Mod_security & C99shell Anyone Help Please ?
I installed modsecurity from Addone module in Cpanel
When I try to apply phpshell woork good without a mistakes and I can do anything despite of the presence of protection modsecurity and disable_functions in php.ini.
Is there a particular settings add to the httpd.conf to prevent application phpshell or prevent upload it to the site?
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
C99Shell :: Attack Rules For Mod_security
i want to prevent c99shell scripts from running. I found this rule to detect URI's for the c99 shell. #new kit SecFilterSelective REQUEST_URI "/c99shell.txt" SecFilterSelective REQUEST_URI "/c99.txt?" My problem is that the hackers are being more stealthy and calling the script some random name like .../myphpstuff.php. So the URI no longer helps detect it. How could I detect "c99shell" in the actual file that apache servers? This assumes that the hacker was successfully in installing it. my box Apache 1.3.37 WHM 11.2.0 cPanel 11.11.0-R16983 FEDORA 5 i686 - WHM X v3.1.0
View Replies!
View Related
C99Shell :: How To Detect Or Disable The Functionality Of C99Shell
Recently my site was defaced, (i own a dedicated server), my server was not touched, but one of the applications I used on the site was exploited to gain access to it. I have noticed 4 or 5 c99 shells in different locations on my ftp. The site is back online, but it's definitely possible that they have one of these hidden somewhere and that they'll just do it again. I am using cent os 5 How can I easily search for these on my box? Can I disable their functionality? is there setting I can use in htaccess or something to make my website safer? I visited one of the scripts, and it said SAFEMODE OFF, how can I at least enable safemode? I don't know much of anything about linux, but I am running cpanel and WHM. I have a guy who manages my box but he is hard to get a hold of sometimes, and I'd like to take care of this ASAP!
View Replies!
View Related
C99Shell Folders?
I found these folders in the root /usr/bin/c99 /usr/include/boost/numeric/interval/detail/c99_rounding_control.hpp /usr/include/boost/numeric/interval/detail/c99sub_rounding_control.hpp what are these ? is it normal folders ? or somebody hacked our server? what shall I do?
View Replies!
View Related
Trojan C99Shell
I just installed zen cart on my webhosting and after few days later i saw some file written like core1405.php and when i open to view the file it is actually trojan c99shell. I have deleted all of the core file. Now how can i prevent it from happen again? Cause it is too much work to clean up the hosting server.
View Replies!
View Related
C99Shell Hackers Killing Me!
guys im tired off fighting those hackers everyday! i have about 20 websites,and everyday i have one of them hacked! i restore a backup then another one hacked! thats unbelivable!!! those bastards upload there shell scripts to websites via bugs or whatever from php files!! is there anyway to stop these commands? can .htaccess helps? how? i talked to my webhosting companies for my websites! ....
View Replies!
View Related
C99shell Disable PHP Scripts?
the biggest security issue i have with my clients is php c99 shell and similar php files, somehow these files uploaded on the website and from here they start attacking the websites. i have seen also that once you upload the c99 php file you are able to see the accounts information ( such as a user name ) on the same server so is there any way to disable this kind of php file or at least disable some function within the file! i have been thinking to install and run a antivirus on the server , but i see sometimes they upload the encrypted version of the file , so the antirus can't catch the file as a torjan!
View Replies!
View Related
Mod_Security 2.5, Or 2.0?
I have been using mod_security 1.9.x since it first release on apache 1.3 and apache 2.0.x, rules are great and they work perfect with no issues at all with any php-mysql website. Do you recommend using mod_security 2.0 or 2.5 ? (I do know that 2.5 does not work with apache 1.3).
View Replies!
View Related
Mod_security
I am currently running a few small websites that use a CMS. Two are Dragonfly and one is Joomla. I am getting sporadic errors with both systems that, upon research, seem to be related to Apache and the mod_security module. I am getting the following error: Code: Not Acceptable An appropriate representation of the requested resource /somefolder/index.php could not be found on this server. Well, I'm no idiot (although some people may tend to disagree ) and after some searching, I found that this most likely points to an Apache error. Most solutions suggest to put the following in my .htacess file for the site: Code: <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> It was noted that "SecFilterScanPOST Off" may or not be necessary. I have added the above to the .htaccess for each site (all 3 sites are subdomains) and have also added it to the .htaccess that is in the root folder for the site. Nothing has worked. So my question is, is it possible that my webhost can override my .htaacess settings with their own? This is the only explanation that I can think of. But of course, I am no expert, which is why I turn to you good folks for help once again.
