Threaded Mode | Linear Mode

robmorin · 10-24-2007 12:29 AM

Hello all... i was wondering with all the new fcgi, and the way Omega implements the use of php security, do you think mod_security would be any help? I use it now in my vhcs2 setup , but it can be a pain in the ass to setup...

Once i installed it i had virtually no hacks at all.... mind you once you CHOWN to root only files like this, a script i use on every machine..

chmod g-x,o-x /usr/bin/wget
chmod g-x,o-x /usr/bin/curl
chmod g-x,o-x /usr/bin/lwp-*
chmod g-x,o-x /usr/bin/lynx.stable
chmod g-x,o-x /usr/bin/fetch
chmod g-x,o-x /usr/bin/GET
chmod g-x,o-x /usr/bin/netkit-ftp
chmod g-x,o-x /usr/bin/lwp-request

There is not much a hacker can do to get scripts over to the web server for cross site scripting hacks....

Any opinions/comments?

Thanks

ROb..

raphael · 10-24-2007 12:50 AM

it all depends on what you use mod_security for. But remember it doesn't provide full protection (and it can, sometimes, be really bogus)

robmorin · 10-24-2007 12:57 AM

I wanted to use it to protect my web server from php programmers that do not program properly, and leave open exploitable scripts....

I do not have a good understanding of mod_security as its pretty confusing to use... never mind create excludes!

but with those mentioned files chowned to root , is there aything else i should worry about? Mind you i have had clients php scripts exploited to mass email or spam via that script, so i assumed mod_security would stop this too??

Rob..

raphael Wrote:it all depends on what you use mod_security for. But remember it doesn't provide full protection (and it can, sometimes, be really bogus)

monotek · 10-24-2007 08:49 AM

mod_security eats a lot of performance when it checks for unwanted patterns via regex if you have several sites configured.

therefore this shouldnt be more than optional...

raphael · 10-24-2007 09:26 AM

Quote: do not have a good understanding of mod_security as its pretty confusing to use

you must first understand how it operates and how to use it; just like any other tool being used on a server

Quote:but with those mentioned files chowned to root

you didn't chown anything

Quote:is there aything else i should worry about?

a thousand things

Quote:Mind you i have had clients php scripts exploited to mass email or spam via that script, so i assumed mod_security would stop this too??

see my first answer in this post (not thread)

**joximu** · 10-24-2007 09:27 AM

maybe the suhosin extension for php is better suited for you - it ships with several distributions...

http://www.hardened-php.net/suhosin.127.html

robmorin · 10-25-2007 12:32 AM

Sorry i meant chmod , as they are already owned by root...

But hey thanks for pointing that out....

Rob..

raphael Wrote:
Quote: do not have a good understanding of mod_security as its pretty confusing to use
you must first understand how it operates and how to use it; just like any other tool being used on a server

Quote:but with those mentioned files chowned to root
you didn't chown anything

Quote:is there aything else i should worry about?
a thousand things

Quote:Mind you i have had clients php scripts exploited to mass email or spam via that script, so i assumed mod_security would stop this too??
see my first answer in this post (not thread)

robmorin · 10-25-2007 12:34 AM

Thanks joximu for that info and link i will check it out....

Have a great day/evening

Rob..

joximu Wrote:maybe the suhosin extension for php is better suited for you - it ships with several distributions...

http://www.hardened-php.net/suhosin.127.html

Threaded Mode \| Linear Mode Do you think Mod_Security is needed?
Author	Message