ModSecurity used to terminally slow down web systems adding a great deal of
load while actually doing little denial and only verbose exploit logging
assistance in return, while also opening the system to additional Denial of
Service threat conditions.THIS HAS CHANGED, however there are still some risks
to flat implementation of ModSecurity. For instance, you can't really layer
good engineering over bad and expect miracles?ModSecurity Limitations and
Caveats:1) Stateful Request Monitoring - Layer 7 Application
Firewallhttp://www.modsecurity.org/http://adeptus-mechanicus.com/codex/apchems/apchems.htmlDon't
try to run anything but the current versions do to known security risks!2)
Capacity PlanningBut beware before playing with modsecurity!ModSecurity can be
exploited itself - since it's easy to DoS, and slows down requests, however if
you have the processing power, use ModEvasive protection
also:http://adeptus-mechanicus.com/codex/apcheme/apcheme.htmlhttp://www.associatedcontent.com/article/6379/about_modsecurity_and_moddosevasive.html3)
Of course a fine Reverse Proxy security setup might also be fun! You have a
test network
right?http://linuxadministration.wordpress.com/2007/09/06/advance-apache-security-mod_proxymod_securitymod_evasive/4)
A complete security appraisal of your current index.php, CMS version, Php.ini
and Apache version would be in order. Do you KNOW the exploits currently
available for your system? I.E. Are you running Joomla, Web 2.0, Mambo or
another CMS drop and deploy application?Each item, from your kernel, your SSL,
Apache, Mysql, version and each php tool built upon it has it's known security
holes. A saavy security systems administrator might do well to know each and
play for upgrades or layered tools to mitigate the risk.Are you using a custom
web development binary, or a drop in yum Apache/Php for instance? Various
known issues exist with versions configured right out of the box; what
hardening was completed?www.Obnosis.com |
http://en.wiktionary.org/wiki/Citations:obnosis |
http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452Catch the
January PLUG HackFest! Kristy Westphal, CSO for the Arizona Department of
Economic
Security will provide a one hour
presentation on forensics.Date: Wed, 3 Dec 2008 15:48:17 -0700From: [EMAIL
PROTECTED]: [EMAIL PROTECTED]; [EMAIL PROTECTED]: Re: OT: Website ExploitsThat
is a fairly common tactic. It exploits poor input validation and register
globals in PHP.Do yourself a huge favor and install mod_security (I assume
you're using apache?)as an extra measure of security if you haven't already.
On Wed, Dec 3, 2008 at 3:39 PM, keith smith <[EMAIL PROTECTED]> wrote:
Hi,I am working on a website that gets a lot of exploit attempts.They mostly
look like this: /index.php?display=http://humano.ya.com/mysons/index.htm?
Our code is set to disregard any value that is not expected. I'm wondering if
there is a clearing house for reporting this type of stuff. I have the IP
address as reported.... if that is accurate.
Thanks in advance!Keith
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
_________________________________________________________________
Send e-mail faster without improving your typing skills.
http://windowslive.com/Explore/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_speed_122008---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
