Re: [mod-security-users] Boink filter
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Boink filter
|
From: Ivan R. <iv...@we...> - 2006-02-03 19:22:40
|
li...@32... wrote: > Hello, > > I just had an attempt made on my server to exploit it. The user was able to > upload a folder call .sgurz into the tmp folder, this folder had 2 files, > boink and .boink2. > > I do not think it did anything except use up all the apache processes. > > What would the filer need to be in order to block this type of attack in the > future? I don't think it's possible to do that. You could have a filter in place to watch for strings "boink" and such but that would be too easy to defeat simply by changing the names of the files. Were the files in the /tmp folder executable? Preventing execution in /tmp is always a good idea (either by mounting it non-executable or by using mandatory access controls via grsecurity or SELinux). -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com |
