Thread: [mod-security-users] political web site attacked
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Peter v. S. <pet...@ho...> - 2005-03-22 02:07:51
|
Hello, this night a political web site in the Netherlands was attacked. I would like to know what can be done with mod-security and how it should be implemented. Let us say: mod-security for dummies. Thanks in advance. Peter _________________________________________________________________ Play online games with your friends with MSN Messenger http://messenger.msn.nl/ |
|
From: Meder B. <ba...@tr...> - 2005-03-22 05:59:47
|
Hello! Did you look at http://www.apachesecurity.net/ ? Good Luck! On Tuesday 22 March 2005 07:07, Peter van Summeren wrote: > Hello, > this night a political web site in the Netherlands was attacked. > > I would like to know what can be done with mod-security and how it should > be implemented. > Let us say: mod-security for dummies. > Thanks in advance. > Peter > > _________________________________________________________________ > Play online games with your friends with MSN Messenger > http://messenger.msn.nl/ > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users -- Best rgrds, .coder My Intellect is The Power! (c) The Prodigy |
|
From: Ivan R. <iv...@we...> - 2005-03-22 08:08:26
|
Peter van Summeren wrote:
> Hello,
> this night a political web site in the Netherlands was attacked.
>
> I would like to know what can be done with mod-security and how it
> should be implemented.
I assume the web site is being subjected to a Denial of Service
attack? As a rule of thumb, the only effective defense against
DoS can be implemented on the firewall level before it even
reaches Apache. The real question is how do you find out the
IP addresses the attackers are coming from? Ideally you would
put an automated process in place, to send the IP addresses to
your firewall.
You need to tell us more about the problem:
1. How is the web server being attacked?
2. Is it a network-based attack (TCP or UDP packets) or
a HTTP-based attack (e.g. against Apache or an application
running on the server).
3. Can you determine the attacking IP addresses from the
logs?
--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
|
|
From: Oliver S. <Bor...@gm...> - 2005-03-22 09:05:55
|
This highly depends on the attack vector used (and to be used). mod_security helps you to overcome flaws in scripts and much more, but it could not helo (IMO) if a DDoS (Distributed Denial of Service) attack is performed against your machine. In this case there's only a chance if you can distinguish the DDoS packets from normal packets - which is usually not possible. Also several server settings (both of the server software and the OS's TCP/IP stack) can be tweaked to overcome ongoing attacks. E.g. the server usually sends a reply to every valid incoming connection request and already reserves system resources for the connection which would be made upon reply of the client. But when the client does not reply, these system resources will often be freed only after certain minutes. Now assume lots of these "connection attempts" and you understand the attack vector - the system simply exhausts its own resources. Tweaking this setting can help to counteract. Oliver -- --------------------------------------------------- May the source be with you, stranger ;) ICQ: #281645 URL: http://assarbad.net |
|
From:
<gve...@mi...> - 2005-03-22 13:57:49
|
On which Linux Distribution are you trying to install mod_security? first of all you must compile mod_security and integrate with Apache using LoadModule directive (done automatically). Then you must configure mod_security. Also an IDS could help you (Snort). The web site was defaced? Regards, Geffrey Peter van Summeren wrote: > Hello, > this night a political web site in the Netherlands was attacked. > > I would like to know what can be done with mod-security and how it > should be implemented. > Let us say: mod-security for dummies. > Thanks in advance. > Peter > > _________________________________________________________________ > Play online games with your friends with MSN Messenger > http://messenger.msn.nl/ > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users |
Thanks for helping keep SourceForge clean.
X