ym405nm · August 4, 2016 18:31
diff --git a/gistfile1.txt b/gistfile1.txt
 # ---------------------------------------------------------------
 # CMS Rule Set
 # Copyright (C) 2015 Yoshinori Matsumoto All rights reserved.
 # ---------------------------------------------------------------

 #
 # WHITE LIST
 #

 SecRule REMOTE_ADDR "@ipMatch 113.37.16.194" \
                "phase:2,rev:'2',ver:'CMS',maturity:'8',accuracy:'8',id:'4000011',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'Admin Access',tag:'CMS',tag:'CMS_ADMIN_ACCESS'"
 SecRule REMOTE_ADDR "@ipMatch 157.7.52.110" \
                "phase:2,rev:'2',ver:'CMS',maturity:'8',accuracy:'8',id:'400
 0009',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}
 : %{MATCHED_VAR}',allow,msg:'Admin Access',tag:'CMS',tag:'CMS_ADMIN_ACCESS'"

 SecRule REQUEST_URI "wp-content/themes/zeebusiness" \
                "phase:2,rev:'2',ver:'CMS',maturity:'8',accuracy:'8',id:'4000004',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'WordPress Themes',tag:'CMS',tag:'CMS_WORDPRESS_THEMES_WHITE'"

 SecRule REQUEST_URI "wp-content/themes/twentyfifteen" \
                "phase:2,rev:'2',ver:'CMS',maturity:'8',accuracy:'8',id:'4000010',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'WordPress Themes',tag:'CMS',tag:'CMS_WORDPRESS_THEMES_WHITE'"

 SecRule REQUEST_URI "wp-content/plugins/akismet" \
                "phase:2,rev:'2',ver:'CMS',maturity:'8',accuracy:'8',id:'4000005',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAakismetR}',allow,msg:'WordPress Plugins',tag:'CMS',tag:'CMS_WORDPRESS_PLUGINS_WHITE'"
                
 SecRule REQUEST_URI "wp-content/plugins/statpress" \
                "phase:2,rev:'2',ver:'CMS',maturity:'8',accuracy:'8',id:'4000006',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'WordPress Plugins',tag:'CMS',tag:'CMS_WORDPRESS_PLUGINS_WHITE'"

 SecRule REQUEST_URI "wp-content/plugins/wp-multibyte-patch" \
                "phase:2,rev:'2',ver:'CMS',maturity:'8',accuracy:'8',id:'4000007',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'WordPress Plugins',tag:'CMS',tag:'CMS_WORDPRESS_PLUGINS_WHITE'"

 SecRule REQUEST_URI "wp-content/plugins/wp-nicodo" \
                "phase:2,rev:'2',ver:'CMS',maturity:'8',accuracy:'8',id:'4000008',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'WordPress Plugins',tag:'CMS',tag:'CMS_WORDPRESS_PLUGINS_WHITE'"


 #
 # BLACK LIST
 #

 #SecRule REQUEST_URI "wp-content/plugins" \
 #        "phase:2,rev:'2',ver:'CMS',status:200,maturity:'8',accuracy:'8',id:'4000001',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'WordPress Plugins',tag:'CMS',tag:'CMS_WORDPRESS_PLUGINS_ATTACK'"

 #SecRule REQUEST_URI "wp-content/themes" \
 #        "phase:2,rev:'2',ver:'CMS',status:403,maturity:'8',accuracy:'8',id:'4000002',capture,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'WordPress Themes',tag:'CMS',tag:'CMS_WORDPRESS_THEMES_ATTACK'"

 SecRule REQUEST_URI "wp-content/themes" \
        "log,deny,status:200,id:'4000002',tag:'CMS',tag:'CMS_WORDPRESS_THEMES_ATTACK'"

 SecRule REQUEST_URI "wp-content/plugins" \
        "log,deny,status:200,id:'4000001',tag:'CMS',tag:'CMS_WORDPRESS_PLUGI
 NS_ATTACK'"

 SecRule REQUEST_BODY "log=.*" \
        "log,deny,status:302,id:'4000003',tag:'CMS',tag:'CMS_WORDPRESS_LOGIN
 S_ATTACK'"

 SecRule REQUEST_BODY "pwd=.*" \
        "log,deny,status:302,id:'4000012',tag:'CMS',tag:'CMS_WORDPRESS_LOGIN
 S_ATTACK'"
 #        "phase:2,rev:'2',ver:'CMS',status:200,maturity:'8',accuracy:'8',id:'4000003',capture,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'WordPress Logins',tag:'CMS',tag:'CMS_WORDPRESS_LOGINS_ATTACK'"
	# ---------------------------------------------------------------
	# CMS Rule Set
	# Copyright (C) 2015 Yoshinori Matsumoto All rights reserved.
	# ---------------------------------------------------------------

