ab9fe0c185569014f09b4a08df7a06486a Mon Sep 17 00:00:00 2001 From: Caleb Mazalevskis Date: Mon, 6 May 2024 10:50:03 +0800 Subject: [PATCH] Extras module update. --- modules/module_extras.php | 12 ++++++------ modules/modules.dat | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/module_extras.php b/modules/module_extras.php index 2c33601..0d70f06 100644 --- a/modules/module_extras.php +++ b/modules/module_extras.php @@ -8,7 +8,7 @@ * License: GNU/GPLv2 * @see LICENSE.txt * - * This file: Optional security extras module (last modified: 2024.05.02). + * This file: Optional security extras module (last modified: 2024.05.06). * * False positive risk (an approximate, rough estimate only): « [ ]Low [x]Medium [ ]High » */ @@ -98,10 +98,10 @@ 'test/wp-includes/wlwmanifest\.xml|' . '(?:' . '\+theme\+/(?:error|index)|' . - '\.w(?:ell-known|p-cli)/.*(?:about|install|moon|wp-login)|\.?rxr(?:_[\da-z]+)?|' . + '\.w(?:ell-known|p-cli)/.*(?:about[\da-z]*|fierza[\da-z]*|install[\da-z]*|moon[\da-z]*|shell[\da-z]*|wp-login[\da-z]*|x)|\.?rxr(?:_[\da-z]+)?|' . '\d{3,5}[a-z]{3,5}|\d+-?backdoor|0byte|0x|10+|991176|' . 'admin-heade\d*|adminfuns|ahhygskn|alfa(?:-rex|_data|a?cgiapi|ioxi|new)?\d*|anjas|apismtp|axx|' . - 'b3d2acc621a0|bak|bala|' . + 'b0|b3d2acc621a0|bak|bala|' . 'c(?:9|10)\d+|casper[\da-z]+|cd(?:.*tmp.*rm-rf|chmod.*\d{3,})|cfom[-_]files|(?:cgi-bin|css)/(?:luci/;|moon|newgolden|radio|stok=/|uploader|well-known|wp-login)|cjfuns|classsmtps|colors/blue/uploader|' . 'd7|deadcode\d*|dkiz|' . 'ee|' . @@ -114,11 +114,11 @@ 'orvx(?:-shell)?|' . 'perl\.alfa|php(?:1|_niu_\d+)|(?:plugins|themes)/(?:ccx|ioptimization|yyobang)|poison|priv8|pzaiihfi|' . 'session91|sh[3e]llx?\d*|shrift|sidwso|silic|skipper(?:shell)?|sonarxleetxd|spammervip|src/util/php/(?:eval(?:-stdin)?|kill)|' . - 't62|tenda\.sh.*tenda\.sh|themes/(?:finley/min|pridmag/db|universal-news/www)|tinymce/langs/about|tk(?:_dencode_\d+)?|(?:tmp|wp-content)/vuln|topxoh/(?:drsx|wdr)|' . + 't62|tenda\.sh.*tenda\.sh|themes/(?:finley/min|pridmag/db|universal-news/www)|tinymce/(?:langs/about|plugins/compat3x/css/index)|tk(?:_dencode_\d+)?|(?:tmp|wp-content)/vuln|topxoh/(?:drsx|wdr)|' . 'unisibfu|upfile(?:_\\(\d\\))?|uploader_by_cloud7_agath|utchiha(?:_uploader)?|' . 'vzlateam|' . 'w0rdpr3ssnew|walker-nva|webshell-[a-z\d]+|widgets-nva|widwsisw|wloymzuk|' . - 'wp[-_](?:2019|22|(?:admin|content|css(?:/colors)?|includes(?:/ixr|/customize|/pomo)?|js(?:/widgets)?|network)/(?:cong|dropdown|r(?:andom_compat/class_api|equests/class_api|epeater|themes/hello-element/footer)|simple)|conflg|content/plugins/(?:backup-backup/includes/hro|contus-hd-flv-player/uploadvideo|dzs-zoomsounds/savepng|fix/up|wordpresscore/include|wp-file-manager/lib/php/connector\.minimal)|filemanager|setups|sigunq|p)|' . + 'wp[-_](?:2019|22|(?:admin(?:/images)?|content|css(?:/colors)?|includes(?:/ixr|/customize|/pomo)?|js(?:/widgets)?|network)/(?:cong|dropdown|install|r(?:andom_compat/class_api|equests/class_api|epeater)|simple|text/about|themes/hello-element/footer)|conflg|content/plugins/(?:backup-backup/includes/hro|cache/dropdown|contact-form-7/.+styles-rtl|contus-hd-flv-player/uploadvideo|dzs-zoomsounds/savepng|fix/up|wordpresscore/include|wp-file-manager/lib/php/connector\.minimal)|filemanager|setups|sigunq|p)|' . 'ws[ou](?:yanz)?(?:[\d.]*|[\da-z]{4,})|wwdv|' . 'x{3,}|xiaom|xichang/x|x+l(?:\d+|eet(?:mailer|-shell)?x?)|xm(?:lrpcs|lrpz|rlpc)|xw|' . 'yanz|yyobang/mar|' . @@ -128,7 +128,7 @@ $LCNrURI ), 'Probing for webshells/backdoors')) { $CIDRAM['Reporter']->report([15, 20, 21], ['Caught probing for webshells/backdoors. Host might be compromised.'], $CIDRAM['BlockInfo']['IPAddr']); - } // 2023.08.18 mod 2024.04.18 + } // 2023.08.18 mod 2024.05.06 /** Probing for webshells/backdoors. */ if ($Trigger(preg_match( diff --git a/modules/modules.dat b/modules/modules.dat index c274275..f6262c6 100644 --- a/modules/modules.dat +++ b/modules/modules.dat @@ -233,7 +233,7 @@ module_cookies.php: module_extras.php: Name: "Optional security extras module" False Positive Risk: "Medium" - Version: "2024.122.0" + Version: "2024.126.0" Dependencies: PHP: "^5.4|^7|^8" CIDRAM Core: "^1.13.1|^2.0.1" @@ -248,7 +248,7 @@ module_extras.php: - "module_extras.php" - "module_extras.yaml" Checksum: - - "034e087ec64a09eb431c46257c20e19b19e8f8bff6f57a18d5cc5f2144ef7393:27134" + - "645bd58fd4fe879328a854a02e49f7eba27b011873207169d9c9c8410be5a582:27305" - "7b891d1fa4b1c52c410220bc758e8cb7064bd6040430fb149a5b60e9ae2e0838:890" Used with: "modules" Reannotate: "modules.dat"