I've got this trigger I've been using to watch for wanna-be hackers, it works pretty well however it's a bit iron-fisted. In particular, the action=edit matches a lot of common legitimate uses of various PHP apps such as roundcube.
I was hoping someone might be able to recommend a means of whitelisting legitimate uses, without nerfing the trigger itself. I'm using it as part of a template, so white-listing specific IPs is not an option.
Any help is appreciated!
.regexp(htaccess|c99\.php|r57\.php|filesman\.php|f ilemanager|passthru|shell_exec|system|phpinfo|base 64_decode|edoced_46esab|chmod|mkdir|fopen|fclose|w 00tw00t|setup\.php|install\.php|readfile|act=edit| action=edit|\/bin\/|\/sbin\/)}=1
Any help is appreciated!