مجموعة قوانين للمود سيكورتي rule for Mod_Security

Mustafa Albazy · #1 17-08-2008, 03:46 PM

السلام عليكم ورحمة الله وبركاتة

طبعاً هذا الموضوع لصحاب السيرفرات والي مركبين مود سيكورتي mod_security

في هل الموضوع ما بشرح طريقة تركيب المود سيكورتي , ولكن راح اشرح طريقة وضع

القوانين للمود سيكورتي .

ندخل في صلب الموضوع ...

أولاً نقوم بتسجيل دخول الى ال WHM بيوزر الروت root

ومن ثم من القائمة الجانبية نذهب الى Plugins ثم Mod Security ثم سوف تفتح لنا صفحة

أعداد المود سيكورتي نقوم بل الضغط على Edit Config ثم نقوم بنسخ ماهوة موجود على الرابط to see the rule click here

التالي ونقوم بلصقة في المربع المخصص و نقوم بل الضغط على Save Configuration

ومن ثم نذهب الى restart service ونسوي ريستارت للأباتشي HTTP Server apache

و سلامتكم

ملاحظة : أنا IrIsH غير مسؤل عن أي خلل قد يحصل أثناء التركيب
ملاحظة : تم تجريب القوانين على عدة سيرفرات

الصريح جداً · #2 18-08-2008, 05:35 AM

وعليكم السلام ورحمة الله وبركاته

قوانين ممتازة .. يعطيك العافية

تشآآآو

Mustafa Albazy · #3 18-08-2008, 08:19 AM

حياك منور أخوي أبو عابد , الجميع يارب

best-7ost.com · #4 18-08-2008, 01:04 PM

ياااااااااه الله يزوجك من زمان ادور لقوانين حلوة

تقبل مروووري

Mustafa Albazy · #5 18-08-2008, 01:24 PM

إقتباس:

اقتباس من مشاركة best-7ost.com

	ياااااااااه الله يزوجك من زمان ادور لقوانين حلوة تقبل مروووري

هههههه والله الدعوى جت في مكانها توني خاطب من أسبوع

, أن شاء الله تنفعك القوانين

best-7ost.com · #6 18-08-2008, 01:27 PM

معلش اش رايك بهذي القوانين ايهم افضل ؟؟؟؟

إقتباس:

