LinuxQuestions.org - how to block shell file using mod

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - how to block shell file using mod_security (https://www.linuxquestions.org/questions/linux-security-4/how-to-block-shell-file-using-mod_security-889818/)

nike.stars

07-04-2011 06:43 AM

how to block shell file using mod_security

i'm having difficulties (doesn't understand) to create a mod_security rules on my cpanel server (centos5), i try to block a shell file which is being encoded using base64

i had 2 choice to block this kind of script, either by using the filename or using some string which is contained in the file (although it is base64)

anyone can help me to create this rule(s)?

unSpawn

07-08-2011 09:43 PM

Quote:

Originally Posted by nike.stars (Post 4404278)

i try to block a shell file which is being encoded using base64

Is it content being parsed by say PHP or a base64 URI*? Be verbose: examples?

nike.stars

07-08-2011 11:46 PM

it's the php content being encoded in base64 not the url

unSpawn

07-10-2011 10:32 AM

Quote:

Originally Posted by nike.stars (Post 4409501)

it's the php content being encoded in base64 not the url

In /etc/php.ini add a line "disable_functions=eval,base64_decode", restart your web server and see if that works or b0rks other things as well? Also note I asked you to elaborate but seeing you didn't I guess you're happy fighting symptoms instead the cause.

All times are GMT -5. The time now is 11:45 AM.