[Full-Disclosure] Suggested filters against PHP Attacking Worms
From: Paul Laudanski (zx_at_castlecops.com)
Date: 12/28/04
- Previous message: morning_wood: "Re: [Full-Disclosure] AOL website redirection scripts allow for abuse"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Dec 2004 00:16:22 -0500 (EST) To: bugs@securitytracker.com, <bugtraq@securityfocus.com>, <full-disclosure@lists.netsys.com>, <moderators@osvdb.org>, <news@securiteam.com>, <vuln@secunia.com>, <vulnwatch@vulnwatch.org>
With the whole Santy and Phpinclude worms running around lately, I ran
some stats and put up some filter suggestions in the below article link.
As a highlight, in a 55 hour period my site received just under 300,000
verified attacks. Some GET examples have been shown, and filters false
positives are analyzed.
http://castlecops.com/article5642.html
Filter examples are provided for:
- modsecurity
- php
- modrewrite
A couple hardening suggestions are also included.
-- Regards, Paul Laudanski - Computer Cops, LLC. CEO & Founder CastleCops(SM) - http://castlecops.com Promoting education and health in online security and privacy. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: morning_wood: "Re: [Full-Disclosure] AOL website redirection scripts allow for abuse"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
