In case you weren’t aware phpBB.com was breached using an exploit in phpList. Here is a quick and very dirty rule to protect your servers while you get phpList updated.
SecRule ARGS_NAMES “ConfigFile” “deny,log,auditlog,redirect:http://127.0.0.1”
Anyone passing the Argument ConfigFile via the URL needs shooting >.<
Please note the fix that phpList have released fixes this problem but doesn’t fix the underlying cause of the problem.
Leave a Reply