Modules update.

CIDRAM · Feb 13, 2025 · d510bb4 · d510bb4
1 parent 8c22960
commit d510bb4
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 42 deletions.
diff --git a/modules/module_badhosts.php b/modules/module_badhosts.php
@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: Bad hosts blocker module (last modified: 2024.09.12).
+ * This file: Bad hosts blocker module (last modified: 2025.02.13).
  *
  * False positive risk (an approximate, rough estimate only): « [ ]Low [x]Medium [ ]High »
  */
@@ -116,7 +116,7 @@
         // Caught attempting to brute-force WordPress logins (2020.11.09).
         $Trigger(preg_match('~\.domainserver\.ne\.jp$~', $HN), 'Cloud/Webhosting') ||
 
-        // 2022.12.19 mod 2024.09.12
+        // 2022.12.19 mod 2025.02.13
         $Trigger(preg_match(
             '~i(?:g|nsite)\.com\.br$|terra\.cl$|acetrophies\.co\.uk$|adsinmedia\.co\.' .
             'in$|(?:webfusion|xcalibre)\.co\.uk$|(?:\.(?:appian|cloud|ctera|dyn|emc|f' .
@@ -135,28 +135,28 @@
             'gineyard|omalism|stratus)|telos|ucalyptus|vapt|vionet)|fathomdb|flexisca' .
             'le|followmeoffice|g(?:emstone|enerositycool|igaspaces|ogrid|othamdating|' .
             'roupcross)|h(?:eroku|exagrid|olhost|ost(?:acy|cats|ing24)|ubspan|yperic)' .
-            '|i(?:buzytravel|modrive|nfo(?:bright|rmatica)|tricityhosting)|j(?:' .
-            'oyent|umpbox|unglebox|usthost)|k(?:2analytics|aavo|eynote|nowledgetree)|' .
-            'l(?:ayeredtech|inkneo|iveops|oadstorm|ogixml|ongjump|tdomains)|m(?:o(?:d' .
-            'erro|jsite|rphexchange|sso|zy)|idphase|turk|ulesoft)|n(?:asstar|e(?:oint' .
-            'eractiva|t(?:app|documents|suite|topia)|wrelic|wservers)|ionex|irvanix|o' .
-            'vatium|scaled)|o(?:co-inc|nelogin|npathtech|penqrm|psource)|p(?:ara(?:sc' .
-            'al|tur)e|hatservers|hishmongers|iemontetv|inqidentity|ivotlink|luraproce' .
-            'ssing)|q(?:layer|rimp|uanti(?:vo|x-uk))|r(?:ackspace(?:cloud)?|e(?:di2|d' .
-            'uctivelabs|lia(?:blehosting|cloud)|sponsys)|ight(?:now|scale)|ollbase|om' .
-            'ania-webhosting|path)|s(?:alesforce|avvis|ertifi|erver306|huilinchi|kyta' .
-            'p|martservercontrol|naplogic|oasta|pringcm|tax|treetsmarts|tretchoid|ucc' .
-            'essmetrics|wifttrim|ymplified|yncplicity)|t(?:aleo|err[ae]mark|h(?:eproc' .
-            'essfactory|inkgos|oughtexpress)|rustsaas)|utilitystatus|v(?:aultscape|er' .
-            'tica|mware|ordel)|web(?:faction|hosting\.uk|hostinghub|scalesolutions|si' .
-            'tewelcome)|xactlycorp|xlhost|xythos|z(?:embly|imory|manda|oho|uora))\.co' .
-            'm$|server4u\.cz$|(?:(?:\.|kunden)server|clanmoi|fastwebserver|optimal|se' .
-            'rver4you|your-server)\.de$|candycloud\.eu$|cyberresilience\.io$|server\.' .
-            'lu$|starnet\.md$|(?:\.(?:above|akpackaging|bhsrv|box|propagation|voxel)|' .
-            '1978th|collab|enkiconsulting|incrediserve|jkserv|recyber|reliablesite|sh' .
-            'ared-server|techajans)\.net$|hitech-hosting\.nl$|(?:\.terracotta|beowulf' .
-            '|iboss|opennebula|xen)\.org$|mor\.ph$|(?:ogicom|vampire)\.pl$|(?:serverh' .
