ModSecurity

Open source intrusion detection and prevention engine for Apache.

Defending Cyber Attacks: Strengthening Your Server Security

by
CyberThreats

In today’s interconnected digital world, the significance of server security cannot be underestimated. As cyber threats continue to rise, businesses are at risk of significant consequences if their servers are compromised. The potential outcomes include financial losses, damage to reputation, and penalties from regulatory bodies. These consequences emphasize the criticality of prioritizing server security and implementing thorough protective measures to safeguard valuable assets and maintain business continuity.

Common Cyber Threats

Cyber attacks targeting servers pose significant risks to businesses, with devastating consequences that can disrupt operations and compromise sensitive data.

Distributed Denial of Service (DDoS)

One common form of attack is Distributed Denial of Service (DDoS), where a network of compromised computers floods the targeted server with an overwhelming volume of traffic, rendering it inaccessible to legitimate users. These attacks can result in prolonged downtime, financial losses, and damage to the organization’s reputation.

Read more

Vulnerability fixed in WordPress Elementor Pro plugin – How cPGuard handles it

by

The vulnerability – High severity vulnerability fixed in WordPress Elementor Pro plugin As many of you are aware already, there is a critical vulnerability reported in the WordPress Elementor Pro plugin, which is installed on millions of websites. Though they have already released a patched version already, there are still many websites left unpatched, and … Read more

PHP File upload vulnerabilities

by
ModSecurity

Why PHP File Upload vulnerabilities is a Major Security problem ? There are lots of Web sites, which using some kind Content Management Systems (CMS), like WordPress, Joomla and etc., where an ability upload content like text, images and so on. There is no nothing bad for this, but there are also a lot of … Read more

ModSecurity Rules for Formidable Forms / Shortcodes Ultimate vulnerability

by
Tutorial

Sucuri reported Formidable Forms / Shortcodes Ultimate Exploits In The Wild On Monday, November 20th. – Formidable Forms vulnerability – read more – Shortcodes Ultimate vulnerability – read more We have not yet seen exploitation of the vulnerability, but we also decided to make the modsecurity rule for this vulnerability. If you server have certain … Read more

Processing phases of Modsecurity

by
Tutorial

ModSecurity works on a powerful language of rules and its API allows monitoring of HTTP(S) that is coming in and out of your web server, to keep your web applications up and running all the time. This article is written to show how ModSecurity protects web applications running on Apache Web Server. The below diagram … Read more

How SecRemoteRules working ?

by
Tutorial

ModSecurity SecRemoteRules directive allows the user to load rules from a remote server. Requirements Internet connection ModSecurity at least 2.9.x How SecRemoteRules Works 1. When HTTP daemon starts, it loads the configuration files. 2. Configuration files have the SecRemoteRules directive, which tries to connect the Remote Server load rules. 3. When the connection is created … Read more

Web Application Firewall

by

A Web Application Firewall protects Web servers from malicious traffic and blocks attempts to compromise the system. While proxies generally protect clients, WAFs protect servers. A WAF is deployed to protect a specific web application or set of web applications. A WAF can be considered a reverse proxy. WAFs may come in the form of … Read more

Audit Log

by

When modsecurity detects an event has occurred that it has been instructed to log, it will generate an audit log entry, and if properly configured an audit log event file. The audit log event file is the most useful piece of information the system will collect, so its vital modsecurity be setup correctly to capture … Read more

PHP Cookie Injection

by

We found lot off new activies again somekind bot network: If we look this line number 19: wp-load.php from auditlog and found there cookie ID & CODE payload (php eval): Our commerical ModSecurity rules detect these and block them!