The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security && c99shell anyone help please ?

Discussion in 'Security' started by dr-support, Jun 5, 2007.

  1. dr-support

    dr-support Member

    Joined:
    Feb 7, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    I installed modsecurity from Addone module in Cpanel


    When I try to apply phpshell woork good without a mistakes and I can do anything despite of the presence of protection modsecurity and disable_functions in php.ini.
    Is there a particular settings add to the httpd.conf to prevent application phpshell or prevent upload it to the site ???

    Is there a program or script scan and examining files immediately after upload it to the server?


    thank you
     
  2. Tymsah

    Tymsah Well-Known Member

    Joined:
    Apr 6, 2007
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
  3. bornonline

    bornonline Well-Known Member

    Joined:
    Nov 19, 2004
    Messages:
    139
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    Configserver firewall is nice, but it's not going to stop these include attacks.

    You need a good mod_sec rule set or something like Suhosin
    Check here

    Something like this simple rule will stop many of these.
    http://www.gotroot.com/downloads/ftp/mod_security/rootkits.conf
    Code:
    SecFilterSelective REQUEST_URI "=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\x20?\?"
     
  4. dr-support

    dr-support Member

    Joined:
    Feb 7, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    I'll try nowww thank you
     
  5. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    config server firewall isn't going to protect web applications.

    Be careful with just jamming rulesets into your configuration, you'll end up with a broken set of client accounts, broken scripts and unexpected results. Often times people will spend hours weeding out rules from gotroot that break other scripts, so just be careful.
     
  6. dr-support

    dr-support Member

    Joined:
    Feb 7, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    sorry I have always same problem :(
    This means that there can to find a solution to this problem? ?
     
  7. felosi

    felosi Active Member

    Joined:
    Aug 27, 2006
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Lol yah, ive done that exact thing for apache 1 and 2, takes forever. i was telling someone the other day that it would take about 6 hours to do it. I even emailed the people at gotroot and offered this ruleset they never replied. the thing is most of gotroot's rules are for stupid crap like phpbb 2.06, oddball cgi apps, and all kinda of useless crap that no one uses or has even heard of. Plus the apache1 ruleset is broken as soon as you run it.
    Anyway here are the rulesets I weeded through

    http://nix101.com/2007/02/24/mod-security-rules/

    on another note, looks like teh guys at gotroot are being lazy or gonna abandon the project, be nice if someone else made some nice rulesets
     
Loading...

Share This Page