	#
	# WHITE LIST
	#

	SecRule REMOTE_ADDR "@ipMatch 113.37.16.194" \
	"phase:2,rev:'2',ver:'CMS',maturity:'8',accuracy:'8',id:'4000011',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'Admin Access',tag:'CMS',tag:'CMS_ADMIN_ACCESS'"
	SecRule REMOTE_ADDR "@ipMatch 157.7.52.110" \
	"phase:2,rev:'2',ver:'CMS',maturity:'8',accuracy:'8',id:'400
	0009',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}
	: %{MATCHED_VAR}',allow,msg:'Admin Access',tag:'CMS',tag:'CMS_ADMIN_ACCESS'"

	SecRule REQUEST_URI "wp-content/themes/zeebusiness" \
	"phase:2,rev:'2',ver:'CMS',maturity:'8',accuracy:'8',id:'4000004',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'WordPress Themes',tag:'CMS',tag:'CMS_WORDPRESS_THEMES_WHITE'"

	SecRule REQUEST_URI "wp-content/themes/twentyfifteen" \
	"phase:2,rev:'2',ver:'CMS',maturity:'8',accuracy:'8',id:'4000010',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'WordPress Themes',tag:'CMS',tag:'CMS_WORDPRESS_THEMES_WHITE'"

	SecRule REQUEST_URI "wp-content/plugins/akismet" \
	"phase:2,rev:'2',ver:'CMS',maturity:'8',accuracy:'8',id:'4000005',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAakismetR}',allow,msg:'WordPress Plugins',tag:'CMS',tag:'CMS_WORDPRESS_PLUGINS_WHITE'"

	SecRule REQUEST_URI "wp-content/plugins/statpress" \
	"phase:2,rev:'2',ver:'CMS',maturity:'8',accuracy:'8',id:'4000006',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'WordPress Plugins',tag:'CMS',tag:'CMS_WORDPRESS_PLUGINS_WHITE'"

	SecRule REQUEST_URI "wp-content/plugins/wp-multibyte-patch" \
	"phase:2,rev:'2',ver:'CMS',maturity:'8',accuracy:'8',id:'4000007',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'WordPress Plugins',tag:'CMS',tag:'CMS_WORDPRESS_PLUGINS_WHITE'"

	SecRule REQUEST_URI "wp-content/plugins/wp-nicodo" \
	"phase:2,rev:'2',ver:'CMS',maturity:'8',accuracy:'8',id:'4000008',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'WordPress Plugins',tag:'CMS',tag:'CMS_WORDPRESS_PLUGINS_WHITE'"


	#
	# BLACK LIST
	#

	#SecRule REQUEST_URI "wp-content/plugins" \
	# "phase:2,rev:'2',ver:'CMS',status:200,maturity:'8',accuracy:'8',id:'4000001',capture,logdata:'Matched Data:%{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'WordPress Plugins',tag:'CMS',tag:'CMS_WORDPRESS_PLUGINS_ATTACK'"

	#SecRule REQUEST_URI "wp-content/themes" \
	# "phase:2,rev:'2',ver:'CMS',status:403,maturity:'8',accuracy:'8',id:'4000002',capture,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'WordPress Themes',tag:'CMS',tag:'CMS_WORDPRESS_THEMES_ATTACK'"

	SecRule REQUEST_URI "wp-content/themes" \
	"log,deny,status:200,id:'4000002',tag:'CMS',tag:'CMS_WORDPRESS_THEMES_ATTACK'"

	SecRule REQUEST_URI "wp-content/plugins" \
	"log,deny,status:200,id:'4000001',tag:'CMS',tag:'CMS_WORDPRESS_PLUGI
	NS_ATTACK'"

	SecRule REQUEST_BODY "log=.*" \
	"log,deny,status:302,id:'4000003',tag:'CMS',tag:'CMS_WORDPRESS_LOGIN
	S_ATTACK'"

	SecRule REQUEST_BODY "pwd=.*" \
	"log,deny,status:302,id:'4000012',tag:'CMS',tag:'CMS_WORDPRESS_LOGIN
	S_ATTACK'"
	# "phase:2,rev:'2',ver:'CMS',status:200,maturity:'8',accuracy:'8',id:'4000003',capture,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',allow,msg:'WordPress Logins',tag:'CMS',tag:'CMS_WORDPRESS_LOGINS_ATTACK'"