mod-security-users

[mod-security-users] political web site attacked

[Peter v. S. <pet...@ho...>]

Hello,
this night a political web site in the Netherlands was attacked.

I would like to know what can be done with mod-security and how it should be 
implemented.
Let us say: mod-security for dummies.
Thanks in advance.
Peter

_________________________________________________________________
Play online games with your friends with MSN Messenger 
http://messenger.msn.nl/

Re: [mod-security-users] political web site attacked

[Meder B. <ba...@tr...>]

Hello!

Did you look at http://www.apachesecurity.net/ ?

Good Luck!

On Tuesday 22 March 2005 07:07, Peter van Summeren wrote:
> Hello,
> this night a political web site in the Netherlands was attacked.
>
> I would like to know what can be done with mod-security and how it should
> be implemented.
> Let us say: mod-security for dummies.
> Thanks in advance.
> Peter
>
> _________________________________________________________________
> Play online games with your friends with MSN Messenger
> http://messenger.msn.nl/
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users

-- 
Best rgrds,
.coder

My Intellect is The Power! (c) The Prodigy

Re: [mod-security-users] political web site attacked

[Ivan R. <iv...@we...>]

Peter van Summeren wrote:
> Hello,
> this night a political web site in the Netherlands was attacked.
> 
> I would like to know what can be done with mod-security and how it 
> should be implemented.

   I assume the web site is being subjected to a Denial of Service
   attack? As a rule of thumb, the only effective defense against
   DoS can be implemented on the firewall level before it even
   reaches Apache. The real question is how do you find out the
   IP addresses the attackers are coming from? Ideally you would
   put an automated process in place, to send the IP addresses to
   your firewall.

   You need to tell us more about the problem:

   1. How is the web server being attacked?

   2. Is it a network-based attack (TCP or UDP packets) or
      a HTTP-based attack (e.g. against Apache or an application
      running on the server).

   3. Can you determine the attacking IP addresses from the
      logs?

-- 
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org

Re: [mod-security-users] political web site attacked

[Oliver S. <Bor...@gm...>]

This highly depends on the attack vector used (and to be used). mod_security
helps you to overcome flaws in scripts and much more, but it could not helo
(IMO) if a DDoS (Distributed Denial of Service) attack is performed against
your machine.
In this case there's only a chance if you can distinguish the DDoS packets
from normal packets - which is usually not possible. Also several server
settings (both of the server software and the OS's TCP/IP stack) can be
tweaked to overcome ongoing attacks. E.g. the server usually sends a reply
to every valid incoming connection request and already reserves system
resources for the connection which would be made upon reply of the client.
But when the client does not reply, these system resources will often be
freed only after certain minutes. Now assume lots of these "connection
attempts" and you understand the attack vector - the system simply exhausts
its own resources. Tweaking this setting can help to counteract.

Oliver

-- 
---------------------------------------------------
May the source be with you, stranger ;)

ICQ: #281645
URL: http://assarbad.net

Re: [mod-security-users] political web site attacked

[<gve...@mi...>]

On which Linux Distribution are you trying to install mod_security?  
first of all you must compile mod_security and integrate with Apache 
using LoadModule directive (done automatically). Then you must configure 
mod_security.

Also an IDS could help you (Snort).

The web site was defaced?

Regards,
Geffrey

Peter van Summeren wrote:

> Hello,
> this night a political web site in the Netherlands was attacked.
>
> I would like to know what can be done with mod-security and how it 
> should be implemented.
> Let us say: mod-security for dummies.
> Thanks in advance.
> Peter
>
> _________________________________________________________________
> Play online games with your friends with MSN Messenger 
> http://messenger.msn.nl/
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users