install mod_security on web server?
 

anyone recommend installing this module to increase server security? more info at http://www.modsecurity.org/projects/...che/index.html.

i'm just wondering if current scripts will still operate normally.

There's been multiple remote bugs in that module in the past as well as exploits in the wild. Its up to you if you want to try it :) I'd personally never run it.

Get your servers running some non-exec stack/heap patch. you should be good. And set basedir restrictions in php.

If I were you I would contact that company directly.

what about getting my host to upgrade the apache & php to the lastest versions on my box?

i've been attacked with some nasty trojans lately where the hacker uploads infected .php files on my box & alters my main index file + template files. right now the template files are chmodded to 444.

Yea, make sure to run apache 1.X not 2.X and upgrade to latest versions of all. Also, chances are the attacker is attacking 'your' scripts themselves not the server. Like the software you are running. no php/apache.

yeah, there seems to be a hole in arrow traders traffic trading scripts, at3/atx, and they told me to hire a server security tech guy to inspect my box. this guy is infecting 100's of sites. :disgust

im just wondering what the server tech would do to increase security.

lol. You need someone to audit the traffic trading script. Many of them have holes. Such as UCJ ;) Most of them are encoded with zend or something. Some people know how to defeat this ;)

that sucks man! :disgust

i even ip restricted all my scripts + ftp + ssh BUT this mofo can walk through walls, lol! :helpme

Do you have Smart Thumbs installed?

no, tgpx but sites running st are also being infected with the same trojan. :Oh crap

a) You haven't cleaned the box, he's got shells on it.
b) Scripts he's getting through are public reachable, they're most likelly not in your admin folder.

a) most likelly, as it's usually the case.

Mod security is nothing if you dont know how to configure it.

It's piece of cake to install.
If you need this done hit me up.

here's a good tutorial on how to install it...
http://www.eth0.us/mod_security

Did you check your logs?

you have to test them based on the rules you have.

update everything to current versions. Use modsecurity 2

to start get some rules from here ... http://www.gotroot.com/tiki-index.ph...security+rules

.... other things that help out ...
Make sure your /usr/tmp directory isn't executable

set this to off in your php.ini ... you probably don't need it
allow_url_fopen = Off

ive been having some adventures lately with modsec if you want to hit me up I might be able to shed some light on something ..

goodluck:thumbsup

or just the "tmp" dir ... /usr/tmp probably a simlink ti /var/tmp