install mod_security on web server?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • eMonk
    Confirmed User
    • Aug 2003
    • 2310

    #1

    install mod_security on web server?

    anyone recommend installing this module to increase server security? more info at http://www.modsecurity.org/projects/...che/index.html.

    i'm just wondering if current scripts will still operate normally.
  • rhcp011235
    Confirmed User
    • Sep 2007
    • 538

    #2
    There's been multiple remote bugs in that module in the past as well as exploits in the wild. Its up to you if you want to try it I'd personally never run it.

    Get your servers running some non-exec stack/heap patch. you should be good. And set basedir restrictions in php.
    Skype rhcp011235 | Cell Phone 212.812.9043 | Email [email protected]

    Comment

    • yahoo-xxx-girls.com
      Confirmed User
      • Jul 2006
      • 3143

      #3
      If I were you I would contact that company directly.
      sig too big

      Comment

      • eMonk
        Confirmed User
        • Aug 2003
        • 2310

        #4
        what about getting my host to upgrade the apache & php to the lastest versions on my box?

        i've been attacked with some nasty trojans lately where the hacker uploads infected .php files on my box & alters my main index file + template files. right now the template files are chmodded to 444.

        Comment

        • rhcp011235
          Confirmed User
          • Sep 2007
          • 538

          #5
          Yea, make sure to run apache 1.X not 2.X and upgrade to latest versions of all. Also, chances are the attacker is attacking 'your' scripts themselves not the server. Like the software you are running. no php/apache.
          Skype rhcp011235 | Cell Phone 212.812.9043 | Email [email protected]

          Comment

          • eMonk
            Confirmed User
            • Aug 2003
            • 2310

            #6
            yeah, there seems to be a hole in arrow traders traffic trading scripts, at3/atx, and they told me to hire a server security tech guy to inspect my box. this guy is infecting 100's of sites.

            im just wondering what the server tech would do to increase security.

            Comment

            • rhcp011235
              Confirmed User
              • Sep 2007
              • 538

              #7
              lol. You need someone to audit the traffic trading script. Many of them have holes. Such as UCJ ;) Most of them are encoded with zend or something. Some people know how to defeat this ;)
              Skype rhcp011235 | Cell Phone 212.812.9043 | Email [email protected]

              Comment

              • eMonk
                Confirmed User
                • Aug 2003
                • 2310

                #8
                that sucks man!

                i even ip restricted all my scripts + ftp + ssh BUT this mofo can walk through walls, lol!

                Comment

                • BigBen
                  Confirmed User
                  • Nov 2004
                  • 2299

                  #9
                  Do you have Smart Thumbs installed?

                  Comment

                  • eMonk
                    Confirmed User
                    • Aug 2003
                    • 2310

                    #10
                    Originally posted by BigBen
                    Do you have Smart Thumbs installed?
                    no, tgpx but sites running st are also being infected with the same trojan.

                    Comment

                    • ladida
                      Confirmed User
                      • Nov 2005
                      • 2179

                      #11
                      Originally posted by eMonk
                      i even ip restricted all my scripts + ftp + ssh BUT this mofo can walk through walls, lol!
                      a) You haven't cleaned the box, he's got shells on it.
                      b) Scripts he's getting through are public reachable, they're most likelly not in your admin folder.

                      a) most likelly, as it's usually the case.

                      Mod security is nothing if you dont know how to configure it.
                      agentGFY *at* gmail.com

                      Comment

                      • HomerSimpson
                        Too lazy to set a custom title
                        • Sep 2005
                        • 13826

                        #12
                        It's piece of cake to install.
                        If you need this done hit me up.

                        here's a good tutorial on how to install it...
                        http://www.eth0.us/mod_security
                        Make a bank with Chaturbate - the best selling webcam program
                        Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!!

                        PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 | Email:

                        Comment

                        • cem
                          Confirmed User
                          • Sep 2002
                          • 415

                          #13
                          Did you check your logs?

                          Comment

                          • 2012
                            So Fucking What
                            • Jul 2006
                            • 17189

                            #14
                            Originally posted by eMonk
                            i'm just wondering if current scripts will still operate normally.
                            you have to test them based on the rules you have.

                            update everything to current versions. Use modsecurity 2

                            to start get some rules from here ... http://www.gotroot.com/tiki-index.ph...security+rules

                            .... other things that help out ...
                            Make sure your /usr/tmp directory isn't executable

                            set this to off in your php.ini ... you probably don't need it
                            allow_url_fopen = Off

                            ive been having some adventures lately with modsec if you want to hit me up I might be able to shed some light on something ..

                            goodluck
                            best host: Webair | best sponsor: Kink | best coder: 688218966 | Go Fuck Yourself

                            Comment

                            • 2012
                              So Fucking What
                              • Jul 2006
                              • 17189

                              #15
                              Originally posted by fartfly
                              .... other things that help out ...
                              Make sure your /usr/tmp directory isn't executable
                              or just the "tmp" dir ... /usr/tmp probably a simlink ti /var/tmp
                              best host: Webair | best sponsor: Kink | best coder: 688218966 | Go Fuck Yourself

                              Comment

                              Working...