Thread: [mod-security-users] ModSecurity for Java - Deploying
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Roger <rm...@ya...> - 2005-01-19 12:07:03
|
Hi, I am trying installing ModSecurity for Java but I can not get to run sucessfully, I get the follow message(jakarta's log) when deploying by jakarta's manager web: -------------- 2005-01-19 11:42:34 StandardContext[/msj]Excepción arrancando filtro ModSecurityFilter java.lang.UnsupportedClassVersionError: com/webkreator/modsecurity/ModSecurityFilter (Unsupported major.minor version 49.0) at java.lang.ClassLoader.defineClass0(Native Method) [...] ---------- I use jakarta-tomcat-5.0.28 with j2sdk1.4.1_01 in WinXP Pro box. What java-tools/class I must to get?? Thanks in advance! -roger __________________________________ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com |
|
From: Ivan R. <iv...@we...> - 2005-01-19 13:27:36
|
Roger wrote: > Hi, > I am trying installing ModSecurity for Java but I can not get to run > sucessfully, I get the follow message(jakarta's log) when deploying by > jakarta's manager web: > -------------- > 2005-01-19 11:42:34 StandardContext[/msj]Excepci=F3n arrancando filtro > ModSecurityFilter > java.lang.UnsupportedClassVersionError: > com/webkreator/modsecurity/ModSecurityFilter (Unsupported major.minor > version 49.0) > at java.lang.ClassLoader.defineClass0(Native Method) > [...] > ---------- >=20 > I use jakarta-tomcat-5.0.28 with j2sdk1.4.1_01 in WinXP Pro box. > What java-tools/class I must to get?? I am not familiar with that error but it seems to me that it's complaining about the class version number. I may have compiled it with JDK 1.5 by mistake. I'll post a new version, compiled with JDK 1.4, today or tomorrow. --=20 Ivan Ristic (http://www.modsecurity.org) |
|
From: Danny S. <dsh...@al...> - 2005-01-24 17:46:49
|
I am seeing a dos attack with a random string, but it includes this: highlight=%2527%252Esystem(chr(112)%252Echr(101) Can someone let me know if mod-security can help with this and how I could use it to stop it? |
|
From: Gerwin K. <ge...@di...> - 2005-01-24 17:51:35
|
Sure you can use:
SecFilterSelective ARG_highlight %27
Our company also filters for the following:
SecFilterSelective ARGS "fwrite"
SecFilterSelective ARGS "fopen"
SecFilterSelective ARGS "chr\("
SecFilterSelective ARGS "echr\("
SecFilterSelective ARGS "system\("
To be really secure :) I hope it will help you
Danny Shurett wrote:
>I am seeing a dos attack with a random string, but it includes this:
>
>highlight=%2527%252Esystem(chr(112)%252Echr(101)
>
>Can someone let me know if mod-security can help with this and how I could
>use it to stop it?
>
>
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
>Tool for open source databases. Create drag-&-drop reports. Save time
>by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
>Download a FREE copy at http://www.intelliview.com/go/osdn_nl
>_______________________________________________
>mod-security-users mailing list
>mod...@li...
>https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
>
>
>
|
|
From: Danny S. <dsh...@al...> - 2005-01-24 18:54:08
|
This didn't work for me. Here is more log info:
216.67.229.212 - - [24/Jan/2005:13:53:43 -0500] "GET
/board/viewtopic.php?p=5290&highlight=%2527%252Esystem(chr(112)%252Echr(101)
%252Echr(114)%252Echr(108)%252Echr(32)%252Echr(45)%252Echr(101)%252Echr(32)%
252Echr(34)%252Echr(112)%252Echr(114)%252Echr(105)%252Echr(110)%252Echr(116)
%252Echr(32)%252Echr(113)%252Echr(40)%252Echr(106)%252Echr(83)%252Echr(86)%2
52Echr(111)%252Echr(119)%252Echr(77)%252Echr(115)%252Echr(100)%252Echr(41)%2
52Echr(34))%252E%2527 HTTP/1.0" 200 98 "-" "Mozilla/4.0"
24.57.53.2 - - [24/Jan/2005:13:53:43 -0500] "GET
/board/viewtopic.php?p=3201&highlight=%2527%252Esystem(chr(112)%252Echr(101)
%252Echr(114)%252Echr(108)%252Echr(32)%252Echr(45)%252Echr(101)%252Echr(32)%
252Echr(34)%252Echr(112)%252Echr(114)%252Echr(105)%252Echr(110)%252Echr(116)
