Top

Author Archive | admin

Log POST data with ModSecurity

Sometimes you may need to log all POST requests to debug or make ModSecurity rules to protect Web Server. For this you need that you have ModSecurity installed on server. Log POST data This simple rule logging all POST request data to ModSecurity AuditLog. SecRule REQUEST_METHOD “POST” \ “id:800000,phase:2,t:none,pass,nolog,auditlog,msg:’Malware.Expert – Log POST data'” This cause […]

Continue Reading

cPGuard – Essential Security Suite for cPanel Servers

cPGuard is an essential security addon for web hosting servers to help administrators to fight against malware threats and injections. As it exclusively works based on File System changes ( no more mod_security or FTP hooks dependency alone ), we can detect and scan any real-time changes on the server. In addition to malware/virus scanning, […]

Continue Reading

Custom ModSecurity Error message in apache

This tutorial we show that you can change the custom error message page to ModSecurity. Typically, you get 403 or 406 Response code when ModSecurity block access to website. Apache configuration In apache configuration files (Depend your OS & Configuration) includes / errordocument.conf ErrorDocument 403 /403.shtml Add extra row to 406 error page: ErrorDocument 406 […]

Continue Reading

xo.php

This malware trying write another malware to server, it’s using old cherry-plugin import/export file upload vulnerability. Here source code to malware: Source of xo.php Details $uri is infected server address. $url is base64 encoded remote server address, where trying download more malware and put server to remote access: http://fastwealthformula.online/callback/shell Remote file Final Words Use Malware […]

Continue Reading

ModSecurity with RBL Database

This tutorial we showing how you can use ModSecurity with RBL database’s to block access to web server. ModSecurity RBL We can use at mod_security phase 1 to optimise these rules and reduce server load, before PHP start executing requests. Here are more information how to ModSecurity processing phases. Also you can use Local DNS […]

Continue Reading

Disable Mod_Security on Directadmin server

If you decided to use Modsecurity on your server with DirectAdmin, there is sometimes a need to disable mod_security on server. Default custombuild installation, mod_security rules installed in: /etc/modsecurity.d/ Apache load’s ModSecurity modules and configuration in: /etc/httpd/conf/extra/httpd-modsecurity.conf Disable mod_security Easiest way disable Modsecurity is disable apache to load ModSecurity module in https-modsecurity.conf file. Just add […]

Continue Reading

Local DNS resolver

A DNS server or DNS Resolver is a server which contains a database of IP addresses and their associated hostnames, and in most cases, serves to resolve, or translate, those common names to IP addresses as requested. DNS servers run a special software (ex. BIND) and communicate (Listen TCP/UDP port 53) with each other using […]

Continue Reading

Ban with ModSecurity HTTP or HTTPS requests 404 Response code

This tutorial we want Ban with ModSecurity IP addresses for specific time with ModSecurity that causes multiple 404 errors on the web site. Ban with ModSecurity Depend you Apache/Nginx and PHP configuration, you may use phase:1 with rule 4000 & 4002. Also you need enable SecResponseBodyAccess On to ModSecurity configuration files. SecAction “phase:2,initcol:ip=%{REMOTE_ADDR},id:’4000′,pass,nolog” SecRule RESPONSE_STATUS […]

Continue Reading

Decode.Tools – Decode PHP Obfuscator by FOPO

Decote.tools is a website that provides you free online decoding tools that can help you identify malicious PHP code hiding behind obfuscated code (ex. FOPO). Tools at decode.tools can decode almost any tough PHP code or program into a simple and understandable form that can be easily analyzed to see whether its malicious or not. […]

Continue Reading

Install ModSecurity with Apache on Ubuntu 16.04 LTS

In this guide we will see how to install ModSecurity Web Application Firewall (WAF) to secure your apache web server. You need an Apache Web Server installed on your Ubuntu 16.04 LTS before you proceed with installation of ModSecurity WAF. Installing Apache To install Apache on your Ubuntu, issue following commands $ sudo apt-get update […]

Continue Reading