phpList exploit and ModSecurity Rule

by: WanderingTechy Monday, February 9th, 2009

In case you weren’t aware phpBB.com was breached using an exploit in phpList. Here is a quick and very dirty rule to protect your servers while you get phpList updated.

SecRule ARGS_NAMES “ConfigFile” “deny,log,auditlog,redirect:http://127.0.0.1″

Anyone passing the Argument ConfigFile via the URL needs shooting >.<

Please note the fix that phpList have released fixes this problem but doesn’t fix the underlying cause of the problem.

http://www.suspekt.org/2009/02/06/some-facts-about-the-phplist-vulnerability-and-the-phpbbcom-hack/

Is WordPress Safe Part 2.
Is WordPress Safe?
ModSecurity Wordpress and Akismet problem
Kaspersky WebSite Database Breached.
Mod Security Application Specific Rules
ModSecurity and PHPMyAdmin
Mod Security and ACatalog Actinic
Mod Security and Mambo
Mod security and wordpress the final config
Another mod_security exception for WordPress

« How to RickRoll WordPress Spammers | Home | Kaspersky WebSite Database Breached. »

Categories

Pages

Archives

News

Search this site

phpList exploit and ModSecurity Rule

Related Posts

Leave a Comment

Tag Cloud

Spam