[Fix] Cleanup mess with groups

author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2017-11-11 19:05:45 +0000
committer: Vsevolod Stakhov <vsevolod@highsecure.ru> 2017-11-11 19:06:06 +0000
commit: 48a84895679ea33d71b8b981e90374135a347a36 (patch)
tree: 6deee1fe20c9bfb300573efbb2f29e8f9601bd5c /rules/regexp/compromised_hosts.lua
parent: 815104c21d171de0d370b00e38e54783a082ed08 (diff)
download: rspamd-48a84895679ea33d71b8b981e90374135a347a36.tar.gz
rspamd-48a84895679ea33d71b8b981e90374135a347a36.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/rules/regexp/compromised_hosts.lua b/rules/regexp/compromised_hosts.lua
index 2444b5cb0..f6427a7cd 100644
--- a/rules/regexp/compromised_hosts.lua
+++ b/rules/regexp/compromised_hosts.lua
@@ -93,12 +93,14 @@ reconf['X_PHP_EVAL'] = {
 reconf['HAS_WP_URI'] = {
   re = '/\\/wp-[^\\/]+\\//Ui',
   description = "Contains WordPress URIs",
+  one_shot = true,
   group = "compromised_hosts"
 }
 
 reconf['WP_COMPROMISED'] = {
   re = '/\\/wp-(?:content|includes)[^\\/]+\\//Ui',
   description = "URL that is pointing to a compromised WordPress installation",
+  one_shot = true,
   group = "compromised_hosts"
 }
 
@@ -140,6 +142,7 @@ reconf['URI_HIDDEN_PATH'] = {
   re = "/\\/\\..+/U",
   description = "URL contains a UNIX hidden file/directory",
   score = 1.0,
+  one_shot = true,
   group = "compromised_hosts"
 }
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2017-11-11 19:05:45 +0000
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>	2017-11-11 19:06:06 +0000
commit	48a84895679ea33d71b8b981e90374135a347a36 (patch)
tree	6deee1fe20c9bfb300573efbb2f29e8f9601bd5c /rules/regexp/compromised_hosts.lua
parent	815104c21d171de0d370b00e38e54783a082ed08 (diff)
download	rspamd-48a84895679ea33d71b8b981e90374135a347a36.tar.gz rspamd-48a84895679ea33d71b8b981e90374135a347a36.zip