Home / Browse / ModSecurity / Mail / Archive

ModSecurity

Email Archive: mod-security-users (read-only)

2003:	_Jan	_Feb	_Mar	_Apr	_May	_Jun (2)	_Jul (17)	_Aug (7)	_Sep (8)	_Oct (11)	_Nov (14)	_Dec (19)
2004:	_Jan (46)	_Feb (14)	_Mar (20)	_Apr (48)	_May (15)	_Jun (20)	_Jul (36)	_Aug (24)	_Sep (31)	_Oct (28)	_Nov (23)	_Dec (12)
2005:	_Jan (69)	_Feb (61)	_Mar (82)	_Apr (53)	_May (26)	_Jun (71)	_Jul (27)	_Aug (52)	_Sep (28)	_Oct (49)	_Nov (104)	_Dec (74)
2006:	_Jan (61)	_Feb (148)	_Mar (82)	_Apr (139)	_May (65)	_Jun (116)	_Jul (92)	_Aug (101)	_Sep (84)	_Oct (103)	_Nov (174)	_Dec (102)
2007:	_Jan (166)	_Feb (161)	_Mar (181)	_Apr (152)	_May (192)	_Jun (250)	_Jul (127)	_Aug (165)	_Sep (97)	_Oct (135)	_Nov (206)	_Dec (56)
2008:	_Jan (160)	_Feb (135)	_Mar (98)	_Apr (89)	_May (115)	_Jun (95)	_Jul (188)	_Aug (167)	_Sep (153)	_Oct (84)	_Nov (82)	_Dec (85)
2009:	_Jan (139)	_Feb (133)	_Mar (128)	_Apr (105)	_May (135)	_Jun (79)	_Jul (92)	_Aug (134)	_Sep (73)	_Oct (112)	_Nov (159)	_Dec (80)
2010:	_Jan (100)	_Feb (116)	_Mar (130)	_Apr (59)	_May (87)	_Jun (59)	_Jul (69)	_Aug (67)	_Sep (82)	_Oct (76)	_Nov (59)	_Dec (34)
2011:	_Jan (84)	_Feb (74)	_Mar (81)	_Apr (94)	_May (188)	_Jun (72)	_Jul (118)	_Aug (109)	_Sep (111)	_Oct (80)	_Nov (51)	_Dec (44)
2012:	_Jan (80)	_Feb (123)	_Mar (46)	_Apr (12)	_May (40)	_Jun (62)	_Jul (95)	_Aug (66)	_Sep (65)	_Oct (53)	_Nov (42)	_Dec (60)
2013:	_Jan (96)	_Feb (96)	_Mar (108)	_Apr (72)	_May (83)	_Jun	_Jul	_Aug	_Sep	_Oct	_Nov	_Dec

[mod-security-users] Problem After Updating To 2.6.4

From: Anwar Bin Rajih <xanwarx@gm...> - 2012-03-15 12:34

Attachments: Message as HTML

Dear All Members

I encounter some problem after my server modsecurity got
upgraded automatically via cpanel i was on 2.3.6

my websites got hacked because my rules that i was created does not working
after update

i only want to filter or deny some words for example "test_vb"
from begin requested via url and post

i added this line in moduser2.user.conf

SecRule ARGS_POST|REQUEST_LINE|RESPONSE_BODY|REQUEST_BODY|REQUEST_URI
"test_vb"

before upgrading i was not able request test_vb anywhere on the server for
expamle in the login forms or in the url address

but now my rules seem to be not working is there any alternative method to
do this ?

Thanks All
Best Regards
Anwar Hizam

Re: [mod-security-users] Problem After Updating To 2.6.4

From: Breno Silva <breno.silva@gm...> - 2012-03-15 12:45

Attachments: Message as HTML

Hi Anwar,

I don't know about your current configuration file.