-            'ub|rivreg|tkvprok|vpsnow|vympelstroy)\.ru$|g\.ho\.st$~',
+            '|i(?:buzytravel|modrive|nfo(?:bright|rmatica)|tricityhosting)|j(?:oyent|' .
+            'umpbox|unglebox|usthost)|k(?:2analytics|aavo|eynote|nowledgetree)|l(?:ay' .
+            'eredtech|inkneo|iveops|oadstorm|ogixml|ongjump|tdomains)|m(?:o(?:derro|j' .
+            'site|rphexchange|sso|zy)|idphase|idnight-monkey|turk|ulesoft)|n(?:asstar' .
+            '|e(?:ointeractiva|t(?:app|documents|suite|topia)|wrelic|wservers)|ionex|' .
+            'irvanix|ovatium|scaled)|o(?:co-inc|nelogin|npathtech|penqrm|psource)|p(?' .
+            ':ara(?:scal|tur)e|hatservers|hishmongers|iemontetv|inqidentity|ivotlink|' .
+            'luraprocessing)|q(?:layer|rimp|uanti(?:vo|x-uk))|r(?:ackspace(?:cloud)?|' .
+            'e(?:di2|ductivelabs|lia(?:blehosting|cloud)|sponsys)|ight(?:now|scale)|o' .
+            'llbase|omania-webhosting|path)|s(?:alesforce|avvis|ertifi|erver306|huili' .
+            'nchi|kytap|martservercontrol|naplogic|oasta|pringcm|tax|treetsmarts|tret' .
+            'choid|uccessmetrics|wifttrim|ymplified|yncplicity)|t(?:aleo|err[ae]mark|' .
+            'h(?:eprocessfactory|inkgos|oughtexpress)|rustsaas)|utilitystatus|v(?:aul' .
+            'tscape|ertica|mware|ordel)|web(?:faction|hosting\.uk|hostinghub|scalesol' .
+            'utions|sitewelcome)|xactlycorp|xlhost|xythos|z(?:embly|imory|manda|oho|u' .
+            'ora))\.com$|server4u\.cz$|(?:(?:\.|kunden)server|clanmoi|fastwebserver|o' .
+            'ptimal|server4you|your-server)\.de$|candycloud\.eu$|cyberresilience\.io$' .
+            '|server\.lu$|starnet\.md$|(?:\.(?:above|akpackaging|bhsrv|box|propagatio' .
+            'n|voxel)|1978th|collab|enkiconsulting|incrediserve|jkserv|recyber|reliab' .
+            'lesite|shared-server|techajans)\.net$|hitech-hosting\.nl$|(?:\.terracott' .
+            'a|beowulf|iboss|opennebula|xen)\.org$|mor\.ph$|(?:ogicom|vampire)\.pl$|(' .
+            '?:serverhub|rivreg|tkvprok|vpsnow|vympelstroy)\.ru$|g\.ho\.st$~',
             $HN
         ), 'Cloud/Webhosting') ||
 

diff --git a/modules/module_extras.php b/modules/module_extras.php
@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: Optional security extras module (last modified: 2025.01.14).
+ * This file: Optional security extras module (last modified: 2025.02.13).
  *
  * False positive risk (an approximate, rough estimate only): « [ ]Low [x]Medium [ ]High »
  */
@@ -106,38 +106,41 @@
             '\.bak/.*|' .
             '\.w(?:ell-known|p-cli)/.*(?:a(?:bout|dmin)[\da-z]*|fierza[\da-z]*|install[\da-z]*|moon[\da-z]*|shell[\da-z]*|wp-login[\da-z]*|x)|' .
             '\.?rxr(?:_[\da-z]+)?|' .
-            '\d{3,5}[a-z]{3,5}|\d+-?backdoor|0byte|0[xz]|10+|4price|991176|' .
+            '\d{3,5}[a-z]{3,5}|\d+-?backdoor|0byte|0[xz]|10+|1337|4price|85022df0ed31|991176|' .
             'a(?:b1ux1ft|dmin-heade\d*|dminfuns|hhygskn|lexus|lfa(?:-rex|_data|a?cgiapi|ioxi|new)?\d*|njas|pismtp|xx)|' .
             'b(?:0|3d2acc621a0|ak|ala|ibil_0day)|' .
