phpList exploit and ModSecurity Rule

In case you weren’t aware phpBB.com was breached using an exploit in phpList. Here is a quick and very dirty rule to protect your servers while you get phpList updated.

SecRule ARGS_NAMES “ConfigFile” “deny,log,auditlog,redirect:http://127.0.0.1”

Anyone passing the Argument ConfigFile via the URL needs shooting >.<

Please note the fix that phpList have released fixes this problem but doesn’t fix the underlying cause of the problem.

http://www.suspekt.org/2009/02/06/some-facts-about-the-phplist-vulnerability-and-the-phpbbcom-hack/

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.