Make sure your SecRuleEngine is On
try to change the rule for:

SecRule ARGS_POST|REQUEST_LINE|
RESPONSE_BODY|REQUEST_BODY|REQUEST_URI "test_vb" ïd:1111,deny"

Thanks

Breno


On Thu, Mar 15, 2012 at 7:33 AM, Anwar Bin Rajih <xanwarx@...> wrote:

> Dear All Members
>
> I encounter some problem after my server modsecurity got
> upgraded automatically via cpanel i was on 2.3.6
>
> my websites got hacked because my rules that i was created does not
> working after update
>
> i only want to filter or deny some words for example "test_vb"
> from begin requested via url and post
>
> i added this line in moduser2.user.conf
>
> SecRule ARGS_POST|REQUEST_LINE|RESPONSE_BODY|REQUEST_BODY|REQUEST_URI
> "test_vb"
>
> before upgrading i was not able request test_vb anywhere on the server for
> expamle in the login forms or in the url address
>
> but now my rules seem to be not working is there any alternative method to
> do this ?
>
> Thanks All
> Best Regards
> Anwar Hizam
>
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
>

Re: [mod-security-users] Problem After Updating To 2.6.4

From: Reindl Harald <h.reindl@th...> - 2012-03-15 12:48

Attachments: signature.asc

Am 15.03.2012 13:33, schrieb Anwar Bin Rajih:
> I encounter some problem after my server modsecurity got upgraded automatically via cpanel i was on 2.3.6

i guess you did some manual config change cpanel not supports
that's why i do never use such backends from 3rd parties

> my websites got hacked because my rules that i was created does not working after update

if your website got hacked a few day after some manual
rules are not working you have really a bigger problem

> i only want to filter or deny some words for example "test_vb" from begin requested via url and post 
> i added this line in moduser2.user.conf
> SecRule ARGS_POST|REQUEST_LINE|RESPONSE_BODY|REQUEST_BODY|REQUEST_URI "test_vb"

as said - fix the application
modsec should filter in first front generic attacks
but it is NOT a solution having known vulerable scripts
and rely only on the protetction of any WAF

> before upgrading i was not able request test_vb anywhere on the server for 
> expamle in the login forms or in the url address
> 
> but now my rules seem to be not working is there any alternative method to do this ?

nobody can help you without knowing your configuration
how did you include "moduser2.user.conf" in your configuration
and have you made sure this manual change was not overwritten
by cpanel?

Re: [mod-security-users] Problem After Updating To 2.6.4

From: Anwar Bin Rajih <xanwarx@gm...> - 2012-03-15 13:25

Attachments: Message as HTML

Thank You Guys For The Fast Answers

anyway moduser2.user.conf was included by httpd.conf

and i restore the default config then i add my lines and it worked (Thanks
To God and you Guys) :D

the problem was from my config it was old one and some one create it for my
friend so when i restore the default config and add those lines every thing
works great now

thanks you all again
Best Regards



On Thu, Mar 15, 2012 at 3:48 PM, Reindl Harald <h.reindl@...:

>
>
> Am 15.03.2012 13:33, schrieb Anwar Bin Rajih:
> > I encounter some problem after my server modsecurity got upgraded
> automatically via cpanel i was on 2.3.6
>
> i guess you did some manual config change cpanel not supports
> that's why i do never use such backends from 3rd parties
>
> > my websites got hacked because my rules that i was created does not
> working after update
>
> if your website got hacked a few day after some manual
> rules are not working you have really a bigger problem
>
> > i only want to filter or deny some words for example "test_vb" from
> begin requested via url and post
> > i added this line in moduser2.user.conf
> > SecRule ARGS_POST|REQUEST_LINE|RESPONSE_BODY|REQUEST_BODY|REQUEST_URI
> "test_vb"
>
> as said - fix the application
> modsec should filter in first front generic attacks
> but it is NOT a solution having known vulerable scripts
> and rely only on the protetction of any WAF
>
> > before upgrading i was not able request test_vb anywhere on the server
> for
> > expamle in the login forms or in the url address
> >
> > but now my rules seem to be not working is there any alternative method
> to do this ?
>
> nobody can help you without knowing your configuration
> how did you include "moduser2.user.conf" in your configuration
> and have you made sure this manual change was not overwritten
> by cpanel?
>
>
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
>

ModSecurity

Email Archive: mod-security-users (read-only)

1 message has been excluded from this view by a project administrator.