Search results

For example from this shell; Mod security response body rules checking "@ob_get_contents();@ob_clean()" this part of code. And blocking this shell. All gotroot staff working on shells body. We have disabled this functions. But it is very good to see 404 page when hacker runs a php...

You know that php shells are using lots of php functions which are using by otner normal php scripts (etc oscommerce, joomla) If we disable this functions other customers scripts has been blocking. If we disable this, it can break any php script? And finally, gotroot paid and real time...

I'am using gotroot's paid mod_sec rules and our private rules too. You should fear from turkish and russian hackers :( I am looking for 2 years and only way response body rules to block completely hacking attempts

Thank you. I think disable_functions are nothing for a good hacker :)

I think we have to protect customers web sites who doesn't have enough information about script security? Can you give me examples which rules are protecting from php shells? (for ex: r57, c99)

Security is low priority feature? Each server can be hacked which is not support this feature. How can it be ignored? Lets test it?

Yes it will slow down but this is our choice. Am i wrong? :)

Hello mistwang, It will be any progress on this issue?

Hello, Maybe it will slow down server. But security is more important for us. You can enable RESPONSE_BODY those who want to use security? We are looking for to use LiteSpeed instead of Apache in our 20 linux servers. But our security department doesn't approve because of mod_security respone...

Hello, I have a problem about mod_security RESPONSE_BODY rules; Some mod_sec 2.x rules not working, for examlpe i have a rule set for blocking r57,c99 etc php shells; This rule is working when i switched the apache, but on LS it is not working. This rule have to return 404 error when...