How to Install Nginx with ModSecurity v2.9 from source

Introduction ModSecurity is an open-source Web Application Firewall (WAF) for Apache, Nginx and IIS web server. This application layer firewall is developed by Trustwave’s SpiderLabs and released under Apache License 2.0. ModSecurity protects websites from hackers by using a set of regular expression rules to filter out commonly known exploits, it allows HTTP traffic monitoring, … Read more

writing modsecurity rules

ModSecurity

ModSecurity Rule Writing The ModSecurity Reference Manual should be consulted in any cases where questions arise relating to the syntax of commands: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual Rule Syntax Here basic about SecRule: VARIABLES ARGS is a collection so it means all arguments including the POST Payload. ARGS_GET contains only query string parameters. ARGS_POST contains arguments from the POST body. FILES Contains a … Read more

cache-db.php

This is very old malware, Timestamp December 2015 and in Joomla /cache/cache-db.php or /libraries/simplepie/simplepie.lib.php file. This is very cleverly made, and hide assert PHP execution inside the code. First time look source code, it looks like normal file. But when look better and trace first extra code Second hidden code added Third hidden code added … Read more