Portal Home > Knowledgebase > Articles Database > Tracking down URL Injection
Tracking down URL Injection
Posted by Mark Muyskens, 06-30-2010, 07:13 PM |
Hey,
I have a server here that seems to be trying to URL inject an external domain.
Here's a log from THERE end;
Where externaldomain.com is there domain, and 0.0.0.0 is our servers IP.
Any ideas to assist with tracking this down would be appreciated.
Thanks!
|
Posted by VIPoint, 07-01-2010, 02:05 AM |
Hi,
You need to disable hot-link protection for your websites.
If you are using cPanel then you can disable this using the cPanel control panel >> Security center>> hotlink protection.
|
Posted by webhostreview, 07-01-2010, 05:07 AM |
You should install ModSec to the server. It easy to use.
|
Posted by khunj, 07-01-2010, 06:55 AM |
This is an attempt to get a shell through local file inclusion.
A simple mod_rewrite rule is enough to get rid of it.
|
Posted by spykee, 07-01-2010, 11:04 AM |
Yes, mod_security should help you. Also, disable PHP functions that are not in use, like - exec(), shell_exec() & etc.
|
Posted by david510, 07-01-2010, 03:08 PM |
You can prevent this by adding this rule to the modsec
|
Posted by brianoz, 07-01-2010, 11:40 PM |
Good idea to install both mod_security and CSF firewall. CSF can take repeated mod_security hits and just block the site in the firewall completely, and it does it automatically.
This does require a Unixy host of course!
|
Add to Favourites Print this Article
Also Read