request filter how to ?

Discussion in 'General' started by bhanuprasad1981, Jan 16, 2012.

  1. bhanuprasad1981

    bhanuprasad1981 Well-Known Member

    i am recently effected by shell uploads because of one image hosting site, its temp folder was 0777 chmod which helped hacker to upload shells using zip file executing and defacing sites in many accounts, now i want to block this type of issue in future for which i took these steps :-

    1. changed all passwords of cpanel , removed all excess ftp accounts,

    2.disabled these function :-

    disable_functions = dl , exec , passthru , pcntl_exec , pfsockopen , popen , posix_kill , posix_mkfifo , posix_setuid , proc_close , proc_open , proc_terminate , shell_exec , system , leak , posix_setpgid , posix_setsid , proc_get_status , proc_nice , show_source , escapeshellcmd,

    3. started php_suexec

    i also heard using this rule in mod_security will help me but i don't know how to use it with litespeed request filter:-

    SecRule REQUEST_URI "\.php\?act=(ls|chmod|cd|sql|chown|mkdir|chdir|mv|cp|ln|rm|touch|processes|tools)" "deny,log,status:406"
    can some one please shed some light here ? also some more hints to stop these type of attacks will be helpful

  2. webizen

    webizen Well-Known Member

    You also set Script Restrict Permission Mask (Admin CP => Configuration => Server => Security) to prevent script from being executed.

Share This Page