Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: mod_security stops hackers again!!! |
|
Author |
|
Brian
Joined: 21 Oct 2005 Posts: 209 Location: Puyallup, WA USA
|
Posted: Sun 23 Oct '05 3:24 Post subject: mod_security stops hackers again!!! |
|
|
I am such a big fan of mod_security because time and time again it has blocked hack attempts.
Many of us are under attack because of the ease at which would be hackers seek, find, and attempt to exploit weaknesses in PHPBB. Google and the like make it so very easy to locate potential victims, and my own forum is no exception.
In many cases, the hacker tries to upload a script, exploiting a weakness in an admin file (which I will not list here), and through this hack they try to execute a passthru call to upload a perl script. The essence of this exploit is to upload a crude IRC type server script that can execute shell commands, and then it can create all sorts of trouble.
Simple but effective rules that mod_security has used include:
normalizing URLs
scanning post payloads
preventing walking back directories ../../../
blocking the known PHPBB hacks and exploits
blocking NULL byte attacks
blocking SQL injection attacks
.... and so on
I have seen entries in my security.log file for each and every one of these attacks, and none have had a prayer of succeeding. I am very grateful that I had the ability to stop these attacks at the server level, rather than trying to build some other protective barrier.
Use the binaries that Steffen has provided, but be sure to follow the instructions or they may not work properly for you. For me though, they appear to be working with absolute perfection.
Like any web master should, I do try to watch for potential exploits, not only in my own code, but from those that may be in code that I did not write. Let us hope that we can all stay ahead of the cyber terrorists that seek to destroy our servers, and our livelyhoods.
--
Brian Abbott
|
|
Back to top |
|
|
|
|
|
|