Re: [mod-security-users] Fwd: Mod sec rules
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Fwd: Mod sec rules
|
From: Matt <ma...@xe...> - 2014-06-20 20:29:30
|
I downloaded that after your last email, but is modsecurity_crs_40_generic_attacks.conf the file that would contain the appropriate protection against uploading of PHP code? Matt On Fri, Jun 20, 2014 at 8:14 AM, Ryan Barnett <RBa...@tr...> wrote: > I believe the rules that come with cPanel are really old OWASP > ModSecurity Core Rule Set (CRS) rules. You should consider updating them - > https://github.com/SpiderLabs/owasp-modsecurity-crs > > *Ryan Barnett* > > Senior Lead Security Researcher, SpiderLabs > > > > *Trustwave* | SMART SECURITY ON DEMAND > > www.trustwave.com > > > From: Matt <ma...@xe...> > Reply-To: "mod...@li..." < > mod...@li...> > Date: Friday, June 20, 2014 8:10 AM > To: "mod...@li..." < > mod...@li...> > Subject: Re: [mod-security-users] Fwd: Mod sec rules > > I'm just using the default modsec rules that came with cpanel. Are you > refering to this file? modsecurity_crs_40_generic_attacks.conf > I see the file contains some PHP restrictions > > > On Thu, Jun 19, 2014 at 4:15 PM, Ryan Barnett <RBa...@tr...> > wrote: > >> Matt, >> What ModSecurity ruleset are you using? The OWASP ModSecurity Core Rule >> Set (CRS) has rules to detect PHP code being uploaded to the server. >> Additionally, our Trustwave SpiderLabs commercial rules include more rules >> to inspect outbound content that would identify most PHP webshell/backdoors >> - http://www.modsecurity.org/projects/commercial/rules/ >> >> *Ryan Barnett* >> >> Senior Lead Security Researcher, SpiderLabs >> >> >> >> *Trustwave* | SMART SECURITY ON DEMAND >> >> www.trustwave.com >> >> >> From: Matt <ma...@xe...> >> Reply-To: "mod...@li..." < >> mod...@li...> >> Date: Thursday, June 19, 2014 3:52 PM >> To: "mod...@li..." < >> mod...@li...> >> Subject: [mod-security-users] Fwd: Mod sec rules >> >> >> Hi all, >> >> Lately I've been having some security issues with a software I am using, >> I believe the software might have some type of exploit that allows files to >> be uploaded to its root directory. I don't want to say the name of the >> software at this point until that vendor has fully checked into it, but as >> a temporary solution I thought it might be possible to restrict file names >> of PHP files that are allowed to run under my cpanel account. Is this >> possible? >> >> i.e. if the attacker does upload a file called "shell.php", they won't be >> able to run it if it doesn't match a file name in the list of allows PHP >> files >> >> >> ------------------------------ >> >> This transmission may contain information that is privileged, >> confidential, and/or exempt from disclosure under applicable law. If you >> are not the intended recipient, you are hereby notified that any >> disclosure, copying, distribution, or use of the information contained >> herein (including any reliance thereon) is strictly prohibited. If you >> received this transmission in error, please immediately contact the sender >> and destroy the material in its entirety, whether in electronic or hard >> copy format. >> >> >> ------------------------------------------------------------------------------ >> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions >> Find What Matters Most in Your Big Data with HPCC Systems >> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. >> Leverages Graph Analysis for Fast Processing & Easy Data Exploration >> http://p.sf.net/sfu/hpccsystems >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> > ------------------------------------------------------------------------------ > HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions > Find What Matters Most in Your Big Data with HPCC Systems Open Source. > Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for > Fast Processing & Easy Data Exploration > http://p.sf.net/sfu/hpccsystems_______________________________________________ > mod-security-users mailing list mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------------------------------------------------------ > HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions > Find What Matters Most in Your Big Data with HPCC Systems > Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. > Leverages Graph Analysis for Fast Processing & Easy Data Exploration > http://p.sf.net/sfu/hpccsystems > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |
