how to block shell file using mod_security

nike.stars · 07-04-2011, 06:43 AM

i'm having difficulties (doesn't understand) to create a mod_security rules on my cpanel server (centos5), i try to block a shell file which is being encoded using base64

i had 2 choice to block this kind of script, either by using the filename or using some string which is contained in the file (although it is base64)

anyone can help me to create this rule(s)?

unSpawn · 07-08-2011, 09:43 PM

Quote:

Originally Posted by nike.stars

i try to block a shell file which is being encoded using base64

Is it content being parsed by say PHP or a base64 URI*? Be verbose: examples?

nike.stars · 07-08-2011, 11:46 PM

it's the php content being encoded in base64 not the url

unSpawn · 07-10-2011, 10:32 AM

Quote:

Originally Posted by nike.stars

it's the php content being encoded in base64 not the url

In /etc/php.ini add a line "disable_functions=eval,base64_decode", restart your web server and see if that works or b0rks other things as well? Also note I asked you to elaborate but seeing you didn't I guess you're happy fighting symptoms instead the cause.