View Replies!
View Related
Mod_security
I want to add some more rules to to mod_security, however I am unsure if some of them are already being used. So would it cause any problems if there are duplicate rules for the time being till I can check through all the rules?
View Replies!
View Related
Mod_security On RH 5 64
I am having lots of problems installing mod_security on RH5 64 w/ Plesk. mainly related to apr0, subversion, and the headers. Any reason why everyone recommends to use version 1.94 of mod_security rather than the latest version available on www.modsecurity.org?
View Replies!
View Related
Mod_security
I've got this: mod_security: Access denied with code 406. Error normalising REQUEST_URI: Invalid URL encoding detected: invalid characters used [hostname "www.mydomain.com"] [uri "/search/include/js_suggest/suggest.php?type=query&q=%u062E%u0636%u0631%u0627"] how to disable/exclude this uri in mentioned host from being catched by mod_security?
View Replies!
View Related
Mod_Security Configuration
I installed Mod_Security on my Cent OS server today and having some problem in configurating it. Problem - I have added this module in 'httpd.conf' file Code: <IfModule mod_security.c> SecFilterEngine On SecServerSignature "Apache" SecFilterCheckUnicodeEncoding Off SecAuditEngine RelevantOnly SecAuditLog logs/audit_log SecFilterScanPOST On SecFilterDefaultAction "deny,log,status:403" SecFilterSelective REQUEST_METHOD "^POST$" chain SecFilterSelective HTTP_Content-Length "^$" SecFilterSelective HTTP_Transfer-Encoding "!^$" SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$" SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$" SecFilter "../" SecFilter "viewtopic.php?" chain SecFilter "chr(([0-9]{1,3}))" "deny,log" SecFilterSelective THE_REQUEST "wget " SecFilterSelective THE_REQUEST "lynx " SecFilterSelective THE_REQUEST "scp " SecFilterSelective THE_REQUEST "ftp " SecFilterSelective THE_REQUEST "cvs " SecFilterSelective THE_REQUEST "rcp " SecFilterSelective THE_REQUEST "curl " SecFilterSelective THE_REQUEST "telnet " SecFilterSelective THE_REQUEST "ssh " SecFilterSelective THE_REQUEST "echo " SecFilterSelective THE_REQUEST "links -dump " SecFilterSelective THE_REQUEST "links -dump-charset " SecFilterSelective THE_REQUEST "links -dump-width " SecFilterSelective THE_REQUEST "links http:// " SecFilterSelective THE_REQUEST "links ftp:// " SecFilterSelective THE_REQUEST "links -source " SecFilterSelective THE_REQUEST "mkdir " SecFilterSelective THE_REQUEST "cd /tmp " SecFilterSelective THE_REQUEST "cd /var/tmp " SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy " SecFilterSelective THE_REQUEST "/config.php?v=1&DIR " SecFilterSelective THE_REQUEST "/../../ " SecFilterSelective THE_REQUEST "&highlight=%2527%252E " SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php " # Very crude filters to prevent SQL injection attacks SecFilter "delete[[:space:]]+from" SecFilter "insert[[:space:]]+into" SecFilter "select.+from" # Weaker XSS protection but allows common HTML tags SecFilter "<[[:space:]]*script" # Prevent XSS atacks (HTML/Javascript injection) SecFilter "<(.|n)+>" </IfModule> But my website is multi forum hosting and requires 'index.php' file to pass parameter to make it work. Example - [url] [url] [url] So i had to delete below mention code from above module. Code: SecFilterSelective REQUEST_METHOD "^POST$" chain SecFilterSelective HTTP_Content-Length "^$" SecFilterSelective HTTP_Transfer-Encoding "!^$" SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$" SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$" SecFilter "../"
View Replies!
View Related
Mod_security And ISPConfig3
I have installed a new server with debian lenny 5, ISPConfig 3.0.1.1 and the newest mod_security and implemented the default rules. I deactivated the rule detecting IP in pageheaders. Then I got another problem. Some actions of ISPConfig are detected as "remote file access attempt", severity "critical", tag "web attack/file injection" data "/etc/" detected by rule file crs_40 line 114, id 950005 question: how do I authorize ISPConfig and only ISPConfig to perform such requests on the server?
