Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Pathfinder Blog:
PHP Spam Injection First Aid with Apache ModSecurity
May 18, 2006 @ 11:28:32

This new post from the Pathfinder blog takes a look at something a lot of sites overlook until it's too late - malicious injection attacks have started and there's only a few ways to deal with the problem:

Our first reaction is to pull the plug, analyze, and rebuild a secure and scalable solution. But pulling the plug is usually not an option. If a company relies on an application for leads or sales, they probably can't afford to shut it down for any length of time. Under these circumstances, triage is usually the best one can hope for.

Fortunately, there are a few things one can do to stem the bleeding. One of the more common problems with PHP-based applications is that they can allow the injection of malicious content, such as SQL or email spam. The solution? Grab an industrial size helping of Apache mod_security.

The post goes on to detail what mod_security is and how it can help - including how to enable it, Apache directives to configure it, and some examples of filter settings to apply.

tagged: apache mod_security injection attack rules tutorial apache mod_security injection attack rules tutorial

Link:

Pathfinder Blog:
PHP Spam Injection First Aid with Apache ModSecurity
May 18, 2006 @ 11:28:32

This new post from the Pathfinder blog takes a look at something a lot of sites overlook until it's too late - malicious injection attacks have started and there's only a few ways to deal with the problem:

Our first reaction is to pull the plug, analyze, and rebuild a secure and scalable solution. But pulling the plug is usually not an option. If a company relies on an application for leads or sales, they probably can't afford to shut it down for any length of time. Under these circumstances, triage is usually the best one can hope for.

Fortunately, there are a few things one can do to stem the bleeding. One of the more common problems with PHP-based applications is that they can allow the injection of malicious content, such as SQL or email spam. The solution? Grab an industrial size helping of Apache mod_security.

The post goes on to detail what mod_security is and how it can help - including how to enable it, Apache directives to configure it, and some examples of filter settings to apply.

tagged: apache mod_security injection attack rules tutorial apache mod_security injection attack rules tutorial

Link:


Trending Topics: