r57 Shell Version [0-9.]+

# Apache ModSecurity rules for SHELLS SecRuleEngine On SecRule REQUEST_URI "@lt 1" "id:1566,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@lt 1" "id:1567,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@pmFromFile web-shells-php.data" "id:1568,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx (r57 Shell Version [0-9.]+|r57 shell)" "id:1569,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx ^.*? - WSO [0-9.]+" "id:1570,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx B4TM4N SH3LL.*" "id:1571,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx Mini Shell.*Developed By LameHacker" "id:1572,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx .:: .* ~ Ashiyane V [0-9.]+ ::." "id:1573,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx Symlink_Sa [0-9.]+" "id:1574,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx CasuS [0-9.]+ by MafiABoY" "id:1575,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx ^rnrnGRP WebShell [0-9.]+" "id:1576,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx <small>NGHshell [0-9.]+ by Cr4sh</body></html>n$" "id:1577,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx <title>SimAttacker - (?:Version|Vrsion) : [0-9.]+ -" "id:1578,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx ^<!DOCTYPE html>n<html>n<!-- By Artyum .*<title>Web Shell" "id:1579,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx lama's'hell v. [0-9.]+" "id:1580,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx ^ *n[ ]+n[ ]+lostDC -" "id:1581,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx ^<title>PHP Web Shellrnrnrn " "id:1582,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx ^nn

Input command :

" "id:1583,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx ^nnRu24PostWebShell -" "id:1584,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx <title>s72 Shell v[0-9.]+ Codinf by Cr@zy_King" "id:1585,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx ^rnrnrnPhpSpy Ver [0-9]+" "id:1586,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx ^ nnnng00nshell v[0-9.]+" "id:1587,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@contains <title>punkholicshell" "id:1588,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx ^n n azrail [0-9.]+ by C-W-M" "id:1589,phase:1,deny,status:403,log,msg:'shells attack detected'" SecRule REQUEST_URI "@rx >SmEvK_PaThAn Shell v[0-9]+ coded by n.*? ~ Shell Inn