How to RickRoll WordPress Spammers
Fed up of a Persistant spammer, This is how to RickRoll Persistant WordPress Spammers.
Archive for February, 2009
phpList exploit and ModSecurity Rule
In case you weren’t aware phpBB.com was breached using an exploit in phpList. Here is a quick and very dirty rule to protect your servers while you get phpList updated. SecRule ARGS_NAMES “ConfigFile” “deny,log,auditlog,redirect:http://127.0.0.1″ Anyone passing the Argument ConfigFile via the URL needs shooting >.< Please note the fix that phpList have released fixes this [...]
Kaspersky WebSite Database Breached.
http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/ I am only surmising from the limited information I can see here that ModSecurity would have protected them? Comments on this one welcome… Rule 959001 does seem to cover the “SelECT” part of the URL in the screen shots but when I try a random url with this string in it on my website [...]
BBC iPlayer and KService.exe looked like a Worm
I noticed the activity light on my router at home going crazy last night. I initially thought it was Thunderbird checking all my Imap accounts but after 5 minutes it was still going.
Validate uk postcodes in php
Nominet requires that the uk postcode be in a valid format, this is a routine I wrote many years ago but still works today. Code after the break
Mod Security Application Specific Rules
Ofer Shezaf at xiom.com has created a list of Application Specific Rules for ModSecurity. He is actively looking for these rules so it should be updated quite regularly I think. Ofer Shezaf was one of the Team that brought us ModSecurity in the first place although he is no longer there. You can still see [...]
ModSecurity and PHPMyAdmin
Too many ModSecurity rules trip up PHPMyAdmin so I decided to find another way to protect it. I personally use the .htaccess password protection and then disable ModSecurity totally for this directory. It is also advisable to use a totally unique directory name so that it can’t be guessed.
Mod Security and ACatalog Actinic
This is necessary to allow Actinic to work on a shared server. <LocationMatch “/cgi-bin/ca000001.pl”> SecRuleRemoveById 950910 </LocationMatch> <LocationMatch “/acatalog/”> SecRuleRemoveById 950910 </LocationMatch>
Mod Security and Mambo
I am managing a bunch of shared hosting servers and I still find clients of this company are installing older version of Mambo. This ModSecurity Rule is essential when you are dealing with a server where clients can install anything they want. This goes in modsecurity_crs_15_custom.conf also SecRule ARGS_NAMES “mosConfig_absolute_path” “deny,log,auditlog,redirect:http://www.google.co.uk” I redirect to http://www.google.co.uk [...]
Mod security and wordpress the final config
Just re-read the title and it sounds like science fiction B movie title.. Oh well. After running this for a while and having played with all the possible options in WordPress here is my final Mod_Security custom file.