|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[VulnDiscuss] Suggested filters against PHP Attacking Worms
From: Paul Laudanski (zx
castlecops.com)
Date: Mon Dec 27 2004 - 23:16:22 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
With the whole Santy and Phpinclude worms running around lately, I ran
some stats and put up some filter suggestions in the below article link.
As a highlight, in a 55 hour period my site received just under 300,000
verified attacks. Some GET examples have been shown, and filters false
positives are analyzed.
http://castlecops.com/article5642.html
Filter examples are provided for:
- modsecurity
- php
- modrewrite
A couple hardening suggestions are also included.
--
Regards,
Paul Laudanski - Computer Cops, LLC. CEO & Founder
CastleCops(SM) - http://castlecops.com
Promoting education and health in online security and privacy.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]