eMonk

anyone recommend installing this module to increase server security? more info at http://www.modsecurity.org/projects/...che/index.html.

i'm just wondering if current scripts will still operate normally.

rhcp011235

There's been multiple remote bugs in that module in the past as well as exploits in the wild. Its up to you if you want to try it I'd personally never run it.

Get your servers running some non-exec stack/heap patch. you should be good. And set basedir restrictions in php.

__________________

yahoo-xxx-girls.com

If I were you I would contact that company directly.

__________________
sig too big

eMonk

what about getting my host to upgrade the apache & php to the lastest versions on my box?

i've been attacked with some nasty trojans lately where the hacker uploads infected .php files on my box & alters my main index file + template files. right now the template files are chmodded to 444.

rhcp011235

Yea, make sure to run apache 1.X not 2.X and upgrade to latest versions of all. Also, chances are the attacker is attacking 'your' scripts themselves not the server. Like the software you are running. no php/apache.

__________________

eMonk

yeah, there seems to be a hole in arrow traders traffic trading scripts, at3/atx, and they told me to hire a server security tech guy to inspect my box. this guy is infecting 100's of sites.

im just wondering what the server tech would do to increase security.

rhcp011235

lol. You need someone to audit the traffic trading script. Many of them have holes. Such as UCJ ;) Most of them are encoded with zend or something. Some people know how to defeat this ;)

__________________

eMonk

that sucks man!

i even ip restricted all my scripts + ftp + ssh BUT this mofo can walk through walls, lol!

BigBen

Do you have Smart Thumbs installed?

eMonk

no, tgpx but sites running st are also being infected with the same trojan.

ladida

a) You haven't cleaned the box, he's got shells on it.
b) Scripts he's getting through are public reachable, they're most likelly not in your admin folder.

a) most likelly, as it's usually the case.

Mod security is nothing if you dont know how to configure it.

__________________
agentGFY *at* gmail.com

HomerSimpson

It's piece of cake to install.
If you need this done hit me up.

here's a good tutorial on how to install it...
http://www.eth0.us/mod_security

__________________
Make a bank with Chaturbate - the best selling webcam program
Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!!

PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 | Email:

cem

Did you check your logs?

2012

you have to test them based on the rules you have.

update everything to current versions. Use modsecurity 2

to start get some rules from here ... http://www.gotroot.com/tiki-index.ph...security+rules

.... other things that help out ...
Make sure your /usr/tmp directory isn't executable

set this to off in your php.ini ... you probably don't need it
allow_url_fopen = Off

ive been having some adventures lately with modsec if you want to hit me up I might be able to shed some light on something ..

goodluck

__________________
best host: Webair | best sponsor: Kink | best coder: 688218966 | Go Fuck Yourself

2012

or just the "tmp" dir ... /usr/tmp probably a simlink ti /var/tmp

__________________
best host: Webair | best sponsor: Kink | best coder: 688218966 | Go Fuck Yourself