CSPF has developed modsecurity rules that can protect servers from malicious hackers. This is written by Mr. Manish Tanwar & Mr. Suriya Prakash
Though OWASP CRS covers a lot of vulnerabilities it does not protect against most backdoor’s and latest bypasses.
The other rules sets that are available are commercial in nature. So CSPF is developing a growing set of rules to protect against the latest bypasses and backdoors and releasing them publicly for all to use.
The rules that we have provided can be easily expanded manually to suit your own needs.
The video below will show how to enable these rules and also show a small demo of their functions.
The mod-security rules can be downloaded here:
The rules are currently able to:
- Block Sensitive Files/Folders from being Accessed
- Block b374k shell variants.
- Block some common well known shells
- Disables directory listing and phpinfo
- Block SQL Injection
- Normal SQL Injection
- Blind and Time Based SQL injection
- All types of SQLi
How to use it?
Install Modsecurity.
Place the custom rules in a file
eg:/etc/httpd/msec/created/cus.conf
then edit httpd.conf or apache.conf (Depends on OS)
eg:/etc/httpd/conf/httpd.conf
add the lines like this:
==============================================
<IfModule security2_module>
include msec/modsecuritydefault.conf
include msec/created/cus.conf
</IfModule>
==============================================
Then restart the server.
——————————————————————————————–
Files:
Usage Video:
https://drive.google.com/file/d/0BwjcnnWhy4E3UkZwckV1UGM0SE0/view?usp=sharing
Custom Modsecurity Rule:
https://drive.google.com/file/d/0BwjcnnWhy4E3R1Y5T3ozTTJsS1k/view?usp=sharing
Custom Modsecurity Rules(Windows View):
https://drive.google.com/file/d/0BwjcnnWhy4E3cDhqWDQwbURMN0k/view?usp=sharing