-            'c(?:(?:9|10)\d+|adastro-2|asper[\da-z]+|d(?:.*tmp.*rm-rf|chmod.*\d{3,})|fom[-_]files|(?:gi-bin|ss)/(?:luci/;|moon|newgolden|radio|sgd|stok=/|uploader|well-known|wp-login)|jfuns|lasssmtps|olors/blue/uploader|ong|ontentloader1)|' .
-            'd(?:7|eadcode\d*|epotcv|isagraep|kiz)|' .
+            'c(?:(?:9|10)\d+|adastro-2|asper[\da-z]+|d(?:.*tmp.*rm-rf|chmod.*\d{3,})|fom[-_]files|(?:gi-bin|ss)/(?:luci/;|moon|newgolden|radio|sgd|stok=/|uploader|well-known|wp-login)|jfuns|lasssmtps|olors/blue/uploader|ong|ontentloader1|ss/colors/coffee/index)|' .
+            'd(?:7|eadcode\d*|epotcv|isagraep|kiz|ummyyummy/wp-signup)|' .
             'ee|' .
             'f(?:ddqradz|ilefuns?)|' .
             'g(?:el4y|etid3-core|h[0o]st|lab-rare|zismexv)|' .
-            'h[4a]x+[0o]r|h6ss|hanna1337|hehehe|kvkjguw|htmlawedtest|' .
-            'i(?:\d{3,}[a-z]{2,}|cesword|ndoxploit|optimize|r7szrsouep|itsec|xr/(?:allez|wp-login))|' .
+            'h(?:[4a]x+[0o]r|6ss|anna1337|ehehe|sfpdcd|tmlawedtest)|' .
+            'i(?:\d{3,}[a-z]{2,}|cesword|ndoxploit|optimize|oxi/alfa-ioxi|r7szrsouep|itsec|xr/(?:allez|wp-login))|' .
+            'kvkjguw|' .
             'lock0?360|lufix(?:-shell)?|' .
             'miin|my1|' .
-            'old/wp-admin/install|orvx(?:-shell)?|othiondwmek|' .
-            'perl\.alfa|php(?:1|_niu_\d+)|(?:plugins|themes)/(?:ccx|ioptimization|yyobang)|poison|priv8|pzaiihfi|' .
+            'njima|' .
+            'o(?:ld(?:/wp-admin/install|-up-ova)|rvx(?:-shell)?|thiondwmek)|' .
+            'p(?:erl\.alfa|hp(?:1|_niu_\d+)|oison|riv8|wnd|zaiihfi)|' .
             'rendixd|' .
             's(?:ession91|h[3e]llx?\d*|hrift|idwso|ilic|kipper(?:shell)?|onarxleetxd|pammervip|rc/util/php/(?:eval(?:-stdin)?|kill))|' .
-            't62|tenda\.sh.*tenda\.sh|themes/(?:finley/min|pridmag/db|universal-news/www)|tinymce/(?:langs/about|plugins/compat3x/css/index)|tk(?:_dencode_\d+)?|(?:tmp|wp-content)/vuln|topxoh/(?:drsx|wdr)|' .
-            'u(?:nisibfu|pfile(?:_\\(\d\\))?|ploader_by_cloud7_agath|tchiha(?:_uploader)?)|' .
-            'vzlateam|' .
+            't(?:62|enda\.sh.*tenda\.sh|emplates/beez/index|hemes/(?:finley/min|pridmag/db|universal-news/www)|hreefox(?:_exploit/index)?|inymce/(?:langs/about|plugins/compat3x/css/index)|k_dencode_\d+|mp/vuln|opxoh/(?:drsx|wdr))|' .
+            'u(?:bh/up|nisibfu|pfile(?:_\\(\d\\))?|ploader_by_cloud7_agath|tchiha(?:_uploader)?)|' .
+            'v(?:endor/bin/loader|zlateam)|' .
             'w(?:[0o]rm\d+|0rdpr3ssnew|alker-nva|ebshell-[a-z\d]+|idgets-nva|idwsisw|loymzuk)|' .
-            'wp[-_](?:2019|22|(?:admin(?:/images)?|content|css(?:/colors)?|includes(?:/ixr|/customize|/pomo)?|js(?:/widgets)?|network)/(?:dropdown|fgertreyersd|(?:images|widgets)/include|install|js/privacy-tools\.min|(?:random_compat/|requests/)?class(?:_api|-wp-page-[\da-z]{5,})|repeater|simple|text/about|themes/hello-element/footer|uploads/error_log|wp-login)|conflg|content/plugins/(?:backup-backup/includes/hro|cache/dropdown|contact-form-7/.+styles-rtl|contus-hd-flv-player/uploadvideo|(?:core-plugin/|wordpresscore/)?include|dzs-zoomsounds/savepng|fix/up|(?:view-more/)?ioxi|wp-file-manager/lib/php/connector\.minimal)|filemanager|setups|sigunq|sts|p)|' .