%252Echr(32)%252Echr(113)%252Echr(40)%252Echr(106)%252Echr(83)%252Echr(86)%2
52Echr(111)%252Echr(119)%252Echr(77)%252Echr(115)%252Echr(100)%252Echr(41)%2
52Echr(34))%252E%2527 HTTP/1.0" 200 98 "-" "Mozilla/4.0"
64.186.228.51 - - [24/Jan/2005:13:53:43 -0500] "GET
/board/viewtopic.php?p=4132&highlight=%2527%252Esystem(chr(112)%252Echr(101)
%252Echr(114)%252Echr(108)%252Echr(32)%252Echr(45)%252Echr(101)%252Echr(32)%
252Echr(34)%252Echr(112)%252Echr(114)%252Echr(105)%252Echr(110)%252Echr(116)
%252Echr(32)%252Echr(113)%252Echr(40)%252Echr(106)%252Echr(83)%252Echr(86)%2
52Echr(111)%252Echr(119)%252Echr(77)%252Echr(115)%252Echr(100)%252Echr(41)%2
52Echr(34))%252E%2527 HTTP/1.0" 200 98 "-" "Mozilla/4.0"
64.132.74.96 - - [24/Jan/2005:13:53:43 -0500] "GET
/board/viewtopic.php?p=4171&highlight=%2527%252Esystem(chr(112)%252Echr(101)
%252Echr(114)%252Echr(108)%252Echr(32)%252Echr(45)%252Echr(101)%252Echr(32)%
252Echr(34)%252Echr(112)%252Echr(114)%252Echr(105)%252Echr(110)%252Echr(116)
%252Echr(32)%252Echr(113)%252Echr(40)%252Echr(106)%252Echr(83)%252Echr(86)%2
52Echr(111)%252Echr(119)%252Echr(77)%252Echr(115)%252Echr(100)%252Echr(41)%2
52Echr(34))%252E%2527 HTTP/1.0" 200 98 "-" "Mozilla/4.0"
On 1/24/05 12:49 PM, "Gerwin Krist" <ge...@di...> wrote:
> Sure you can use:
> SecFilterSelective ARG_highlight %27
>
> Our company also filters for the following:
> SecFilterSelective ARGS "fwrite"
> SecFilterSelective ARGS "fopen"
> SecFilterSelective ARGS "chr\("
> SecFilterSelective ARGS "echr\("
> SecFilterSelective ARGS "system\("
>
> To be really secure :) I hope it will help you
>
> Danny Shurett wrote:
>
>> I am seeing a dos attack with a random string, but it includes this:
>>
>> highlight=%2527%252Esystem(chr(112)%252Echr(101)
>>
>> Can someone let me know if mod-security can help with this and how I could
>> use it to stop it?
>>
>>
>>
>>
>> -------------------------------------------------------
>> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
>> Tool for open source databases. Create drag-&-drop reports. Save time
>> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
>> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
>> _______________________________________________
>> mod-security-users mailing list
>> mod...@li...
>> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>>
>>
>>
>>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
>
|
|
From: Ivan R. <iv...@we...> - 2005-01-24 19:03:35
|
Danny Shurett wrote: > This didn't work for me. Here is more log info: How does the rest of your (mod_security) configuration look like? I am positive the signature (the first one on the list) because I tested it :) -- Ivan Ristic (http://www.modsecurity.org) |
|
From: Gerwin K. <ge...@di...> - 2005-01-24 17:52:46
|
BTW it's not a dos attack. It's the santy worm: http://www.f-secure.com/v-descs/santy_a.shtml It can do nasty things if your not patched or protected! Danny Shurett wrote: >I am seeing a dos attack with a random string, but it includes this: > >highlight=%2527%252Esystem(chr(112)%252Echr(101) > >Can someone let me know if mod-security can help with this and how I could >use it to stop it? > > > > >------------------------------------------------------- >This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting >Tool for open source databases. Create drag-&-drop reports. Save time >by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. >Download a FREE copy at http://www.intelliview.com/go/osdn_nl >_______________________________________________ >mod-security-users mailing list >mod...@li... >https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > |
|
From: Roger <rm...@ya...> - 2005-01-20 12:15:02
|
Replaced old version of jdk and jakarta for the new jdk1.5.0_01 and new jakarta-tomcat-5.5.4 and all is ok! I have still not proven Your new version complied modsecurity-java-m3a.zip with JDK 1.4 Thanks! -roger __________________________________ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com |
Thanks for helping keep SourceForge clean.
X