Thread: Site security
View Single Post
  #1  
Old 19th October 2011, 09:00
SamTzu SamTzu is offline
HowtoForge Supporter
 
Join Date: Apr 2007
Location: Helsinki
Posts: 426
Thanks: 33
Thanked 54 Times in 37 Posts
Send a message via Skype™ to SamTzu
Lightbulb Site security

%00 is known as a "poison null byte" attack. "Response 200" is not what we want to see. System commands can be included after that line.

Check if you can see your page with this command after the domain part...
Quote:
/?content=../../../../../../../../../../../../../../../proc/self/environ%00
Easy way to prevent this is to include this line in the .htaccess file.
Quote:
RewriteCond %{QUERY_STRING} proc\/self\/environ [OR]
I have been meaning to address this problem. Should 'Perfect Server' also have mod_security installed and enabled? Or can we include that RewriteCond on server level in the Apache config?

You can install mod_security in Debian with these commands...
Quote:
apt-get install libapache-mod-security
a2enmod mod-security
/etc/init.d/apache2 force-reload
__________________

Sami Mattila
Internet-Content

Telephone:
00358942833310
Email: firstname.lastname@internet-content.org
Shop: http://shop.internet-content.net
Site: http://www.internet-content.net
Blog: http://www.internet-content.net/en/blog
FB: https://www.facebook.com/internetcontent

Reply With Quote
Sponsored Links