Anyone help stopping POST to php scripts in apache

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • blazin
    Confirmed User
    • Aug 2002
    • 2781

    #1

    Anyone help stopping POST to php scripts in apache

    Got a nasty virus that updates files via post to php scripts... want to stop it at apache... anyone know how?

    Please!
    I don't endorse a god damn thing......
  • HomerSimpson
    Too lazy to set a custom title
    • Sep 2005
    • 13826

    #2
    try by installing mod_security...
    If you have it installed just apply this rule at your htaccess

    Code:
    <IfModule mod_security.c>
    # Sends matching requests a 405 Method Not Allowed Status Code
    SecFilterSelective REQUEST_METHOD "!^(GET|HEAD|OPTIONS)$" "deny,auditlog,status:405"
    </IfModule>
    This should block ALL POSTS and will show 405 error.

    I have used mod_security but never used this rules so I don't know if it works.
    I found those rules on this page (modified it a bit to suite your needs)
    http://www.askapache.com/htaccess/mo...ss-tricks.html
    Make a bank with Chaturbate - the best selling webcam program
    Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!!

    PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 | Email:

    Comment

    • blazin
      Confirmed User
      • Aug 2002
      • 2781

      #3
      Thanks.... looks like that might be useful.
      I don't endorse a god damn thing......

      Comment

      • Varius
        Confirmed User
        • Jun 2004
        • 6890

        #4
        You can probably use the <Limit></Limit> in your vhost or .htaccess or whatever, something like:

        <Limit POST>
        Require valid-user
        </Limit>

        or

        <Limit POST>
        Deny from all
        </Limit>

        Didn't try it, but pretty sure that's what the <Limit> item is for
        Skype variuscr - Email varius AT gmail

        Comment

        • blazin
          Confirmed User
          • Aug 2002
          • 2781

          #5
          Originally posted by Varius
          You can probably use the <Limit></Limit> in your vhost or .htaccess or whatever, something like:

          <Limit POST>
          Require valid-user
          </Limit>

          or

          <Limit POST>
          Deny from all
          </Limit>

          Didn't try it, but pretty sure that's what the <Limit> item is for
          Thanks Varius
          I don't endorse a god damn thing......

          Comment

          Working...