1 files changed, 15 insertions, 3 deletions
diff --git a/config/default.rules b/config/default.rules
index 2567f08..2bd3c48 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -40,9 +40,21 @@ sp.disable_function.function("ini_set").param("var_name").value("include_path").
 sp.disable_function.function("ini_set").param("var_name").value("open_basedir").drop();
 # Detect some backdoors via environnement recon
-sp.disable_function.function("ini_get").param("var_name").value_r("(?:allow_url_fopen|open_basedir|suhosin)").drop();
+sp.disable_function.function("ini_get").param("var_name").value("allow_url_fopen").drop();
-sp.disable_function.function("function_exists").param("function_name").value_r("(?:eval|exec|system)").drop();
+sp.disable_function.function("ini_get").param("var_name").value("open_basedir").drop();
-sp.disable_function.function("is_callable").param("var").value_r("(?:eval|exec|system)").drop();
+sp.disable_function.function("ini_get").param("var_name").value_r("suhosin").drop();
+sp.disable_function.function("function_exists").param("function_name").value("eval").drop();
+sp.disable_function.function("function_exists").param("function_name").value("exec").drop();
+sp.disable_function.function("function_exists").param("function_name").value("system").drop();
+sp.disable_function.function("function_exists").param("function_name").value("shell_exec").drop();
+sp.disable_function.function("function_exists").param("function_name").value("proc_open").drop();
+sp.disable_function.function("function_exists").param("function_name").value("passthru").drop();
+sp.disable_function.function("is_callable").param("var").value("eval").drop();
+sp.disable_function.function("is_callable").param("var").value("exec").drop();
+sp.disable_function.function("is_callable").param("var").value("system").drop();
+sp.disable_function.function("is_callable").param("var").value("shell_exec").drop();
+sp.disable_function.function("is_callable").param("var").value("proc_open").drop();
+sp.disable_function.function("is_callable").param("var").value("passthru").drop();
 # Commenting sqli related stuff to improve performance.
 # TODO figure out why these functions can't be hooked at startup

diff --git a/config/default.rules b/config/default.rules index 2567f08..2bd3c48 100644 --- a/config/default.rules +++ b/config/default.rules
@@ -40,9 +40,21 @@ sp.disable_function.function("ini_set").param("var_name").value("include_path").
40	sp.disable_function.function("ini_set").param("var_name").value("open_basedir").drop();	40	sp.disable_function.function("ini_set").param("var_name").value("open_basedir").drop();
41		41
42	# Detect some backdoors via environnement recon	42	# Detect some backdoors via environnement recon
43	sp.disable_function.function("ini_get").param("var_name").value_r("(?:allow_url_fopen\|open_basedir\|suhosin)").drop();	43	sp.disable_function.function("ini_get").param("var_name").value("allow_url_fopen").drop();
44	sp.disable_function.function("function_exists").param("function_name").value_r("(?:eval\|exec\|system)").drop();	44	sp.disable_function.function("ini_get").param("var_name").value("open_basedir").drop();
45	sp.disable_function.function("is_callable").param("var").value_r("(?:eval\|exec\|system)").drop();	45	sp.disable_function.function("ini_get").param("var_name").value_r("suhosin").drop();
		46	sp.disable_function.function("function_exists").param("function_name").value("eval").drop();
		47	sp.disable_function.function("function_exists").param("function_name").value("exec").drop();
		48	sp.disable_function.function("function_exists").param("function_name").value("system").drop();
		49	sp.disable_function.function("function_exists").param("function_name").value("shell_exec").drop();
		50	sp.disable_function.function("function_exists").param("function_name").value("proc_open").drop();
		51	sp.disable_function.function("function_exists").param("function_name").value("passthru").drop();
		52	sp.disable_function.function("is_callable").param("var").value("eval").drop();
		53	sp.disable_function.function("is_callable").param("var").value("exec").drop();
		54	sp.disable_function.function("is_callable").param("var").value("system").drop();
		55	sp.disable_function.function("is_callable").param("var").value("shell_exec").drop();
		56	sp.disable_function.function("is_callable").param("var").value("proc_open").drop();
		57	sp.disable_function.function("is_callable").param("var").value("passthru").drop();
46		58
47	# Commenting sqli related stuff to improve performance.	59	# Commenting sqli related stuff to improve performance.
48	# TODO figure out why these functions can't be hooked at startup	60	# TODO figure out why these functions can't be hooked at startup