WHMCS এর নিরাপত্তা শক্তিশালী করুন [Exclusive ModSecuirty Rules]

whmcs security

WHMCS ব্যাবহারকারী হোস্টিং প্রোভাইডারদের প্রায়ই সিকিউরিটি রিলেটেড সমস্যার সম্মুখীন হতে হয় । কিন্তু কিছু কাস্টম Modsecuirty rules ব্যাবহার করে এই নিরাপত্তা ব্যবস্থা কিছুটা শক্তিশালী করা সম্ভব। আসুন দেখে নেই কিভাবে কাস্টম Modsecuirty রুলস গুল অ্যাড করতে পারি। প্রথমেই আপানাকে নিশ্তিত হতে হবে WHM Server এ Modsecuirty Install করা রয়েছে । না থাকলে EasyApache Rebuild করে এখনি করে নিন। এরপর WHM Server এর Security Center > ModSecurity Tool > Rules List> Add Rule এ গিয়ে নিচের রুলস গুলো অ্যাড করে নিন। এখন Save বাটনে ক্লিক করে Apache Restart করুন।

# WHMCS Protect Important Tables

SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbladmins” “id:00001,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbladmins” “id:00002,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblclients” “id:00003,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblclients” “id:00004,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblhosting” “id:00005,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblhosting” “id:00006,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblservers” “id:00007,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblservers” “id:00008,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbltickets” “id:00009,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbltickets” “id:00010,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblregistrars” “id:00011,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblregistrars” “id:00012,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblcontacts” “id:00013,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblcontacts” “id:00014,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblemails” “id:00015,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblemails” “id:00016,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblinvoices” “id:00017,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblinvoices” “id:00018,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblorders” “id:00019,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblorders” “id:00020,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblpaymentgateways” “id:00021,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblpaymentgateways” “id:00022,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblverificationdata” “id:00023,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblverificationdata” “id:00024,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblgatewaylog” “id:00025,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblgatewaylog” “id:00026,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbldomains” “id:00027,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbldomains” “id:00028,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbladminlog” “id:00029,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbladminlog” “id:00030,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblaccounts” “id:00031,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblaccounts” “id:00032,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”

# WHMCS Generic DB Protection (Change database_name to your database name!)

SecRule REQUEST_URI|ARGS|REQUEST_BODY “database_name” “id:00050,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “database_name” “id:00051,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “outfile” “id:00052,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “outfile” “id:00053,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”

# WHMCS Specific Exploits

SecRule REQUEST_URI|ARGS|REQUEST_BODY “aes_encrypt” “id:00101,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “aes_encrypt” “id:00102,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tablejoin” “id:00103,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tablejoin” “id:00104,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “invoiceids” “id:00105,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”

 

এছাড়াও  পাশাপাশি Comodo WAF প্লাগিনটি ব্যাবহার করতে পারেন। পরবর্তী Tutorial এ ওয়ার্ডপ্রেস এর Brute Force এবং Xmlrpc.php অ্যাটাক বন্ধ করার উপায় নিয়ে আলোচনা করব।

524 Total Views 1 Views Today

One thought on “WHMCS এর নিরাপত্তা শক্তিশালী করুন [Exclusive ModSecuirty Rules]

Leave a Reply to Riham Cancel reply