[Modsecurity] Problems with VulnScan v6
steven collins
scollins at liquidweb.com
Mon Sep 11 08:35:04 EDT 2006
On Mon, 2006-09-11 at 11:27 +0200, Johan Segernäs wrote:
> I have huge problems with a worm or something penetrating thru our system
> running VulnScan v6, I have jitp.conf and rules.conf on our system and some
> other rules made by us.
>
> We have around ~6000 web sites on our servers and probably a lot of old
> phpBB/Joomla/Mambo. Are there any new worms or something running around which
> isn't in jitp.conf/rules.conf?
>
> - Johan
I've seen a ton of this too. I added this to our config since we've seen
it come through 2 different ways:
SecFilterSelective REQUEST_URI "\.php\?.*CONFIG_EXT\[LANGUAGES_DIR
\]=(http|https|ftp)\:\/"
SecFilterSelective REQUEST_URI "\.php\?.*dir\[inc\]=(http|https|ftp)\:
\/"
Hope that helps :)
-steven
More information about the Modsecurity
mailing list