Prev Previous Post   Next Post Next
  #1  
Old 19th October 2011, 09:00
SamTzu SamTzu is offline
HowtoForge Supporter
 
Join Date: Apr 2007
Location: Helsinki
Posts: 424
Thanks: 33
Thanked 50 Times in 35 Posts
Send a message via Skype™ to SamTzu
Lightbulb Site security

%00 is known as a "poison null byte" attack. "Response 200" is not what we want to see. System commands can be included after that line.

Check if you can see your page with this command after the domain part...
Quote:
/?content=../../../../../../../../../../../../../../../proc/self/environ%00
Easy way to prevent this is to include this line in the .htaccess file.
Quote:
RewriteCond %{QUERY_STRING} proc\/self\/environ [OR]
I have been meaning to address this problem. Should 'Perfect Server' also have mod_security installed and enabled? Or can we include that RewriteCond on server level in the Apache config?

You can install mod_security in Debian with these commands...
Quote:
apt-get install libapache-mod-security
a2enmod mod-security
/etc/init.d/apache2 force-reload
__________________

Sami Mattila
Internet-Content

Telephone:
00358942833310
Email: firstname.lastname@internet-content.org
Shop: http://shop.internet-content.net
Site: http://www.internet-content.net
Blog: http://www.internet-content.net/en/blog
FB: https://www.facebook.com/internetcontent

Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with ispconfig 3 staff007 Installation/Configuration 4 10th October 2011 21:17
Unable to install ISPConfig bdonecker Installation/Configuration 21 26th May 2009 08:20
Site Skeletons rbartz Feature Requests 11 29th November 2008 16:07
I just need one website...... showe1966 Installation/Configuration 21 19th September 2007 23:20
Static Web Site Configurations christopher Installation/Configuration 8 18th November 2006 14:43


All times are GMT +2. The time now is 13:18.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.