	<IfModule mod_security.c> # Turn the filtering engine On or Off SecFilterEngine On # Change Server: string SecServerSignature "Modelayer.Com" # This setting should be set to On only if the Web site is # using the Unicode encoding. Otherwise it may interfere with # the normal Web site operation. SecFilterCheckUnicodeEncoding Off # The audit engine works independently and # can be turned On of Off on the per-server or # on the per-directory basis. "On" will log everything, # "DynamicOrRelevant" will log dynamic requests or violations, # and "RelevantOnly" will only log policy violations SecAuditEngine RelevantOnly # The name of the audit log file SecAuditLog logs/audit_log # Should mod_security inspect POST payloads SecFilterScanPOST On # Action to take by default SecFilterDefaultAction "deny,log,status:400" # # ## ## ## ## ## ## ## ## ## # # ## ## ## ## ## ## ## ## ## # Require Content-Length to be provided with # every POST request SecFilterSelective REQUEST_METHOD "^POST$" chain SecFilterSelective HTTP_Content-Length "^$" # Don't accept transfer encodings we know we don't handle # (and you don't need it anyway) SecFilterSelective HTTP_Transfer-Encoding "!^$" # my own rules SecFilter "\/var\/tmp" SecFilter "command=cd" SecFilter "\/etc\/passwd" SecFilter "rootDir" SecFilterSelective THE_REQUEST "/etc/passwd" SecFilterSelective THE_REQUEST "/etc/shadow" SecFilterSelective THE_REQUEST "cd /var/spool " SecFilterSelective THE_REQUEST "cd /dev/shm " SecFilterSelective THE_REQUEST "cd /dev " SecFilterSelective THE_REQUEST "cd shm " SecFilter "/dev/shm" SecFilterSelective THE_REQUEST "/usr/bin/id" SecFilterSelective THE_REQUEST "/bin/kill" SecFilterSelective THE_REQUEST "/usr/bin/gcc" SecFilterSelective THE_REQUEST "/usr/bin/cc" SecFilterSelective THE_REQUEST "/usr/bin/g\+\+" SecFilterSelective THE_REQUEST "/bin/ping" SecFilterSelective THE_REQUEST "/bin/mail" SecFilterSelective THE_REQUEST "/bin/ls" SecFilterSelective THE_REQUEST "/usr/sbin/httpd" SecFilter "local_path" SecFilter "LOCAL_PATH" SecFilterSelective THE_REQUEST "rootDir" SecFilter "rootDir" SecFilterSelective REQUEST_URI "\.php\?act=(chmod&f\|cmd\|f&f=\|ls\|img&img=)" SecFilterSelective ARGS "/shell\.php\&cmd=" SecFilterSelective REQUEST_URI "Hacked.by.member.of.SCC" SecFilterSelective THE_REQUEST "/~(root\|ftp\|bin\|nobody\|named\|guest\|logs\|sshd)(/\S )? HTTP/(0\.9\|1\.[01])$" SecFilterSelective REQUEST_URI "/~(root\|ftp\|bin\|nobody\|named\|guest\|logs\|sshd)/ " secFilterSelective THE_REQUEST "cgitelnet" SecFilter "nstview\.php" SecFilterSelective THE_REQUEST "chmod\x20" SecFilterSelective THE_REQUEST "wget\x20" SecFilterSelective THE_REQUEST "uname\x20-a" # methods of downloading files to a server SecFilterSelective THE_REQUEST "wget " SecFilterSelective THE_REQUEST "\.cgi" chain SecFilterSelective THE_REQUEST "lynx " SecFilterSelective THE_REQUEST "Fhome" SecFilterSelective THE_REQUEST "ftp " SecFilterSelective THE_REQUEST "php?phpinfo" SecFilterSelective THE_REQUEST "php?phpini" SecFilterSelective THE_REQUEST "php?mem" SecFilterSelective THE_REQUEST "php?cpu" SecFilterSelective THE_REQUEST "php?users" SecFilterSelective THE_REQUEST "php?tmp" SecFilterSelective THE_REQUEST "php?delete" SecFilterSelective THE_REQUEST "curl " SecFilterSelective THE_REQUEST "ssh " SecFilterSelective THE_REQUEST "echo " SecFilterSelective THE_REQUEST "links -dump " SecFilterSelective THE_REQUEST "links -dump-charset " SecFilterSelective THE_REQUEST "links -dump-width " SecFilterSelective THE_REQUEST "links http:// " SecFilterSelective THE_REQUEST "links ftp:// " SecFilterSelective THE_REQUEST "links -source " SecFilterSelective THE_REQUEST "mkdir " SecFilterSelective THE_REQUEST "cd /tmp " SecFilterSelective THE_REQUEST "cd /var/tmp " SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy " SecFilterSelective THE_REQUEST "/config.php?v=1&DIR " SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php " SecFilterSelective THE_REQUEST "cmd=cd\x20/var " secfilterSelective THE_REQUEST "HCL_path=http " SecFilterSelective THE_REQUEST "clamav-partial " SecFilterSelective THE_REQUEST "vi\.recover " SecFilterSelective THE_REQUEST "netenberg " SecFilterSelective THE_REQUEST "psybnc " SecFilterSelective THE_REQUEST "fantastico_de_luxe " SecFilterSelective THE_REQUEST "2Fpublic_html&" SecFilterSelective THE_REQUEST ".htaccess" SecFilterSelective THE_REQUEST "c99sh_datapipe.pl" SecFilterSelective THE_REQUEST "listDBs" SecFilterSelective THE_REQUEST "%2home%2" SecFilterSelective THE_REQUEST "%2home%" SecFilterSelective THE_REQUEST "%home%" SecFilterSelective THE_REQUEST "%home" SecFilterSelective THE_REQUEST "home%" SecFilterSelective THE_REQUEST "%2Fhome%2" SecFilterSelective THE_REQUEST "%2Fhome%" SecFilterSelective THE_REQUEST "%Fhome%" SecFilterSelective THE_REQUEST "%Fhome" SecFilterSelective THE_REQUEST "Fhome%" SecFilterSelective THE_REQUEST "2Fpublic_html&" SecFilterSelective THE_REQUEST "/etc/" SecFilterSelective THE_REQUEST "cd " # WEB-PHP phpbb quick-reply.php arbitrary command attempt SecFilterSelective POST_PAYLOAD "wget " SecFilterSelective POST_PAYLOAD "lynx " SecFilterSelective POST_PAYLOAD "Fhome" SecFilterSelective POST_PAYLOAD "curl " SecFilterSelective POST_PAYLOAD "ssh " SecFilterSelective POST_PAYLOAD "echo " SecFilterSelective POST_PAYLOAD "links -dump " SecFilterSelective POST_PAYLOAD "links -dump-charset " SecFilterSelective POST_PAYLOAD "links -dump-width " SecFilterSelective POST_PAYLOAD "links http:// " SecFilterSelective POST_PAYLOAD "links ftp:// " SecFilterSelective POST_PAYLOAD "links -source " SecFilterSelective POST_PAYLOAD "mkdir " SecFilterSelective POST_PAYLOAD "cd /tmp " SecFilterSelective POST_PAYLOAD "cd /var/tmp " SecFilterSelective POST_PAYLOAD "cmd=cd\x20/var " SecFilterSelective POST_PAYLOAD "HCL_path=http " SecFilterSelective POST_PAYLOAD "clamav-partial " SecFilterSelective POST_PAYLOAD "vi\.recover " SecFilterSelective POST_PAYLOAD "netenberg " SecFilterSelective POST_PAYLOAD "psybnc " SecFilterSelective POST_PAYLOAD "fantastico_de_luxe " SecFilterSelective POST_PAYLOAD ".htaccess" SecFilterSelective POST_PAYLOAD "c99sh_datapipe.pl" SecFilterSelective POST_PAYLOAD "listDBs" SecFilterSelective POST_PAYLOAD "%2home%2" SecFilterSelective POST_PAYLOAD "%2home%" SecFilterSelective POST_PAYLOAD "%home%" SecFilterSelective POST_PAYLOAD "%home" SecFilterSelective POST_PAYLOAD "home%" SecFilterSelective POST_PAYLOAD "%2Fhome%2" SecFilterSelective POST_PAYLOAD "%2Fhome%" SecFilterSelective POST_PAYLOAD "%Fhome%" SecFilterSelective POST_PAYLOAD "%Fhome" SecFilterSelective POST_PAYLOAD "Fhome%" SecFilterSelective POST_PAYLOAD "2Fpublic_html&" SecFilterSelective POST_PAYLOAD "/etc/" SecFilterSelective POST_PAYLOAD "SHOW DATABASES " SecFilterSelective THE_REQUEST "/~root" SecFilterSelective THE_REQUEST "/~ftp" SecFilterSelective THE_REQUEST "/htgrep" chain SecFilterSelective THE_REQUEST "/htgrep" log,pass SecFilterSelective THE_REQUEST "/\.history" SecFilterSelective THE_REQUEST "/\.bash_history" SecFilterSelective THE_REQUEST "/~nobody" SecFilterSelective THE_REQUEST "psybnc" SecFilterSelective THE_REQUEST "dir=http" SecFilterSelective THE_REQUEST "\?STRENGUR" SecFilterSelective THE_REQUEST "/etc/motd" SecFilterSelective THE_REQUEST "/etc/passwd" SecFilterSelective THE_REQUEST "conf/httpd\.conf" </IfModule>

Mustafa Albazy · #7 18-08-2008, 01:34 PM

بست هوست

القوانين هاذي جيدة ولكن عيبها أنها منحصرة على أشياء محددة (حسب ما قريتها على السريع )

best-7ost.com · #8 18-08-2008, 01:34 PM

إقتباس:

اقتباس من مشاركة IrIsH

	هههههه والله الدعوى جت في مكانها توني خاطب من أسبوع , أن شاء الله تنفعك القوانين

الف مبرووك وين الفرح انا معزووم ولا لا >>>>>>>>>>>>>وش يبي ذا سوا معرفة

best-7ost.com · #9 18-08-2008, 01:35 PM

إقتباس:

اقتباس من مشاركة IrIsH

	بس هوست القوانين هاذي جيدة ولكن عيبها أنها منحصرة على أشياء محددة (حسب ما قريتها على السريع )