| Author |
|
ArtM
Joined: 23 Feb 2006
Posts: 59
Location: Bedford NS Canada
|
 Posted: Mon 18 Nov '13 4:40 Post subject: Site And/Or Apache Blasted HTML Injection |
 |
|
I have a simple plain non commercial webcam site running - at home - for years. Myself & number of locals - and some former locals - use it for local/family specific info. Runs Apache/2.2.0 (Win32) PHP/5.1.2. Mysql & tiny bit PHP used. Mod_security Jan 2006. Also runs Trend Rubotted.
Woke up day after Rememberance Day (!) to find site down & Rubotted showing HTML_COMMAND_INJECTION_REQUEST Error & PARTIALLY fixed. Poking around looks like HTTPD.EXE deleted !
Googling a little bit looks like I may have been a victim of DARKLEECH. I think. I'm not a professional webmaster type. Just an old programmer trying to get some local & family benefit out of an old PC ASUS P/I-P55T2P4 running an AMD K6 @ 450MHz (!) Win XP.
1. Any suggestions for cleaning up/out existing site(s) & site html ? Really needed - or has attempt failed ?
2. Once cleaned, I can reset it up with later versions. Only takes time - being a senior - I'm running a little short of; and really don't need the aggravation. Am considering whether the time input to keep ahead of the Internet Criminals is worth my time.
3. Any suggestions for setup &/or 'Hardening' the site to give me some peace away from constant maintenance to stay ahead of the darker elements in our midst - for a little while longer ?
Thoughts ? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7355
Location: Germany, Next to Hamburg
|
| Posted: Thu 21 Nov '13 14:26 Post subject: |
|
|
I think you upgrade apache and mod security to the last version and also look in the mod security rules if there is something against that intruder.
Apache 2.2.ZERO is pretty old! |
|
| Back to top |
|
ArtM
Joined: 23 Feb 2006
Posts: 59
Location: Bedford NS Canada
|
| Posted: Tue 26 Nov '13 18:04 Post subject: |
|
|
| Quote: | I think you upgrade apache and mod security to the last version and also look in the mod security rules if there is something against that intruder.
Apache 2.2.ZERO is pretty old! |
You are right. Have to upgrade. But to where ? I note latest download proviso ..
| Quote: | | A VC11 binary loads VC11, VC10 and VC9 modules, and does not run on XP and 2003. |
So given my older XP-P-SP3, can you suggest the correct versions of Apache, VCxx, /System/MSVCRxx.dll, PHP, Mysql ?
PS - Even then, does the vanilla-non-commercial Mod_Security configuration foil Injection errors ?? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7355
Location: Germany, Next to Hamburg
|
| Posted: Tue 26 Nov '13 19:02 Post subject: |
|
|
There is a download page for VC10 Win32 with 2.2.26.
The non commercial mod security can block all injections! Important are the rules that you use. |
|
| Back to top |
|
ArtM
Joined: 23 Feb 2006
Posts: 59
Location: Bedford NS Canada
|
| Posted: Wed 27 Nov '13 0:01 Post subject: |
|
|
I note you suggest VC10 Win32 Apache 2.2.26
1. If going thru the effort for 2.2.26, Is there a reason not to go with a newer vsn like 2.4 ? Perhaps it will not run on XP ??
2. Can I JUST update Mod_Security and/or rules while running 2.2.0 ?
3. Is & where might one find more / better rules than the Mod_Security defaults - keeping in mind my home server budget = -zero- !? |
|
| Back to top |
|
ArtM
Joined: 23 Feb 2006
Posts: 59
Location: Bedford NS Canada
|
| Posted: Wed 27 Nov '13 5:36 Post subject: |
|
|
| ArtM wrote: | | 1. If going thru the effort for 2.2.26, Is there a reason not to go with a newer vsn like 2.4 ? Perhaps it will not run on XP ?? |
OK - Found it, From the Readme for 2.4.6
| Quote: | Minimum system required
-----------------------
Windows 7 SP1
Windows 8 / 8.1
Windows Server 2008 R2 SP1
Windows Server 2012 / R2
Windows Vista SP2 |
No Win XP ! |
|
| Back to top |
|
mesa57
Joined: 22 Nov 2013
Posts: 12
Location: Mijdrecht, Netherlands
|
| Posted: Wed 27 Nov '13 10:00 Post subject: |
|
|
| The VC9 version will run under XP. |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3093
Location: Hilversum, NL, EU
|
| Posted: Wed 27 Nov '13 11:18 Post subject: |
|
|
| Also the VC10 version runs XP, only VC11 does not. |
|
| Back to top |
|
ArtM
Joined: 23 Feb 2006
Posts: 59
Location: Bedford NS Canada
|
| Posted: Thu 28 Nov '13 3:57 Post subject: |
|
|
| Steffen wrote: | | Also the VC10 version runs XP, only VC11 does not. |
Hmmm... OK Thnx Mesa & Steffen.. will have to backtrack & work on setting up 2.4.7 VC10 on XP now ...
Any problems adding Mod_Security, PHP, MySQL to this version, pls advise . . . |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7355
Location: Germany, Next to Hamburg
|
| Posted: Thu 28 Nov '13 12:33 Post subject: |
|
|
| there are no known problems. What is your actual question? |
|
| Back to top |
|
ArtM
Joined: 23 Feb 2006
Posts: 59
Location: Bedford NS Canada
|
| Posted: Fri 29 Nov '13 3:22 Post subject: |
|
|
| No specific question . . . . yet |
|
| Back to top |
|
