mod_security && c99shell anyone help please ?

dr-support

Member
Feb 7, 2007
12
0
151
I installed modsecurity from Addone module in Cpanel


When I try to apply phpshell woork good without a mistakes and I can do anything despite of the presence of protection modsecurity and disable_functions in php.ini.
Is there a particular settings add to the httpd.conf to prevent application phpshell or prevent upload it to the site ???

Is there a program or script scan and examining files immediately after upload it to the server?


thank you
 

ramprage

Well-Known Member
Jul 21, 2002
655
0
166
Canada
config server firewall isn't going to protect web applications.

Be careful with just jamming rulesets into your configuration, you'll end up with a broken set of client accounts, broken scripts and unexpected results. Often times people will spend hours weeding out rules from gotroot that break other scripts, so just be careful.
 

dr-support

Member
Feb 7, 2007
12
0
151
Configserver firewall is nice, but it's not going to stop these include attacks.

You need a good mod_sec rule set or something like Suhosin
Check here

Something like this simple rule will stop many of these.
http://www.gotroot.com/downloads/ftp/mod_security/rootkits.conf
Code:
SecFilterSelective REQUEST_URI "=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\x20?\?"
sorry I have always same problem :(
This means that there can to find a solution to this problem? ?
 

felosi

Active Member
Aug 27, 2006
39
0
156
config server firewall isn't going to protect web applications.

Be careful with just jamming rulesets into your configuration, you'll end up with a broken set of client accounts, broken scripts and unexpected results. Often times people will spend hours weeding out rules from gotroot that break other scripts, so just be careful.
Lol yah, ive done that exact thing for apache 1 and 2, takes forever. i was telling someone the other day that it would take about 6 hours to do it. I even emailed the people at gotroot and offered this ruleset they never replied. the thing is most of gotroot's rules are for stupid crap like phpbb 2.06, oddball cgi apps, and all kinda of useless crap that no one uses or has even heard of. Plus the apache1 ruleset is broken as soon as you run it.
Anyway here are the rulesets I weeded through

http://nix101.com/2007/02/24/mod-security-rules/

on another note, looks like teh guys at gotroot are being lazy or gonna abandon the project, be nice if someone else made some nice rulesets