Showing 320 results for: ModSecurity ×

Blackhat Arsenal 2014: Live ModSecurity Demonstrations

If you are heading out to Blackhat USA 2014 in Las Vegas this week, please stop by the Arsenal Tools area on Thursday morning to see live demonstrations of ModSecurity's advanced features. Arsenal Demonstration Information Location: Mandalay Bay Convention Center,...

[Honeypot Alert] Open Flash Charts File Upload Attacks

Our web honeypots picked up some increased scanning/exploit activity for the following file upload vulnerability in Open Flash Charts - The following screenshot shows the contents of the vulnerable ofc_upload_image.php file: As you can see from this simple code, there...

ModSecurity Advanced Topic of the Week: JSON Support

Submitted by Felipe Costa and Ryan Barnett (SpiderLabs Research - ModSecurity Team) Increasing Adoption of Dynamic Web Content Long gone are the days of static HTML web content. Dynamic web content adoption is growing and growing as everyone wants to...

Announcing ModSecurity v2.8.0

The ModSecurity Project team is pleased to announce the availability of v2.8.0. To see the full release notes or download the the source packages, see the ModSecurity GitHub project release tab: https://github.com/SpiderLabs/ModSecurity/releases New Features Version 2.8.0 comes with five important...

[Honeypot Alert] JCE Joomla Extension Attacks

Our web honeypots picked up some increased exploit attempts for an old Joomla Content Editor (JCE) Extension vulnerability. Although this vulnerability is a few years old, botnet owners are heavily scanning for sites that are vulnerable and attempting to exploit...

WordPress XML-RPC PingBack Vulnerability Analysis

There were news stories this week outlining how attackers are abusing the XML-PRC "pingback" feature of WordPress blog sites to launch DDoS attacks on other sites. This blog post will provide some analysis on this attack and additional information for...

Introducing ModSecurity Status Reporting

The Trustwave SpiderLabs Research team is committed to making ModSecurity the best open source WAF possible. To this end, we have deployed Buildbot platforms and revamped regression tests for our different ports to ensure code quality and reliability. But we...

Announcing ModSecurity v2.7.6 Release (CI Platform Usage)

The ModSecurity Project team is pleased to announce public release version 2.7.6. Full Release Notes Here. Besides extensive bug fixes this release also includes modification on the build system that counts on QA mechanisms such as coding style checker and...

[Honeypot Alert] More PHP-CGI Scanning (apache-magika.c)

In the past 24 hours, one of the WASC Distributed Web Honeypot participant's sensors picked up continued scanning for CVE-2012-1823 which is a vulnerability within PHP-CGI. Here is a screenshot taken from the ModSecurity WAF alert data: PHP-CGI Attack The...

PHP.Net Site Infected with Malware

Earlier today, users attempting to access the www.php.net site were met with malware warnings from Google's Safe Browsing plugins in Chrome/FireFox and other browsers - So, what was the problem? Malware Redirection Details Google's SafeBrowsing currently lists the following for...

Hiding Webshell Backdoor Code in Image Files

Looks Can Be Deceiving Do any of these pictures look suspicious? First appearances may be deceiving... Web attackers have have been using a method of stashing pieces of their PHP backdoor exploit code within the meta-data headers of these image...

ModSecurity for Java - BETA Testers Needed

Over the course of the summer of 2013, the ModSecurity team participated in Google's Summer of Code (GSoC) program through OWASP. We helped by mentoring Mihai Pitu who developed a port of ModSecurity for Java! The main problem this project...