URL injections information

URL Injection attacks typically mean the server for which the IP address of the attacker is bound is a compromised server.
Please check the server behind the IP address above for suspicious files in /tmp, /var/tmp, /dev/shm, along with checking the process tree (ps -efl or ps -auwx).
You may also want to check out http://www.chkrootkit.org/ and http://www.rootkit.nl/ as tools which should be used in addition to checking the directories and process tree.
Please use "ls -lab" for checking directories as sometimes compromised servers will have hidden files that a regular "ls" will not show.
(see http://en.wikipedia.org/wiki/Remote_File_Inclusion )

1) Installing some apache modules like mod_security and configuring it to prevent $GET requests (this is what happened from your server this time).
2) In order to prevent URL injection you can also :
# Turn off fopen url wrappers
# Disable wget / fetch / lynx binaries
3) Make use of all the utilities provided to you in the Security section of your WHM
4) You can also follow the steps outlined at : http://www.topwebhosts.org/tools/apf-bfd-ddos-rootkit.php
5) Schedule regular security audits on a timely basis - either monthly or weekly - where you can run chkrootkit and rkhunter and scan for vulnerabilities.

آیا این پاسخ به شما کمک کرد؟

 پرینت این مقاله

در همین زمینه

What does MALWARE mean?

For the Wikipedia definition of Malware, please see http://en.wikipedia.org/wiki/MalwareMalware...

Brute Force Detection

BFD -- Brute Force Detection BFD is a shell script which parses security logs and detects...

What is a DMCA and how do I file one?

The Digital Millennium Copyright Act (DMCA) is a United States copyright law that implements two...

SPAM

What is Spam? Would you like to... Print this pagePrint this page Email this pageEmail this...

Chrootkit help

SSH as admin to your server. DO NOT use telnet, it should be disabled anyways.#Change to rootsu...