View Replies!
View Related
Mod_Security - Using RBLs
Trying to use an RBL with ModSecurity but this matches everything whether listed or not. SecRule REMOTE_ADDR "@rbl bb.barracudacentral.org" "log,deny,msg:'POST RBL Comment Spammer'" What I would like to do is do an RBL lookup and any POST operations.
View Replies!
View Related
Mod_security 2 Rules
Any good secure rules for mod_security 2 that work well for shared servers? Can someone share what rules you are using to secure your shared servers. Have tried a few different sets of rules, but a few customers always end up with errors and disabling it for their domain name doesn't sound like a safer option for them or the server. Share your mod_sec 2 rules.
View Replies!
View Related
Mod_security On CentOS 64
I've been having the hardest time getting mod_security on my new CentOS 5.2 64-bit box. Everything is a straight, simple, standard install - nothing special or custom. Plesk and all the apps that come with it installed fine, everything was going great. Then I tried to compile mod_sec, and things have been nothing but problems. I think I've finally sorted out the problems with the compiler, but now I get this error: /usr/bin/ld: warning: i386 architecture of input file `.libs/msc_lua.o' is incompatible with i386:x86-64 output Repeated, for every file it tries to link.
View Replies!
View Related
Cpanel Mod_security
I installed new cPanel server and enabled modsecurity inside WHM > Manage Plugins > modsecurity When I create a phpinfo() file, it doesn't showup. Are they any configuration that I should do? How about adding the rules?
View Replies!
View Related
Mod_security SecFilters
Anyone care to share a good set of mod_security SecFilters? Trying to find a good set that will be good at preventing exploits, but not too restrictive that it starts interfering with everyday operations.
View Replies!
View Related
Installing Mod_security ...
i have search this forum and google.but none of them can help me to instal it. i have centos with direct admin. first i login via ssh to my server ~ then i wget the latest ver an untar it in ~ and go to /modsecurity-apache_2.5.7 folder and then apache2/ and run: ./configure make make install and config httpd.conf thats it. is it right or not and how can i test it that is it work fine or not
View Replies!
View Related
Mod_security Won't Log Anything
using mod_security, but I believe that I have it installed correctly with some rules that should be generating entries in the security audit log. No matter what I do, I can't seem to get mod_security to generate any sort of log entries. I am using version 2.1.7. I compiled it with no problems. In my httpd.conf file, I have the following relevant lines: LoadFile /usr/lib/libxml2.so LoadModule security2_module modules/mod_security2.so Include conf/modsecurity/*.conf I don't think there are any problems here, as I know it is running directives from the configuration file I edited. This is the file I'm working with: modsecurity_crs_10_config.conf Here are the relevant lines from the config file: SecRuleEngine On SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType (null) text/html text/plain text/xml SecResponseBodyLimit 524288 SecDefaultAction "phase:2,auditlog,log,pass,status:500" SecAuditEngine On SecAuditLogType Serial SecAuditLog logs/modsec_audit.log SecAuditLogParts "ABIFHZ" SecRequestBodyInMemoryLimit 131072 SecDebugLog logs/modsec_debug.log SecDebugLogLevel 3 I know that the config file is being read because when I start apache, the log files (modsec_audit.log and modsec_debug.log) are created. The problem is that the files are empty and remain empty no matter what I do. I have even tried setting permissions on the files to 777. Here are a couple of rules I created in an attempt to generate log entries: SecRule REQUEST_BODY "viagra" SecRule REMOTE_ADDR "^1.1.3.4$" auditlog,phase:1,allow I put these in the same config file mentioned above. As far as I understand, the first rule should examine the request body (which would include data in POST requests) for the word, "viagra". Since my default action is phase:2,auditlog,log,pass,status:500, such requests should end up in the audit log. However, when I use a form on my site to post the word "viagra", nothing is generated in the log file. The second rule, as far as I understand, should generate a log entry any time the IP address 1.2.3.4 is sent in the request headers. Instead of 1.2.3.4, of course, I have put in my real IP address. However, when I visit my server and browse pages, nothing is logged. I assume that my requests should generate log entries since I match the IP address.
View Replies!
View Related
Installing Mod_security ..
I have been trying to install mod_security for the last few days and I can't seem to get it working. I'm with Rockmyweb hosting and for some reason although I have it listed in the httpd.conf, it is showing up in my vps control panel (under the security script) that it isn't installed. Is there some way that I can test to see if it is actually installed or not? Here is what is in my httpd.conf: LoadFile /usr/lib64/libxml2.so LoadModule security2_module /usr/lib/apache/mod_security2.so <IfModule mod_security2.c> Include conf/modsec/*.conf </IfModule>
View Replies!
View Related
Vbulletin With Mod_Security
Anyone here have problem with Mod_Security and VBulletin ? Currently running Apache 1.3.x and Vbulletin 3.6.8 patch 2 and want to install Mod_Security on Apache so I want to know if there any conflict with Mod_Security and Vbulletin.
View Replies!
View Related
Mod_security - Mail.ru
if anyone with Mod_Security knowledge could write up a rule for *@mail.ru. Anyone running a forum knows that a ton of spam accounts come from somebody@mail.ru (which most of the times bounces). Also, does anyone know if there is a large number of people who use mail.ru addresses for legitimate purposes? Would blocking mail.ru be like blocking hotmail.com (which obviously I wouldn't do)
View Replies!
View Related
What Mod_security Ruleset Are You Using
in which case a hacker will know how to get around it, I'm just asking if someone here with a good quality and current ruleset could PM it to me. I want to compare it to my own ruleset and see what I can add to it. I've just had an annoying exploit recently and I am looking to try to improve my mod_security ruleset,
View Replies!
View Related
Mod_security In Error_log
In /usr/local/apache/logs/error_log there are hundreds of these lines: Quote: mod_security: Filtering against POST payload requested but payload is not available [hostname "www.somedomain.com"] This is a result of: Code: SecFilterScanPOST Off Is there a way to exclude that line being logged in error_log file? If I turn it ON, those errors won't show up in error_log anymore, however, it'll break some scripts on my server. I prefer to leave it OFF.
View Replies!
View Related
Mod_security / SecRuleEngine Not Allowed Here
I have started this thread in March 2009, now I want to come with new questions and couldn't find the old thread, maybe it was lost when WHT was hacked [url] The problem is that I can't turn Off mod_Security for a certain domain (just the /admin folder) first I have tried this: SecFilterEngine Off SecFilterScanPOST Off and got the error : Invalid command 'SecFilterEngine', perhaps misspelled or defined by a module not included in the server configuration than tried this: SecRuleEngine ctl:ruleEngine=Off and SecRuleEngine Off one, at a time and got the same error for bouth: SecRuleEngine not allowed here
View Replies!
View Related
Setting The Right Rules For Mod_Security
We were recently hacked on our dedicated server and the hacker managed to insert php files that generated thousands of doorway pages in one of our images folder on our site. We have done an extensive cleanup of our site, removing all malicious files and are locking down the server. We have already updated to the latest versions of PHP and Wordpress,not to mention change all database passwords and admin password. My question is about mod_security for apache. We were told Mod_security can prevent this from happening again but it must be configured correctly. We have already set rules for mod_security. The rules set up are in the files in the directory, /etc/httpd/modsecurity.d/modsec. We were told that the file 10_asl_rules.conf specifically has filters to prevent SQL injection attacks. These are are current rules: ---------------------------------------------------------------------- /etc/httpd/modsecurity.d/modsec # ls 05_asl_exclude.conf 30_asl_antispam.conf domain-blacklist-local.txt malware-blacklist.txt 05_asl_scanner.conf 30_asl_antispam_referrer.conf domain-blacklist.txt sql.txt 10_asl_antimalware.conf 40_asl_apache2-rules.conf domain-spam-whitelist.conf trusted-domains.conf 10_asl_rules.conf 50_asl_rootkits.conf domain-spam-whitelist.txt trusted-domains.txt 11_asl_data_loss.conf 60_asl_recons.conf malware-blacklist-high.txt whitelist.txt 20_asl_useragents.conf 99_asl_exclude.conf malware-blacklist-local.txt 30_asl_antimalware.conf 99_asl_jitp.conf malware-blacklist-low.txt ----------------------------------------------------------------- I can do to prevent this or tune up apache mod_security from letting this happen again. We are so paranoid that we are now checking our access log files for POST commands every day?
