lost

Well-Known Member
Aug 19, 2003
73
0
156
hello,
someone manages to upload a script line in this format to several of my servers. This script line shows up in random useraccounts in random folders.

<script>x=8;es="108;102;105;126;97;104;..........................etc.......etc...........

This script causes havoc for people visiting the affected websites.

Has anyone else had this happen and how do you protect against it? I.e. what mod_security rules could be effectively used?
If anyone can help, please respond

Thanks
L
 

ramprage

Well-Known Member
Jul 21, 2002
655
0
166
Canada
This sounds like an XSS attack. You need to find the source of where this is coming from.

EG:
# WEB-PHP PHP-Wiki cross site scripting attempt
SecFilterSelective THE_REQUEST "<script"