Warning: Use of undefined constant wsq_CLASSES - assumed 'wsq_CLASSES' (this will throw an Error in a future version of PHP) in /home/bdhpaorg/public_html/blog/wp-content/plugins/wp-security-questions/wp-security-questions.php on line 674
WHMCS এর নিরাপত্তা শক্তিশালী করুন [Exclusive ModSecuirty Rules] – BDHPA Blog

WHMCS এর নিরাপত্তা শক্তিশালী করুন [Exclusive ModSecuirty Rules]

whmcs security

WHMCS ব্যাবহারকারী হোস্টিং প্রোভাইডারদের প্রায়ই সিকিউরিটি রিলেটেড সমস্যার সম্মুখীন হতে হয় । কিন্তু কিছু কাস্টম Modsecuirty rules ব্যাবহার করে এই নিরাপত্তা ব্যবস্থা কিছুটা শক্তিশালী করা সম্ভব। আসুন দেখে নেই কিভাবে কাস্টম Modsecuirty রুলস গুল অ্যাড করতে পারি। প্রথমেই আপানাকে নিশ্তিত হতে হবে WHM Server এ Modsecuirty Install করা রয়েছে । না থাকলে EasyApache Rebuild করে এখনি করে নিন। এরপর WHM Server এর Security Center > ModSecurity Tool > Rules List> Add Rule এ গিয়ে নিচের রুলস গুলো অ্যাড করে নিন। এখন Save বাটনে ক্লিক করে Apache Restart করুন।

# WHMCS Protect Important Tables

SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbladmins” “id:00001,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbladmins” “id:00002,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblclients” “id:00003,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblclients” “id:00004,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblhosting” “id:00005,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblhosting” “id:00006,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblservers” “id:00007,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblservers” “id:00008,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbltickets” “id:00009,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbltickets” “id:00010,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblregistrars” “id:00011,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblregistrars” “id:00012,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblcontacts” “id:00013,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblcontacts” “id:00014,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblemails” “id:00015,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblemails” “id:00016,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblinvoices” “id:00017,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblinvoices” “id:00018,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblorders” “id:00019,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblorders” “id:00020,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblpaymentgateways” “id:00021,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblpaymentgateways” “id:00022,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblverificationdata” “id:00023,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblverificationdata” “id:00024,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblgatewaylog” “id:00025,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblgatewaylog” “id:00026,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbldomains” “id:00027,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbldomains” “id:00028,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbladminlog” “id:00029,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tbladminlog” “id:00030,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblaccounts” “id:00031,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tblaccounts” “id:00032,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”

# WHMCS Generic DB Protection (Change database_name to your database name!)

SecRule REQUEST_URI|ARGS|REQUEST_BODY “database_name” “id:00050,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “database_name” “id:00051,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “outfile” “id:00052,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “outfile” “id:00053,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”

# WHMCS Specific Exploits

SecRule REQUEST_URI|ARGS|REQUEST_BODY “aes_encrypt” “id:00101,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “aes_encrypt” “id:00102,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tablejoin” “id:00103,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “tablejoin” “id:00104,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “invoiceids” “id:00105,t:urlDecodeUni,t:htmlEntityDecode,t:hexDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,log,deny,msg:’WHMCS'”

 

এছাড়াও  পাশাপাশি Comodo WAF প্লাগিনটি ব্যাবহার করতে পারেন। পরবর্তী Tutorial এ ওয়ার্ডপ্রেস এর Brute Force এবং Xmlrpc.php অ্যাটাক বন্ধ করার উপায় নিয়ে আলোচনা করব।

1276 Total Views 2 Views Today

One thought on “WHMCS এর নিরাপত্তা শক্তিশালী করুন [Exclusive ModSecuirty Rules]

Leave a Reply to Riham Cancel reply