View Replies!
View Related
Gotroot Rules With Mod_security
Im using a vps with centos 5 and cpanel/whm with apache 2.2. Im tring to figure out how to use the gotroot rules with mod_security. I had enabled mod_security with easy apache. I tried to follow some other post had I found around on other forums with no luck really, with that said I am a linux noob. I had tried to follow the wiki on atomic sites <-- not enof post so I cant do links sorry, but I found it hard to under stand cause I dont have a modsecurity.config file that I can find, also I cant find AddModule mod_security.c in my httpd.config, but I did find this line, Include "/usr/local/apache/conf/modsec2.conf". My thing is im looking for a complete noob guide on how to use gotroot rules with mod_security enabled through easy apache, or would it be easyer to manully install mod_security?
View Replies!
View Related
Mod_security Rules In WHM
I just installed mod_security via WHM, and want to know what rule should I enter to prevent some URLs from being opened. For example, if URL contains word "abc" (like domain.com/some_folder/abc/file.php), it should not be opened.
View Replies!
View Related
Mod_security To Prevent Some Script
I try to use mod_security to prevent some script in some files, imagine I want to block all scripts includes "test" in the body so if code of script.php is: HTML Code: <html> <p>test</p> </html> and someone run script.php , I want block running and show 406 error now can you tell me how can I write this rule in mod_security 2 with apache 2? I use SecRule RESPONSE_BODY "test" but its now working ...
View Replies!
View Related
Best Mod_security Rules Site
I doubt anyone is writing their own rules so what do you think is the best site for mod_security rules which are strong but also do not result in many false positives. I know of [url] posts rules but is there anyone else worth mentioning?
View Replies!
View Related
Are There Issues With Mod_Security And Forums
I am running Apache 2.2 on CentOS. I really want to install mod_security to lock things down. But I saw where there were some issues with mod_security and forums. I plan on having a forum live on my site shortly. I found this bit of info: If you install mod security on the server, some forums will not work properly as this will compare each pattern which is posted against the rule set and will block it if found matching. Is anyone using mod_security with a forum currently?
View Replies!
View Related
Error Emails From Mod_Security
I got quite a lot of these e-mails from my mod_security Quote: [Thu Nov 27 23:36:44 2008] [error] [client 75.165.229.140] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(ht|f)tps?:/" at ARGS:loc. [file "/usr/local/apache/conf/modsec2/rules.conf"] [line "155"] [id "300018"] [rev "3"] [msg "Generic PHP code injection protection via ARGS"] [severity "CRITICAL"] [hostname "www.domain"] [uri "/ads/www/delivery/lg.php"] [unique_id "SS@DbEo-wEIAABlHa1YAAAAX"]
View Replies!
View Related
Mod_security 2.5 Install Error
Trying to install mod_security 2.5 on Red Hat box with Apache 2.0.52 per ModSecurity.org installation instructions. Getting no errors when running: ./configure --with-apxs=/usr/sbin/apxs or make But, when I run 'make test' I get the following: # make test /bin/sh /usr/lib/apr/build/libtool --silent --mode=compile gcc -O2 -g -pipe -m32 -march=i386 -mtune=pentium4 -pthread -O2 -g -Wall -Werror -I/usr/include/pcre -I/usr/include/libxml2 -I/usr/include/apr-0 -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/apr-0 -o msc_test.lo -c msc_test.c In file included from re.h:36, from modsecurity.h:46, from msc_test.c:13: apache2.h:14:23: http_core.h: No such file or directory apache2.h:15:26: http_request.h: No such file or directory apache2.h:16:19: httpd.h: No such file or directory apache2.h:17:24: ap_release.h: No such file or directory In file included from re.h:36, from modsecurity.h:46, from msc_test.c:13: apache2.h:60: error: syntax error before '*' token apache2.h:63: error: syntax error before '*' token apache2.h:72: error: syntax error before "ap_filter_t" apache2.h:80: error: syntax error before '*' token apache2.h:82: error: syntax error before '*' token apache2.h:89: error: syntax error before '*' token In file included from msc_test.c:13: modsecurity.h:48:23: ap_config.h: No such file or directory modsecurity.h:53:25: http_config.h: No such file or directory modsecurity.h:54:22: http_log.h: No such file or directory modsecurity.h:55:27: http_protocol.h: No such file or directory modsecurity.h:123:19: unixd.h: No such file or directory In file included from msc_test.c:13: modsecurity.h:145: error: syntax error before "AP_MODULE_DECLARE_DATA" modsecurity.h:145: warning: type defaults to `int' in declaration of `security2_module' modsecurity.h:145: warning: data definition