Some Mod Security For webserver administrator

Posted by Baguz on June 12th, 2012 |

About Baguz

Single | @baguzaw | Line : baguz_aw | http://baguzajja.net | Biasanya pemalu dan sering memendam perasaan, cenderung sulit untuk berterus terang. Malang · http://baguzajja.info

first if you are a webmaster and have your own server, the first thing most in fear that the attacks from hackers. from here you will be dealing with the name of security on the server itself.

second, the hackers usually use a loophole in the website of the cms (content management system). cms is usually one that has been used by the service user’s hosting is wordpress.

The third is one of the wordpress CMS released free by the developer, and is easy to use, very stout mania bloggers use wordpress as a webbased on website

of these three reasons, of course, hacker attacks become one of the attacks that we should watch out because of one of the gaps that exist in a CMS is to the advantage of CMS tersbut, but did not rule Server took part in the security process, so that the server owners must brainstorming how to secure servers from hacker attacks.

The following are some of the mod security settings on the webserver to secure the server from hacker attacks, needs to emphasize that these settings only come into force on wordpress webbased only. for setting the mod out wordpress sec later I’ll write back

just following the existing security settings webserver mod

#Wordpress cat vuln
SecRule REQUEST_URI "/wordpress/" chain
SecRule ARGS:cat "!^[0-9]*$"

#phpWordPress SQL Injection Vulnerabilities
SecRule REQUEST_URI "/index\.php" chain
SecRule ARGS:poll|ARGS:category|ARGS:ctg "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"

#Wordpress shell injection Vulnerability
SecRule REQUEST_URI "/cache/user.*/.*\.php\?cmd=" "id:390064,rev:1,severity:2,msg:'JITP: WordPress shell injection Vulnerability'"

# Protect WordPress timthumb
SecRule SCRIPT_BASENAME "^(tim)?thumb\.php$" "deny,status:412,auditlog,chain"
SecRule ARGS:src "\.php[345]?$"
SecRule REQUEST_FILENAME "/wp-content/themes/.+/cache/[a-f0-9]+\.php[345]?$" "deny,status:412,auditlog"

#Wordpress SQL injection
SecRule REQUEST_URI "/wp-trackback\.php\?tb_id=*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
SecRule REQUEST_URI "/wp-trackback\.php" chain
SecRule ARGS:tb_id "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
SecRule REQUEST_URI "/index\.php\?cat=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"

above are only a few settings on the mod security to keep the webserver from hacker attacks that take advantage of sql, timthum. for other gaps that I will write back later

if there are settings in the settings that need to add, please comment this post by giving a few other settings. thank you

Regard To Lutfi

Source : hostingermuda.com