Re: [mod-security-users] Fwd: Mod sec rules
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Fwd: Mod sec rules
|
From: Matt <ma...@xe...> - 2014-06-20 12:10:17
|
I'm just using the default modsec rules that came with cpanel. Are you refering to this file? modsecurity_crs_40_generic_attacks.conf I see the file contains some PHP restrictions On Thu, Jun 19, 2014 at 4:15 PM, Ryan Barnett <RBa...@tr...> wrote: > Matt, > What ModSecurity ruleset are you using? The OWASP ModSecurity Core Rule > Set (CRS) has rules to detect PHP code being uploaded to the server. > Additionally, our Trustwave SpiderLabs commercial rules include more rules > to inspect outbound content that would identify most PHP webshell/backdoors > - http://www.modsecurity.org/projects/commercial/rules/ > > *Ryan Barnett* > > Senior Lead Security Researcher, SpiderLabs > > > > *Trustwave* | SMART SECURITY ON DEMAND > > www.trustwave.com > > > From: Matt <ma...@xe...> > Reply-To: "mod...@li..." < > mod...@li...> > Date: Thursday, June 19, 2014 3:52 PM > To: "mod...@li..." < > mod...@li...> > Subject: [mod-security-users] Fwd: Mod sec rules > > > Hi all, > > Lately I've been having some security issues with a software I am using, I > believe the software might have some type of exploit that allows files to > be uploaded to its root directory. I don't want to say the name of the > software at this point until that vendor has fully checked into it, but as > a temporary solution I thought it might be possible to restrict file names > of PHP files that are allowed to run under my cpanel account. Is this > possible? > > i.e. if the attacker does upload a file called "shell.php", they won't be > able to run it if it doesn't match a file name in the list of allows PHP > files > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------------------------------------------------------ > HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions > Find What Matters Most in Your Big Data with HPCC Systems > Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. > Leverages Graph Analysis for Fast Processing & Easy Data Exploration > http://p.sf.net/sfu/hpccsystems > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |
