Re: [mod-security-users] Wrong post trigger
Brought to you by:
victorhora,
zimmerletw
From: Gerwin K. -|- D. W. <ge...@di...> - 2005-12-16 08:42:12
|
He Justin, We do install it on a private server (i still not agree on your opinion though), I rather see php adding a solution for it. Greetings, On Friday 16 December 2005 09:33, Justin Grindea wrote: > Gerwin, > > Unless this is a dedicated server in which you have absolute control on the > scripts, I find these techniques more hurting than adding something... > > We are using shared servers here and anything we tried gave false > positives. > > We are hitting the issue from a different pov - installing spam-assassin on > the gateway and quarantining the suspected spam messages for later review. > If we find false positives, we instruct the client on how to fix it (mainly > modify the email text). > Adding spamhaus/spamcop with a big score in spam-assassin does the trick, > many spammers are blacklisted or use zombies to send spam which are also > getting listed fast in the bls. > > happy spam fighting, > > Justin > > Gerwin Krist -|- Digitalus Webhosting wrote: > > Hey there my fellow list readers. I was testing some new rules (mostly > > for php email injection rules), for this it was required to have ScanPOST > > on. > > > > I have the following rule: > > SecFilterSelective ARGS_VALUES > > "(http:/).+(\.txt|\.jpg|\.dat|\.gif|\.jpeg \.ini|\:[0-9]{1,9})" > > Which should check for remote locations in server arguments (GET) only > > right? Well mod_security also triggers it when I put a remote location in > > an email form. Am I making a thinking error here? Maybe I looked to long > > to this issue :) > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users -- Met vriendelijke groet/With kind regards, Gerwin Krist Digitalus First-class Internet Webhosting (w) http://www.digitalus.nl (e) gerwin at digitalus.nl (p) PGP-ID: 79B325D4 (t) +31 (0) 598 630000 (f) +31 (0) 598 631860 *************************************************************************************** This message may contain information which is confidential or privileged. If you are not the intended recipient, please advise the sender immediately by reply e-mail and delete this message and any attachments without retaining a copy. *************************************************************************************** |