URL injections information

URL Injection attacks typically mean the server for which the IP address of the attacker is bound is a compromised server.
Please check the server behind the IP address above for suspicious files in /tmp, /var/tmp, /dev/shm, along with checking the process tree (ps -efl or ps -auwx).
You may also want to check out http://www.chkrootkit.org/ and http://www.rootkit.nl/ as tools which should be used in addition to checking the directories and process tree.
Please use "ls -lab" for checking directories as sometimes compromised servers will have hidden files that a regular "ls" will not show.
(see http://en.wikipedia.org/wiki/Remote_File_Inclusion )

1) Installing some apache modules like mod_security and configuring it to prevent $GET requests (this is what happened from your server this time).
2) In order to prevent URL injection you can also :
# Turn off fopen url wrappers
# Disable wget / fetch / lynx binaries
3) Make use of all the utilities provided to you in the Security section of your WHM
4) You can also follow the steps outlined at : http://www.topwebhosts.org/tools/apf-bfd-ddos-rootkit.php
5) Schedule regular security audits on a timely basis - either monthly or weekly - where you can run chkrootkit and rkhunter and scan for vulnerabilities.

Hjalp dette svar dig?

 Print denne artikel

Læs også

What does MALWARE mean?

For the Wikipedia definition of Malware, please see http://en.wikipedia.org/wiki/MalwareMalware...

DoS: looking at open connections

Here is a command line to run on your server if you think your server is under attack. It prints...

Chrootkit help

SSH as admin to your server. DO NOT use telnet, it should be disabled anyways.#Change to rootsu...

My server has been blocked by Abuse. What do I do?

Generally the abuse department will not block your server unless one of the following...

Brute Force Detection

BFD -- Brute Force Detection BFD is a shell script which parses security logs and detects...