Thanks. It looks like that relies on edits to: \IIS webroot\web.config
With IIS 6 and ACF (no .NET), I do not even have that file present. Do you know: do I just add it as a blank text file and then start throwing ModSecurity stuff into it? On Tue, Jun 25, 2013 at 4:00 PM, Jordan Michaels <[email protected]>wrote: > > http://www.modsecurity.org/index.html > > Higher learning curve then fuseguard, but will do the job. > > Warm Regards, > Jordan Michaels > > On 06/25/2013 12:49 PM, John M Bliss wrote: > > > > Thanks. Any free solutions? > > > > > > On Tue, Jun 25, 2013 at 3:44 PM, Jordan Michaels <[email protected] > >wrote: > > > >> > >> Fuseguard will auto-kill requests like that. Will send a forbidden > >> response back. > >> > >> Warm Regards, > >> Jordan Michaels > >> > >> On 06/25/2013 10:16 AM, John M Bliss wrote: > >>> > >>> I don't have PHP installed so I guess I'm not vulnerable, right? > >>> > >>> Any idea how to have CF (or IIS) auto-kill requests like this? > >>> > >>> > >>> On Tue, Jun 25, 2013 at 1:09 PM, Cameron Childress <[email protected] > >>> wrote: > >>> > >>>> > >>>> On Tue, Jun 25, 2013 at 12:56 PM, John Bliss wrote: > >>>> > >>>>> - what that req is supposed to do? > >>>>> - how to be sure to block it? > >>>>> > >>>> > >>>> First result via Google for that string: > >>>> > >>>> Plesk 0-day Remote Vulnerability in the Wild > >>>> > >>>> > >> > http://blog.sucuri.net/2013/06/plesk-0-day-remote-vulnerability-in-the-wild.html > >>>> > >>>> -Cameron > >>>> > >>>> ... > >>>> > >>>> > >>>> > >>> > >>> > >> > >> > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356080 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
