Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
depending on what you are using to block IPs, keep in mind this is not a good workaround as most script kiddies use DHCP and can just get their IP to roll to an other and they can get back in.
if you are using IPTables, there are plenty of scripts out there to monitor your logs that will automatically ban IPs with repeated failed attempts to either pages/services they should not be trying to access.
id google for automatic IP band script for IPTables apache or something to that affect.
I don't know the synflood rate and brust.
For my example access from that ip, which value will best fit in the synflood?
Is it good idea to activate this?
When i search in google this word "exploit CVE-2012-1823" it returned results.
Code:
"POST /?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input HTTP/1.1" 200 3485 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
They have done this.
So, they have enabled allow_url_include and added php://input file in front of the execution.
I don't know whether my server is allowing such activities.
I am not using php as cgi. I guess it is not going to return anything useful.
Which tool do i use to test it myself?
EDIT
Code:
msf > use exploit/multi/http/php_cgi_arg_injection
This is how they check.
But i am not able to find msf.
What is it?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.