has no type or storage class modsecurity.h:147: error: syntax error before "module_directives" modsecurity.h:147: warning: type defaults to `int' in declaration of `module_directives' modsecurity.h:147: warning: data definition has no type or storage class modsecurity.h:209: error: syntax error before "request_rec" modsecurity.h:209: warning: no semicolon at end of struct or union modsecurity.h:210: warning: type defaults to `int' in declaration of `r' modsecurity.h:210: warning: data definition has no type or storage class modsecurity.h:223: error: syntax error before '*' token modsecurity.h:223: warning: type defaults to `int' in declaration of `if_brigade' modsecurity.h:223: warning: data definition has no type or storage class modsecurity.h:229: error: syntax error before '*' token modsecurity.h:229: warning: type defaults to `int' in declaration of `of_brigade' modsecurity.h:229: warning: data definition has no type or storage class modsecurity.h:376: error: syntax error before '}' token modsecurity.h:496: error: syntax error before "apr_global_mutex_t" modsecurity.h:496: warning: no semicolon at end of struct or union modsecurity.h:499: error: syntax error before '}' token In file included from msc_test.c:15: pdf_protect.h:18: error: syntax error before '*' token msc_test.c:39: error: syntax error before "ap_filter_t" msc_test.c: In function `msr_log': msc_test.c:56: error: dereferencing pointer to incomplete type msc_test.c:59: error: dereferencing pointer to incomplete type msc_test.c:60: error: dereferencing pointer to incomplete type msc_test.c:60: error: dereferencing pointer to incomplete type msc_test.c:61: error: dereferencing pointer to incomplete type msc_test.c:62: error: dereferencing pointer to incomplete type msc_test.c:67: error: dereferencing pointer to incomplete type msc_test.c:72: error: dereferencing pointer to incomplete type msc_test.c: At top level: msc_test.c:77: error: syntax error before '*' token msc_test.c:81: error: syntax error before '*' token msc_test.c:85: error: syntax error before '*' token msc_test.c:89: error: syntax error before '*' token msc_test.c: In function `test_tfn': msc_test.c:156: error: dereferencing pointer to incomplete type msc_test.c: In function `test_op': msc_test.c:190: error: dereferencing pointer to incomplete type msc_test.c:201: error: dereferencing pointer to incomplete type msc_test.c:208: error: dereferencing pointer to incomplete type msc_test.c:224: error: dereferencing pointer to incomplete type msc_test.c: In function `init_msr': msc_test.c:254: error: `request_rec' undeclared (first use in this function) msc_test.c:254: error: (Each undeclared identifier is reported only once msc_test.c:254: error: for each function it appears in.) msc_test.c:255: error: syntax error before ')' token msc_test.c:300: error: invalid application of `sizeof' to incomplete type `modsecurity.h' msc_test.c:300: error: invalid application of `sizeof' to incomplete type `modsecurity.h' msc_test.c:301: error: dereferencing pointer to incomplete type msc_test.c:302: error: dereferencing pointer to incomplete type msc_test.c:303: error: dereferencing pointer to incomplete type msc_test.c:304: error: dereferencing pointer to incomplete type msc_test.c:305: error: dereferencing pointer to incomplete type msc_test.c:306: error: dereferencing pointer to incomplete type msc_test.c:307: error: dereferencing pointer to incomplete type msc_test.c:308: error: dereferencing pointer to incomplete type msc_test.c:309: error: dereferencing pointer to incomplete type msc_test.c:310: error: dereferencing pointer to incomplete type msc_test.c:311: error: dereferencing pointer to incomplete type msc_test.c:312: error: dereferencing pointer to incomplete type msc_test.c:313: error: dereferencing pointer to incomplete type msc_test.c:314: error: dereferencing pointer to incomplete type msc_test.c:315: error: dereferencing pointer to incomplete type msc_test.c:316: error: dereferencing pointer to incomplete type msc_test.c:317: error: dereferencing pointer to incomplete type msc_test.c:318: error: dereferencing pointer to incomplete type msc_test.c:319: error: dereferencing pointer to incomplete type msc_test.c:320: error: dereferencing pointer to incomplete type msc_test.c:321: error: dereferencing pointer to incomplete type msc_test.c:322: error: dereferencing pointer to incomplete type msc_test.c:323: error: dereferencing pointer to incomplete type msc_test.c:324: error: dereferencing pointer to incomplete type msc_test.c:325: error: dereferencing pointer to incomplete type msc_test.c: At top level: modsecurity.h:147: warning: array 'module_directives' assumed to have one element make: *** [msc_test.lo] Error 1 All of the 'No such file or directory' files are located in /usr/include/httpd/ why I am getting this error?
