????JFIF??x?x????'403WebShell
403Webshell
Server IP : 172.67.174.47  /  Your IP : 216.73.216.87
Web Server : LiteSpeed
System : Linux premium151.web-hosting.com 4.18.0-553.44.1.lve.el8.x86_64 #1 SMP Thu Mar 13 14:29:12 UTC 2025 x86_64
User : tempvsty ( 647)
PHP Version : 8.0.30
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /./var/imunify360/files/sigs/v1_2024-08-27T042355.714785Z/heuristic/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /./var/imunify360/files/sigs/v1_2024-08-27T042355.714785Z/heuristic/main.yara
// import "math"
include "webshells.yara"

/*private  global rule size_limit
{
    condition:
        filesize < 1MB
        
}

private rule is_php
{
    strings:
        $str = /<\?(php|\s)/

    condition:
        (filesize < 1MB) and $str
}

private rule php_keywords_rate {
    strings:
        $keyword = /\b(this|if|return|function|else|array|false|true)\b/
        
    condition:
        is_php and math.divide(#keyword, filesize) > 0.001
}

rule php_packed
{
    strings:
        $func1 = /base64_decode\s*\(/
        $func2 = /eval\s*\(/
        $func3 = /\$[a-zA-Z0-9_]+\(/
        
    condition:
        is_php and (($func1 and $func2) or $func3) and (math.entropy(0, filesize) >= 5.00)  and not php_keywords_rate //5.81
}
*./

Youez - 2016 - github.com/yon3zu
LinuXploit