Posted by Lem0nHead, 07-22-2008, 03:10 PM | hello
I just installed mod_security and would like to test some common attack to see if it's blocking it
I tried passing "cmd=uname -a" as parameter to a .php, but it didn't block it
any other test I can try?
I'm using almost all rules from gotroot
|
Posted by RBBOT, 07-22-2008, 06:04 PM | any URL that has an embedded SQL statement is a good test e.g. /index.php?SELECT%20*%20FROM%20mysql.users
|
Posted by zacharooni, 07-22-2008, 07:49 PM | You can use the nikto tool to test this.
|
Posted by Lem0nHead, 07-22-2008, 08:19 PM | hm, it seems it's not working
I noticed
LoadModule security2_module modules/mod_security2.so
is working
(at least, when I change it to mod_security2_foo.so, it gives an error)
but it's not running what's inside:
(or )
also, even if I remove the ifmodule (so forcing it to read the commands), I get:
Invalid command 'SecFilterEngine', perhaps misspelled or defined by a module not included in the server configuration
any ideas?
|
Posted by Lem0nHead, 07-22-2008, 08:20 PM | phpinfo() shows loaded modules: mod_security2
I also have:
LoadFile /usr/local/lib/libxml2.so
LoadFile /usr/local/lib/lua51/liblua.so
loading correctly
|
Posted by Lem0nHead, 07-22-2008, 08:25 PM | nevermind
just found out that mod_security 2 is not compatible with 1.9
|
Posted by yufulou, 06-19-2011, 10:08 PM | try "a2enmod modsecurity"
|
Posted by linuxtechz, 06-20-2011, 05:20 AM | Hey,
Once its working you can try some php shell hack scripts to see if the passwd file or configuration files under /etc is readable or not. I happen to come across few and use it from time to time to test out the mod_security and other breach on the server.
|
Posted by mikegotroot, 06-30-2011, 01:30 PM | SecFilterSelective is for the old end of line 1.8-1.9 modsecurity, you have mod_security 2.x. Make sure you are using a configuration and rules written for 2.x, not 1.9.
|
|
Add to Favourites
Print this Article |