How to Securing Web Server

Tutorial

Here in this tutorial we are talking about the basics of the steps required when securing Web server. Hacking is regularly performed by automated scripts written to scour the Internet in an attempt to exploit known website security issues in software. Here are 8 basic tips to help keep your server safe secure and online. … Read more

How to Whitelist IP Address with ModSecurity

Tutorial

If your business has a website, you may be familiar with the mod_security module for Apache Web servers. If you are new to ModSecurity, start by reading our comprehensive article: What is ModSecurity. Occasionally, you might need to bypass the module filters to accommodate a testing environment or to allow access for a particular IP … Read more

Processing phases of Modsecurity

Tutorial

ModSecurity works on a powerful language of rules and its API allows monitoring of HTTP(S) that is coming in and out of your web server, to keep your web applications up and running all the time. This article is written to show how ModSecurity protects web applications running on Apache Web Server. The below diagram … Read more

What is a web shell?

Web Shell

A web shell or backdoor shell is a script written in the supported language of a target web server to be uploaded to enable remote access and administration of the machine. Shells are able to infect servers that may not necessarily be internet-facing, servers for hosting of internal resources are also subject to web shell … Read more

bunglon m1n1 sHeLL

Malware details

Again a new web shell (bunglon m1n1 sHeLL), which we have not seen and signatures don’t detect this before. At the beginning of the file are introduced php shell maker. /* # bunglon m1n1 sHeLL # version 1.0 # Jayalah indonesiaku # thx to : sohai, budz story zz, b374k, 1n73ct10n, HNc, Dc & all … Read more

Deploying ModSecurity Rule Set in cPanel/WHM

ModSecurity

Malware Expert ModSecurity protection rules are now integrated ModSecurity Vendors in cPanel/WHM and can be activated from the cPanel / WHM Security Center. Copy vendor configuration URL in image. (Ex. right click, Copy Url) Malware.Expert -> My Account -> Subscriptions Sign in to your cPanel account Login to your cPanel/WHM server. Click the ‘Security Center‘ … Read more

How to block Majestic (MJ12bot) with mod_security

Tutorial

Internet have lots of unwanted traffic, which causes high load on your dedicated or virtual private server. Traffic can be from bot networks, A Web crawler or normal web traffic different sources. This tutorial we show how you can block Majestic search engine access to your server with modsecurity. What is MJ12bot? Majestic is a … Read more

How SecRemoteRules working ?

Tutorial

ModSecurity SecRemoteRules directive allows the user to load rules from a remote server. Requirements Internet connection ModSecurity at least 2.9.x How SecRemoteRules Works 1. When HTTP daemon starts, it loads the configuration files. 2. Configuration files have the SecRemoteRules directive, which tries to connect the Remote Server load rules. 3. When the connection is created … Read more

LiteSpeed Web Server (LSWS) 5.2 added support for SecRemoteRules

LiteSpeed Web Server

LiteSpeed Web Server (LSWS) is compatible with commonly used Apache features, including mod_rewrite, .htaccess, and mod_security. LSWS can load Apache configuration files directly and works as a drop-in replacement for Apache while fully integrating with popular control panels — replacing Apache in less than 15 minutes with zero downtime. Unlike other frontend proxy-based solutions, LSWS … Read more

Proc.php trying injecting header.php files

Malware details

When this malware successful uploaded customer website and access it GET request, it’s trying search backward files and folder, searching header.php files. indexEditor When all folders and files searched and header.php files founded, it tries the patch malicious code to header.php file. Malicious code In begin this malware have CODE which added wanted file’s: Final … Read more