URL injections information

URL Injection attacks typically mean the server for which the IP address of the attacker is bound is a compromised server.
Please check the server behind the IP address above for suspicious files in /tmp, /var/tmp, /dev/shm, along with checking the process tree (ps -efl or ps -auwx).
You may also want to check out http://www.chkrootkit.org/ and http://www.rootkit.nl/ as tools which should be used in addition to checking the directories and process tree.
Please use "ls -lab" for checking directories as sometimes compromised servers will have hidden files that a regular "ls" will not show.
(see http://en.wikipedia.org/wiki/Remote_File_Inclusion )

1) Installing some apache modules like mod_security and configuring it to prevent $GET requests (this is what happened from your server this time).
2) In order to prevent URL injection you can also :
# Turn off fopen url wrappers
# Disable wget / fetch / lynx binaries
3) Make use of all the utilities provided to you in the Security section of your WHM
4) You can also follow the steps outlined at : http://www.topwebhosts.org/tools/apf-bfd-ddos-rootkit.php
5) Schedule regular security audits on a timely basis - either monthly or weekly - where you can run chkrootkit and rkhunter and scan for vulnerabilities.

Помог ли вам данный ответ?

 Распечатать статью

Также читают

Brute Force Detection

BFD -- Brute Force Detection BFD is a shell script which parses security logs and detects...

SPAM

What is Spam? Would you like to... Print this pagePrint this page Email this pageEmail this...

What does MALWARE mean?

For the Wikipedia definition of Malware, please see http://en.wikipedia.org/wiki/MalwareMalware...

My server has been blocked by Abuse. What do I do?

Generally the abuse department will not block your server unless one of the following...

Chrootkit help

SSH as admin to your server. DO NOT use telnet, it should be disabled anyways.#Change to rootsu...