Sometimes things move on and technology tramples on you. It’s not that technology doesn’t care, by its very nature it can’t. In some situations the use of technology is so positive that the consequences are not even considered.
This picture sums it all up for me unfortunately.
This one image represents a whole rant [...]
Fed up of a Persistant spammer, This is how to RickRoll Persistant WordPress Spammers.
In case you weren’t aware phpBB.com was breached using an exploit in phpList. Here is a quick and very dirty rule to protect your servers while you get phpList updated.
SecRule ARGS_NAMES “ConfigFile” “deny,log,auditlog,redirect:http://127.0.0.1″
Anyone passing the Argument ConfigFile via the URL needs shooting >.<
Please note the fix that phpList have released fixes this problem but [...]
http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/
I am only surmising from the limited information I can see here that ModSecurity would have protected them? Comments on this one welcome…
Rule 959001 does seem to cover the “SelECT” part of the URL in the screen shots but when I try a random url with this string in it on my website [...]
I am sure we all have our favorite Bushisms and favorite video clips where Bush pulled a Boner. El Gordo does seem to want to keep up with him now though. With Bush giving us classic lines such as “The problem with the French is that they have no word for Entrepeneur” you [...]
I noticed the activity light on my router at home going crazy last night. I initially thought it was Thunderbird checking all my Imap accounts but after 5 minutes it was still going.
Nominet requires that the uk postcode be in a valid format, this is a routine I wrote many years ago but still works today.
Code after the break
As you can see by looking at the top of this page I am no graphics artist or photography expert. At the risk of being very cheeky, If anyone can offer an image to replace the above one I would be incredibly grateful and will of course provide full credit and a link [...]
Ofer Shezaf at xiom.com has created a list of Application Specific Rules for ModSecurity. He is actively looking for these rules so it should be updated quite regularly I think.
Ofer Shezaf was one of the Team that brought us ModSecurity in the first place although he is no longer there. You can still [...]
Too many ModSecurity rules trip up PHPMyAdmin so I decided to find another way to protect it. I personally use the .htaccess password protection and then disable ModSecurity totally for this directory. It is also advisable to use a totally unique directory name so that it can’t be guessed.