Re: [mod-security-users] Sanity.A - phpbb worm
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Sanity.A - phpbb worm
|
From: Gerwin K. <ge...@di...> - 2005-01-31 16:09:51
|
Well this will help to protect against the bug in phpbb2. But I would=20
also advice you to use the following rules:
SecFilterSelective ARGS "wget\x20"
SecFilterSelective ARGS "perl\x20"
SecFilterSelective ARGS "curl\x20"
SecFilterSelective ARGS "fwrite"
SecFilterSelective ARGS "fopen"
SecFilterSelective ARGS "chr\("
SecFilterSelective ARGS "echr\("
SecFilterSelective ARGS "system\("
these will protect you big time for other buggy php code too! I hope=20
this will help you a little.
Michael Hochradel wrote:
> First off, let me say thanks for making such a great product and=20
> maintaining this mailing list so the newbies like me can get some=20
> answers on things. My question, obviously, relates to the sanity worm.=20
> I saw on the main page the post from Dec 22 regarding this rule:
>
> SecFilterSelective ARG_highlight %27
>
> I=92m wondering how effective this is and if there are any new strains =
I=20
> need to be aware of or any other advice from the community about=20
> dealing with this worm.
|
