Why PHP File Upload vulnerabilities is a Major Security problem ? There are lots of Web sites, which using some kind Content Management Systems (CMS), like WordPress, Joomla and etc., where an ability upload content like text, images and so on. There is no nothing bad for this, but there are also a lot of … Read more
Sucuri reported Formidable Forms / Shortcodes Ultimate Exploits In The Wild On Monday, November 20th. – Formidable Forms vulnerability – read more – Shortcodes Ultimate vulnerability – read more We have not yet seen exploitation of the vulnerability, but we also decided to make the modsecurity rule for this vulnerability. If you server have certain … Read more
ModSecurity is an open source, cross-platform web application firewall (WAF) that can be deployed to secure web servers like apache, IIS and Nginx. Modsecurity works on powerful language of rules and its API allows monitoring of HTTP(S) that is coming in and out of your web server, to keep your web applications up and running … Read more
ModSecurity SecRemoteRules directive allows the user to load rules from a remote server. Requirements Internet connection ModSecurity at least 2.9.x How SecRemoteRules Works 1. When HTTP daemon starts, it loads the configuration files. 2. Configuration files have the SecRemoteRules directive, which tries to connect the Remote Server load rules. 3. When the connection is created … Read more
A Web Application Firewall protects Web servers from malicious traffic and blocks attempts to compromise the system. While proxies generally protect clients, WAFs protect servers. A WAF is deployed to protect a specific web application or set of web applications. A WAF can be considered a reverse proxy. WAFs may come in the form of … Read more
When modsecurity detects an event has occurred that it has been instructed to log, it will generate an audit log entry, and if properly configured an audit log event file. The audit log event file is the most useful piece of information the system will collect, so its vital modsecurity be setup correctly to capture … Read more
We found lot off new activies again somekind bot network: If we look this line number 19: wp-load.php from auditlog and found there cookie ID & CODE payload (php eval): Our commerical ModSecurity rules detect these and block them!