diff options
Diffstat (limited to 'rules')
-rw-r--r-- | rules/regexp/compromised_hosts.lua | 4 | ||||
-rw-r--r-- | rules/regexp/headers.lua | 7 |
2 files changed, 2 insertions, 9 deletions
diff --git a/rules/regexp/compromised_hosts.lua b/rules/regexp/compromised_hosts.lua index 3cf104d23..2444b5cb0 100644 --- a/rules/regexp/compromised_hosts.lua +++ b/rules/regexp/compromised_hosts.lua @@ -83,10 +83,10 @@ reconf['HAS_X_ANTIABUSE'] = { group = "compromised_hosts" } -reconf['PHP_EVALD_CODE'] = { +reconf['X_PHP_EVAL'] = { re = "X-PHP-Script=/eval\\(\\)\\'d/Hi || X-PHP-Originating-Script=/eval\\(\\)\\'d/Hi", description = "Message sent using eval'd PHP", - score = 5.0, + score = 4.0, group = "compromised_hosts" } diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua index 03ccce1bf..143171ae2 100644 --- a/rules/regexp/headers.lua +++ b/rules/regexp/headers.lua @@ -785,13 +785,6 @@ reconf['INVALID_POSTFIX_RECEIVED'] = { group = 'header' } -reconf['X_PHP_EVAL'] = { - re = "X-PHP-Originating-Script=/ : eval\\(\\)'d code$/X", - score = 4.0, - description = "Message sent by eval()'d PHP code", - group = 'header' -} - reconf['X_PHP_FORGED_0X'] = { re = "X-PHP-Originating-Script=/^0\\d/X", score = 4.0, |