View Replies!
View Related
Mod_security Killing Php
trying to get mod_security installed on my HSphere server, the install goes ok until i try and load rules? If i just load the exclude.conf rule then php sites work, if i also load rules.conf or any other rules then my php sites get 'connection refused error' ? I cannot find any thing in logs and there is no log written for mod_security? here is my modsecurity.conf Quote: #If you want to scan the output, uncomment these #SecFilterScanOutput On #SecFilterOutputMimeTypes "(null) text/html text/plain" # Accept almost all byte values SecFilterForceByteRange 1 255 # Server masking is optional #fake server banner - NOYB used - no one needs to know what we are using SecServerSignature "NOYB" #SecUploadDir /tmp #SecUploadKeepFiles Off # Only record the interesting stuff SecAuditEngine RelevantOnly SecAuditLog /var/log/audit_log # You normally won't need debug logging SecFilterDebugLevel 0 SecFilterDebugLog logs/modsec_debug_log #And now, the rules #Remove any of these Include lines you do not use or have rules for. #First, add in your exclusion rules: #These MUST come first! Include /etc/modsecurity/exclude.conf #Application protection rules #Include /etc/modsecurity/rules.conf bash-2.05b# cat /etc/modsecurity.conf <IfModule mod_security.c> # Only inspect dynamic requests # (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED) #SecFilterEngine DynamicOnly SecFilterEngine On # Reject requests with status 500 SecFilterDefaultAction "deny,log,status:500" # Some sane defaults SecFilterScanPOST On SecFilterCheckURLEncoding On SecFilterCheckCookieFormat On SecFilterCheckUnicodeEncoding Off SecFilterNormalizeCookies On # enable version 1 (RFC 2965) cookies SecFilterCookieFormat 1 SecServerResponseToken Off #If you want to scan the output, uncomment these #SecFilterScanOutput On #SecFilterOutputMimeTypes "(null) text/html text/plain" # Accept almost all byte values SecFilterForceByteRange 1 255 # Server masking is optional #fake server banner - NOYB used - no one needs to know what we are using SecServerSignature "NOYB" #SecUploadDir /tmp #SecUploadKeepFiles Off # Only record the interesting stuff SecAuditEngine RelevantOnly SecAuditLog /var/log/audit_log # You normally won't need debug logging SecFilterDebugLevel 0 SecFilterDebugLog logs/modsec_debug_log #And now, the rules #Remove any of these Include lines you do not use or have rules for. #First, add in your exclusion rules: #These MUST come first! Include /etc/modsecurity/exclude.conf #Application protection rules #Include /etc/modsecurity/rules.conf #Comment spam rules #Include /etc/modsecurity/blacklist.conf #Bad hosts, bad proxies and other bad players ##Include /etc/modsecurity/blacklist2.conf #Bad clients, known bogus useragents and other signs of malware ##Include /etc/modsecurity/useragents.conf #Known bad software, rootkits and other malware ##Include /etc/modsecurity/rootkits.conf #Signatures to prevent proxying through your server #only rule these rules if your server is NOT a proxy ##Include /etc/modsecurity/proxy.conf #Just in Time Patching for Vulnerable Applications ##Include /etc/modsecurity/jitp.conf #Google Hacks signatures ##Include /etc/modsecurity/recons.conf #Include /etc/modsecurity/ </IfModule>
View Replies!
View Related
|
TRACKER
