NYCPHP Meetup

NYPHP.org

[nycphp-talk] UPDATE: Bypassing Registration forms on vBulletin forums ...

sbeam sbeam at onsetcorps.net
Tue Nov 25 10:32:49 EST 2008


On Monday 24 November 2008 22:29, mikesz at qualityadvantages.com wrote:
> Any comments on possible ways to detect and/or redirect and/or prevent
> automated hacker tools like this from hijacking your site?

one option: assuming you have root and use Apache, you could setup 
mod_security
http://www.onlamp.com/pub/a/apache/2003/11/26/mod_security.html
http://www.modsecurity.org/projects/modsecurity/apache/index.html

and most competent shared hosts will have this installed already. It will 
block most automated and/or common attacks. As with any security measure, 
sometimes it can be a PITA due to false positives, and it is only one part of 
a good defense. But I wouldn't run any non-trusted PHP code on a public 
server without it, if your host doesn't use it get one who does.




More information about the talk mailing list