phpList exploit and ModSecurity Rule

In case you weren’t aware was breached using an exploit in phpList. Here is a quick and very dirty rule to protect your servers while you get phpList updated.

SecRule ARGS_NAMES “ConfigFile” “deny,log,auditlog,redirect:”

Anyone passing the Argument ConfigFile via the URL needs shooting >.<

Please note the fix that phpList have released fixes this problem but doesn’t fix the underlying cause of the problem.

Be the first to comment

Leave a Reply

Your email address will not be published.