[Modsecurity] iframe filtering rules
Steve West
stevewest15 at gmail.com
Fri Sep 7 21:36:39 EDT 2007
Hi Michael,
Thank you for the great tool! We've had a few customers web sites have
their web pages altered by hackers to add iframe tags, etc. The
customers gave out their ftp credentials to the wrong ppl so we can't
always protect against that. But I do have a few questions:
1. Is there any tool we can use if we are running apache 1.3.x?
2. You should also add some filtering for obfuscated javascript which
I'm seeing some recent hacks employ to get around security
countermeasures on the server side.
thx,
SW
Michael Shinn wrote:
> I put together a method for filtering out bad iframes from websites.
> Output filtering, for websites that become infected. You can read on
> for the details here:
>
> http://www.gotroot.com/tiki-read_article.php?articleId=278
>
> Rules update is in testing now, will be putting out a major overhaul
> this week. The major performance improvements will require modsec 2.5.
>
>
More information about the Modsecurity
mailing list