web_server: PHP.CGI.Argument.Injection detection by mod_secure?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
web_server: PHP.CGI.Argument.Injection detection by mod_secure?
Hi,
Today our firewall detect this intrusion "web_server: PHP.CGI.Argument.Injection". We have a centos 6.4 machine with php 5.3.3 and with mod_secure enabled. We are wondering can mod_secure detect this type of intrusion and disabled it? What can we do to scan if there is any threat created? I have checked through the httpd access log and I didnt find the said ip detected by the firewall.
Dear David,
The firewall is fortinet. When you say sanitize means is it that things like mysql_real_escape_string? Yes I do this is on my login page anything else should I be doing ?
As long as you sanitize your input so someone can't put content in there that MySQL or any other interpreter will try to execute as code, you'll be fine.
But it still doesn't hurt to load mod_security rules like OWASP or others, prevents someone from piling in junk data anyways.
I am not too sure is mysql_real_escape_string sufficient enough? Yes I have mod_secure running too what should I edit or change to edit to further harden it I just left it as it is without any additional changes?
Well on the php and apache should I do anything extra? What else can I use to sanitize my web pages from your experience? I have mod_security enable even before this too. Should I upgrade the rules or it can be done via the normal yum updates?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.