-            'wp-configs|' .
+            'wp[-_](?:2019|22|(?:admin(?:/images)?|content|css(?:/colors)?|includes(?:/ixr|/customize|/pomo)?|js(?:/widgets)?|network)/(?:dropdown|fgertreyersd|(?:images|widgets)/include|install|js/privacy-tools\.min|(?:random_compat/|requests/)?class(?:_api|-wp-page-[\da-z]{5,})|repeater|simple|text/about|themes/hello-element/footer|uploads/error_log|vuln|wp-login)|conflg|content/plugins/(?:backup-backup/includes/hro|cache/dropdown|contact-form-7/.+styles-rtl|contus-hd-flv-player/uploadvideo|(?:core-plugin/|wordpresscore/)?include|dzs-zoomsounds/savepng|fix/up|(?:view-more/)?ioxi|wp-file-manager/lib/php/connector\.minimal)|filemanager|setups|sigunq|sts|p)|' .
+            'wp-(?:configs|l0gins?)|' .
             'ws[ou](?:yanz)?(?:[\d.]*|[\da-z]{4,})|wwdv|' .
             'x{3,}|xiaom|xichang/x|x+l(?:\d+|eet(?:mailer|-shell)?x?)|xm(?:lrpcs|lrpz|rlpc)|xw|' .
             'ya?nz|yyobang/mar|' .
             'zone_hackbar(?:_beutify_other)?|' .
+            '(?:plugins|themes)/(?:ccx|ioptimization|yyobang)|' .
             '版iisspy|大马|一句话(?:木马|扫描脚本程序)?' .
             ')\.php[57]?(?:$|[/?])~',
             $LCNrURI
         ), 'Probing for webshells/backdoors')) {
             $CIDRAM['Reporter']->report([15, 20, 21], ['Caught probing for webshells/backdoors. Host might be compromised.'], $CIDRAM['BlockInfo']['IPAddr']);
-        } // 2023.08.18 mod 2025.01.14
+        } // 2023.08.18 mod 2025.02.13
 
         /** Probing for vulnerable plugins or webapps. */
         if (

diff --git a/modules/modules.dat b/modules/modules.dat
@@ -144,7 +144,7 @@ module_abuseipdb.php:
 module_badhosts.php:
  Name: "Bad hosts blocker module"
  False Positive Risk: "Medium"
- Version: "2024.258.0"
+ Version: "2025.43.0"
  Dependencies:
   PHP: "^5.4|^7|^8"
   CIDRAM Core: "^1.13.1|^2.0.1"
@@ -156,7 +156,7 @@ module_badhosts.php:
   To:
    - "module_badhosts.php"
   Checksum:
-   - "8365ca24aea69dcbffc39478f46f689d8c784f1e4fabfde2353d4d955447bb4c:14647"
+   - "fc1c3be5f179f6feb7320d3de00d58cfb2b1e06c3d86208edf9b4028ee5d2c10:14662"
  Used with: "modules"
  Reannotate: "modules.dat"
 module_badtlds.php:
@@ -239,7 +239,7 @@ module_cookies.php:
 module_extras.php:
  Name: "Optional security extras module"
  False Positive Risk: "Medium"
- Version: "2025.13.0"
+ Version: "2025.43.0"
  Dependencies:
   PHP: "^5.4|^7|^8"
   CIDRAM Core: "^1.13.1|^2.0.1"
@@ -254,7 +254,7 @@ module_extras.php:
    - "module_extras.php"
    - "module_extras.yaml"
   Checksum:
-   - "d8168e7abd69b1c097d5131c0ab43c11c1d7545026d3781d964f3ca707308105:28787"
+   - "c9111df6d0aff6f93bccfb9b25bfdfc3e468c0b8afc22d480df3f4963f1e0950:29013"
    - "7b891d1fa4b1c52c410220bc758e8cb7064bd6040430fb149a5b60e9ae2e0838:890"
  Used with: "modules"
  Reannotate: "modules.dat"