Quote:
Originally Posted by yolte
I'am using gotroot's paid mod_sec rules and our private rules too. You should fear from turkish and russian hackers 
I am looking for 2 years and only way response body rules to block completely hacking attempts |
Quote:
Originally Posted by yolte
Thank you. I think disable_functions are nothing for a good hacker  |
lol what do you mean by good hacker? most hackers are script kiddies which collect public exploits and rootkits from milw0rm and packetstorm
if i disable all c99's necessary functions then how could you use c99 shell on my server even without any mod_security rules defecting c99 shell?
In fact all php shells are woking based on common php security restriction bypass exploits, if you know php take a look into phpshells source codes and you will find all of 'em are based on some malicious functions
for example latest expoits for php is: PHP safe_mode bypass via proc_open() and custom environment which is not detectable by any mod_security rule! attacker can rename php filename to everything and bypass safe_mode/open_basedir restrictions easily
This exploits is not patched in latest stable PHP version yet, tested on php 5.2.9 myself and its working properly
The only way to patch this exploits is disabling proc_open function 
mod_security is not enough to secure your server againts all remote and local attacks
Last edited by IrPr; 03-30-2009 at 04:45 AM..
|