Güvenlik » Makaleler

**whmci** · #41 (**permalink**) 01.05.08, 05:56 PM

Kod:

####################################
# FRONTPAGE
####################################

SecFilter "_vti_bin" allow
SecFilterSelective THE_REQUEST "/fpsrvadm\.exe" pass
SecFilterSelective THE_REQUEST "/fpremadm\.exe" pass
SecFilterSelective THE_REQUEST "/admisapi/fpadmin\.htm" pass
SecFilterSelective THE_REQUEST "/scripts/Fpadmcgi\.exe" pass
SecFilterSelective THE_REQUEST "/_private/orders\.txt" pass
SecFilterSelective THE_REQUEST "/_private/form_results\.txt" pass
SecFilterSelective THE_REQUEST "/_private/registrations\.htm" pass
SecFilterSelective THE_REQUEST "/cfgwiz\.exe" pass
SecFilterSelective THE_REQUEST "/authors\.pwd" pass
SecFilterSelective THE_REQUEST "/_vti_bin/_vti_aut/author\.exe" pass
SecFilterSelective THE_REQUEST "/administrators\.pwd" pass
SecFilterSelective THE_REQUEST "/_private/form_results\.htm" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/access\.cnf" pass
SecFilterSelective THE_REQUEST "/_private/register\.txt" pass
SecFilterSelective THE_REQUEST "/_private/registrations\.txt" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/service\.cnf" pass
SecFilterSelective THE_REQUEST "/service\.pwd" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/service\.stp" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/services\.cnf" pass
SecFilterSelective THE_REQUEST "/_vti_bin/shtml\.exe" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/svcacl\.cnf" pass
SecFilterSelective THE_REQUEST "/users\.pwd" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/writeto\.cnf" pass
SecFilterSelective THE_REQUEST "/dvwssr\.dll" pass
SecFilterSelective THE_REQUEST "/_private/register\.htm" pass
SecFilterSelective THE_REQUEST "/_vti_bin/" pass
SecFilterSelective THE_REQUEST "/_vti_bin/vti_aut/author.exe" pass
SecFilterSelective THE_REQUEST "/_vti_bin/vti_aut/" pass


####################################
# WEB ATTACKS
####################################

# DISABLED - blocking many legit requests
# SecFilterSelective ARGS "bin/"
# SecFilter "\;id"
# SecFilter "tftp\x20"
# SecFilter "cc\x20"
# SecFilter "python\x20"
# SecFilter "nc\x20"
# SecFilter "rm\x20"

SecFilter "wget\x20"
SecFilter "uname\x20-a"
SecFilter "g\+\+\x20"
SecFilter "gcc\x20-o"
SecFilter "nmap\x20"
SecFilter "/etc/shadow"
SecFilter "/etc/passwd"

SecFilterSelective THE_REQUEST "/bin/ps"
SecFilterSelective THE_REQUEST "/usr/bin/id"
SecFilterSelective THE_REQUEST "/bin/kill"
SecFilterSelective THE_REQUEST "/usr/bin/gcc"
SecFilterSelective THE_REQUEST "/usr/bin/cc"
SecFilterSelective THE_REQUEST "/usr/bin/g\+\+"
SecFilterSelective THE_REQUEST "/bin/ping"
SecFilterSelective THE_REQUEST "/bin/mail"
SecFilterSelective THE_REQUEST "/bin/ls"

SecFilterSelective THE_REQUEST "lsof\x20" chain
SecFilterSelective !POST_PAYLOAD "lsof\x20"

SecFilterSelective THE_REQUEST "perl\x20" chain
SecFilterSelective !POST_PAYLOAD "perl\x20"

SecFilterSelective POST_PAYLOAD "Bcc:" chain
SecFilter "aol.com"
####################################
# GENERAL BAD STUFF
####################################

# *%0a.pl access
SecFilterSelective THE_REQUEST "/*\x0a\.pl"

# cross site scripting \(img src=javascript\) attempt
SecFilter "img src=javascript"


####################################
# SYSTEM FILE/COMMAND PROTECTION
####################################

SecFilterSelective ARGS "wget "
SecFilterSelective ARGS "lynx "
SecFilterSelective ARGS "curl "
# .bash_history access
SecFilterSelective THE_REQUEST "/\.bash_history"

# Apache Chunked-Encoding worm attempt
SecFilter "CCCCCCC\: AAAAAAAAAAAAAAAAAAA"


####################################
# SYSTEM USER PROTECTION
####################################

# /~nobody access
SecFilterSelective THE_REQUEST "/~nobody"

# /~root access
SecFilterSelective THE_REQUEST "/~root"

# /~ftp access
SecFilterSelective THE_REQUEST "/~ftp"


####################################
# INSTALLED SCRIPT SECURITY
####################################

# squirrel mail theme arbitrary command attempt
SecFilterSelective THE_REQUEST "/left_main\.php" chain
SecFilter "cmdd="
# PHP-Wiki cross site scripting attempt
SecFilterSelective THE_REQUEST "<script"

# PHPLIB remote command attempt
SecFilter "_PHPLIB\[libdir\]"

# formmail ban but allow modified cpanels formmail
SecFilter "/cgi-sys/formmail.cgi" allow
SecFilter "formmail.php$|formmail.php*/$"
SecFilter "formmail.cgi$|formmail.cgi*/$"
SecFilter "formmail.pl$|formmail.pl*/$"

# Galery module of phpnuke very vunerable
SecFilter "/modules/My_eGallery/"

####################################
# PHPBB VULNERABILITY PATCH
####################################
SecFilterSelective QUERY_STRING|POST_PAYLOAD|ARGS "echr\("
SecFilterSelective "THE_REQUEST" "(system|exec|passthru|popen|shell_exec|proc_open|fopen|fwrite)\s*\("

SecFilter "system\(chr\(99\)"
SecFilter "perl\x20"
SecFilter "sh\x20-c"

SecFilterScanPOST On
####################################
# Email Injection Header fix
####################################
SecFilter "bcc:"
SecFilterSelective THE_REQUEST "bcc:|bcc%3A"
#########################
#Iframe
SecFilter "GET\x20http://"
SecFilter "includedir=http"
#########################

Arkadaşlar bu moc_sec ayarları iyi midir??

**Cedric** · #42 (**permalink**) 11.05.08, 03:52 AM

Arkadaşlar çok güzel bir konu olmuş. Teşekkürler. peki mod_security nasil kaldirilir? Sunucuyu, mode_security hiç kurulmamış haline geri çevirebilir miyiz?

**youdie** · #43 (**permalink**) 01.06.08, 05:26 AM

Main >> Software >> Apache Update kısmına girip , mod securitydeki ticki kaldır ve apache yi tekrar derle.

LinkBacks (?) LinkBack to this Thread: http://forum.whmdestek.com/guvenlik-makaleleri/39-mod_security-kurulumu.html
Konuyu Başlatan	For	Type	Tarih
Fedora apache2 Cpanel / whm de Mod security kurulumu ? - Webmaster Forum & Webmaster Okulu	This thread	Pingback	11.11.07 06:26 PM
ipsconfig panel kurulumu - CMSTURK.NET CMS İYS Webmaster Forumları	This thread	Refback	08.11.07 07:52 PM
r57 Önlem - Webmaster Zone	This thread	Pingback	07.07.07 05:59 PM

Seçenekler
Yazdırılabilir şekli göster Sayfayı E-Mail olarak gönder
Stil
Normal Hybrid-Şeklinde gösterime geç Ağaç şeklinde gösterime geç

Güvenlik » Makaleler

mod_security kurulumu

WHM cPanel Destek Platformu

mod_security kurulumu