Shamsul Kamal
asked on
How to disable the C99 Shell script from running using ModSec2 rules ?
Hi,
May i know if anybody know how to disable C99 shell script from running using specific Modsec2 security rules ?
Appreciates if anyboy can help.
Thank you.
May i know if anybody know how to disable C99 shell script from running using specific Modsec2 security rules ?
Appreciates if anyboy can help.
Thank you.
ASKER
Hi,
Thanks for the rules,
But after i put it in /usr/local/apache/conf/mod sec2.user. conf and try to restart the httpd , the following error appear :
"Invalid command 'SecFilterSelective', perhaps mis-spelled or defined by a module not included in the server configuration"
Is the rules not compatible with my modsec2 ? or i need to install some modules to make it works ?
Thank you.
Thanks for the rules,
But after i put it in /usr/local/apache/conf/mod
"Invalid command 'SecFilterSelective', perhaps mis-spelled or defined by a module not included in the server configuration"
Is the rules not compatible with my modsec2 ? or i need to install some modules to make it works ?
Thank you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SecFilterSelective THE_REQUEST "(chr|fwrite|fopen|system|
If you have ssh access you also can run this command to search for any scripts on the server.
find /home/ -name "*.php" -print | xargs egrep -l -i 'c99shell' >> /somedirectory/exploits.tx
Other search terms you may want to use, which will provide some false positives, but will be more thorough are....
"c99" "r57" "shell" , etc.