1 May 14:27
Re: Breach Security Labs Alert: Nihaorr1 Attack(fwd)
From: Ryan Barnett <Ryan.Barnett <at> Breach.com>
Subject: Re: Breach Security Labs Alert: Nihaorr1 Attack(fwd)
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-01 12:27:21 GMT
Subject: Re: Breach Security Labs Alert: Nihaorr1 Attack(fwd)
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-01 12:27:21 GMT
One quick clarification - if you want to use blocking for these rules, use the modsecurity_crs_40_generic_attacks.conf file that is under the "optional_rules" directory as this is the "blocking" version and has the "deny" action applied to them. The name of that directory is a bit misleading as it is really holding 2 different types of rules - some are the blocking versions of rules files and some are truly optional rule sets that may be applicable in some situations (comment spam and directory traversals). Due to the fact that many people call up the Mod rules using Include wild-carding in the httpd.conf file, we thought it best to move the optional rules into a separate directory so that they would need to be explicitly specified. -Ryan > -----Original Message----- > From: Ryan Barnett > Sent: Thursday, May 01, 2008 8:12 AM > To: covici <at> ccs.covici.com; mod-security-users <at> lists.sourceforge.net > Subject: RE: [mod-security-users] Breach Security Labs Alert: Nihaorr1 > Attack(fwd) > > Hello John, > I am guessing that you are using ModSecurity 2.1.4? This recent mass-SQL > Injection attack is essentially an updated version of the attack I > outlined in a past Blog post - http://blog.modsecurity.org/2008/01/sql- > injection-a.html. The only real difference is the actual injected JS > code.(Continue reading)
RSS Feed