Top

Tag Archives | modsecurity

How to Whitelist IP Address with ModSecurity

If your business has a website, you may be familiar with the mod_security module for Apache Web servers. ModSecurity is a firewall module for Apache servers that blocks malicious programs, scripts and injections, helping to keep your website more secure. Occasionally, you might need to bypass the module filters to accommodate a testing environment or […]

Continue Reading

Processing phases of Modsecurity

ModSecurity is an open source, cross-platform web application firewall (WAF) that can be deployed to secure web servers like apache, IIS and Nginx. Modsecurity works on powerful language of rules and its API allows monitoring of HTTP(S) that is coming in and out of your web server, to keep your web applications up and running […]

Continue Reading

bunglon m1n1 sHeLL

Again new web shell (bunglon m1n1 sHeLL), what we have not seen this and signatures don’t detect this before. To beginning of file are introduced php shell maker. /* # bunglon m1n1 sHeLL # version 1.0 # Jayalah indonesiaku # thx to : sohai, budz story zz, b374k, 1n73ct10n, HNc, Dc & all member indoxploit […]

Continue Reading

Deploying ModSecurity Rule Set in cPanel/WHM

Malware Expert ModSecurity protection rules are now integrated ModSecurity Vendors in cPanel/WHM and can be activated from the cPanel / WHM Security Center. Copy vendor configuration URL in image. (Ex. right click, Copy Url) Malware.Expert -> My Account -> Subscriptions Sign in to your cPanel account Login to your cPanel/WHM server. Click the ‘Security Center‘ […]

Continue Reading

How to block Majestic (MJ12bot) with mod_security

Internet have lots of unwanted traffic, which causes high load on your dedicated or virtual private server. Traffic can be from bot networks, A Web crawler or normal web traffic different sources. This tutorial we show how you can block Majestic search engine access to your server with modsecurity. What is MJ12bot? Majestic is a […]

Continue Reading

How SecRemoteRules working ?

ModSecurity SecRemoteRules directive allows the user to load rules from a remote server. Requirements Internet connection ModSecurity at least 2.9.x How SecRemoteRules Works 1. When HTTP daemon starts, it loads the configuration files. 2. Configuration files have the SecRemoteRules directive, which tries to connect the Remote Server load rules. 3. When the connection is created […]

Continue Reading

LiteSpeed Web Server (LSWS) 5.2 added support for SecRemoteRules

LiteSpeed Web Server (LSWS) is compatible with commonly used Apache features, including mod_rewrite, .htaccess, and mod_security. LSWS can load Apache configuration files directly and works as a drop-in replacement for Apache while fully integrating with popular control panels — replacing Apache in less than 15 minutes with zero downtime. Unlike other frontend proxy-based solutions, LSWS […]

Continue Reading

Proc.php trying injecting header.php files

When this malware successful uploaded customer website and access it GET request, it’s trying search backward files and folder, searching header.php files. indexEditor When all folders and files searched and header.php files founded, it tries the patch malicious code to header.php file. Malicious code In begin this malware have CODE which added wanted file’s: Final […]

Continue Reading

Patchman

Hosting providers suffer on a daily basis from the consequences of the many security vulnerabilities found in commonly used CMS’s such as WordPress, Drupal and Joomla. Patchman Patchman detects these vulnerabilities and is able to safely patch them without assistance from your customer. Because of our unique approach, you can also be rest assured that […]

Continue Reading

Multipart: Invalid boundary in C-T (characters)

You can sometimes see this error ModSecurity log file: –b2b99b07-H– Message: Multipart parsing error (init): Multipart: Invalid boundary in C-T (characters). POST Payload Typically payload looks below, which cause that error –b2b99b07-B– POST /index.php HTTP/1.0 Host: malware.expert Accept: */* Referer: http://malware.expert/ User-Agent: Mozilla/5.0 (Windows; Windows NT 5.1; en-US) Firefox/3.5.0 Content-Length: 389 Content-Type: multipart/form-data; boundary=(UploadBoundary) Problem […]

Continue Reading