I'm just using the default modsec rules that came with cpanel. Are you refering to this file? modsecurity_crs_40_generic_attacks.conf
I see the file contains some PHP restrictions

On Thu, Jun 19, 2014 at 4:15 PM, Ryan Barnett <RBarnett@trustwave.com> wrote:
What ModSecurity ruleset are you using?  The OWASP ModSecurity Core Rule Set (CRS) has rules to detect PHP code being uploaded to the server.  Additionally, our Trustwave SpiderLabs commercial rules include more rules to inspect outbound content that would identify most PHP webshell/backdoors - http://www.modsecurity.org/projects/commercial/rules/

Ryan Barnett

Senior Lead Security Researcher, SpiderLabs




From: Matt <matt@xerad.com>
Reply-To: "mod-security-users@lists.sourceforge.net" <mod-security-users@lists.sourceforge.net>
Date: Thursday, June 19, 2014 3:52 PM
To: "mod-security-users@lists.sourceforge.net" <mod-security-users@lists.sourceforge.net>
Subject: [mod-security-users] Fwd: Mod sec rules

Hi all,

Lately I've been having some security issues with a software I am using, I believe the software might have some type of exploit that allows files to be uploaded to its root directory. I don't want to say the name of the software at this point until that vendor has fully checked into it, but as a temporary solution I thought it might be possible to restrict file names of PHP files that are allowed to run under my cpanel account. Is this possible?

i.e. if the attacker does upload a file called "shell.php", they won't be able to run it if it doesn't match a file name in the list of allows PHP files

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
mod-security-users mailing list
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: