Re: [mod-security-users] Fwd: Mod sec rules
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Fwd: Mod sec rules
|
From: Ryan B. <RBa...@tr...> - 2014-06-20 12:15:05
|
I believe the rules that come with cPanel are really old OWASP ModSecurity Core Rule Set (CRS) rules. You should consider updating them - https://github.com/SpiderLabs/owasp-modsecurity-crs Ryan Barnett Senior Lead Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Matt <ma...@xe...<mailto:ma...@xe...>> Reply-To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Date: Friday, June 20, 2014 8:10 AM To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: Re: [mod-security-users] Fwd: Mod sec rules I'm just using the default modsec rules that came with cpanel. Are you refering to this file? modsecurity_crs_40_generic_attacks.conf I see the file contains some PHP restrictions On Thu, Jun 19, 2014 at 4:15 PM, Ryan Barnett <RBa...@tr...<mailto:RBa...@tr...>> wrote: Matt, What ModSecurity ruleset are you using? The OWASP ModSecurity Core Rule Set (CRS) has rules to detect PHP code being uploaded to the server. Additionally, our Trustwave SpiderLabs commercial rules include more rules to inspect outbound content that would identify most PHP webshell/backdoors - http://www.modsecurity.org/projects/commercial/rules/ Ryan Barnett Senior Lead Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Matt <ma...@xe...<mailto:ma...@xe...>> Reply-To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Date: Thursday, June 19, 2014 3:52 PM To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: [mod-security-users] Fwd: Mod sec rules Hi all, Lately I've been having some security issues with a software I am using, I believe the software might have some type of exploit that allows files to be uploaded to its root directory. I don't want to say the name of the software at this point until that vendor has fully checked into it, but as a temporary solution I thought it might be possible to restrict file names of PHP files that are allowed to run under my cpanel account. Is this possible? i.e. if the attacker does upload a file called "shell.php", they won't be able to run it if it doesn't match a file name in the list of allows PHP files ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ mod-security-users mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems_______________________________________________ mod-security-users mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
