summaryrefslogtreecommitdiffstats
path: root/rules
diff options
context:
space:
mode:
Diffstat (limited to 'rules')
-rw-r--r--rules/regexp/compromised_hosts.lua4
-rw-r--r--rules/regexp/headers.lua7
2 files changed, 2 insertions, 9 deletions
diff --git a/rules/regexp/compromised_hosts.lua b/rules/regexp/compromised_hosts.lua
index 3cf104d23..2444b5cb0 100644
--- a/rules/regexp/compromised_hosts.lua
+++ b/rules/regexp/compromised_hosts.lua
@@ -83,10 +83,10 @@ reconf['HAS_X_ANTIABUSE'] = {
group = "compromised_hosts"
}
-reconf['PHP_EVALD_CODE'] = {
+reconf['X_PHP_EVAL'] = {
re = "X-PHP-Script=/eval\\(\\)\\'d/Hi || X-PHP-Originating-Script=/eval\\(\\)\\'d/Hi",
description = "Message sent using eval'd PHP",
- score = 5.0,
+ score = 4.0,
group = "compromised_hosts"
}
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua
index 03ccce1bf..143171ae2 100644
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -785,13 +785,6 @@ reconf['INVALID_POSTFIX_RECEIVED'] = {
group = 'header'
}
-reconf['X_PHP_EVAL'] = {
- re = "X-PHP-Originating-Script=/ : eval\\(\\)'d code$/X",
- score = 4.0,
- description = "Message sent by eval()'d PHP code",
- group = 'header'
-}
-
reconf['X_PHP_FORGED_0X'] = {
re = "X-PHP-Originating-Script=/^0\\d/X",
score = 4.0,