URL injections information

URL Injection attacks typically mean the server for which the IP address of the attacker is bound is a compromised server.
Please check the server behind the IP address above for suspicious files in /tmp, /var/tmp, /dev/shm, along with checking the process tree (ps -efl or ps -auwx).
You may also want to check out http://www.chkrootkit.org/ and http://www.rootkit.nl/ as tools which should be used in addition to checking the directories and process tree.
Please use "ls -lab" for checking directories as sometimes compromised servers will have hidden files that a regular "ls" will not show.
(see http://en.wikipedia.org/wiki/Remote_File_Inclusion )

1) Installing some apache modules like mod_security and configuring it to prevent $GET requests (this is what happened from your server this time).
2) In order to prevent URL injection you can also :
# Turn off fopen url wrappers
# Disable wget / fetch / lynx binaries
3) Make use of all the utilities provided to you in the Security section of your WHM
4) You can also follow the steps outlined at : http://www.topwebhosts.org/tools/apf-bfd-ddos-rootkit.php
5) Schedule regular security audits on a timely basis - either monthly or weekly - where you can run chkrootkit and rkhunter and scan for vulnerabilities.

War diese Antwort hilfreich?

 Artikel drucken

Lesen Sie auch

What does MALWARE mean?

For the Wikipedia definition of Malware, please see http://en.wikipedia.org/wiki/MalwareMalware...

SPAM

What is Spam? Would you like to... Print this pagePrint this page Email this pageEmail this...

What is a DMCA and how do I file one?

The Digital Millennium Copyright Act (DMCA) is a United States copyright law that implements two...

Brute Force Detection

BFD -- Brute Force Detection BFD is a shell script which parses security logs and detects...

Rootkit help

RootKit -- Spyware and Junkware detection and removal toolGo to Rootkit Hunter homepage, and...