| Author |
Message |
newbie
Regular
Joined: May 03, 2004
Posts: 62
Location: USA
|
 Posted:
Sat May 15, 2004 12:04 am |
|
Hi Everyone,
I may be getting in over my head ... but the spark has been lit and now I want to learn MORE!!!
I've been reading alot of stuff on development and would like to start playing a bit. I've already got the local web server stuff ... but there are apps and stuff that require compilation that I'm LOST with.
For instance, there is a cool "Mod Secure" thing "Mod_Security-1.7" that is built for Apache and has about 1,000 different scripts in it ... sql injection, url decoding, cookie stuff ... a whole lot of things that I probably don't need, but I would like to learn how. He says it's "easy" to install 
NOT ... at least not to me. Here's a bit of instructions:
| Quote: |
ModSecurity is an open source intrusion detection and
prevention engine for web applications. It operates embedded
into the web server, acting as a powerful umbrella - shielding
web applications from attacks.
Compiling the module as a dynamic library is easy. Go to
the folder that contains the source code for your Apache
branch, and type the following:
apxs -cia mod_security.c
apachectl stop
apachectl start
Of course, now you need to add mod_security specific
directives to make it do something. Take a look at files
httpd.conf.example-minimal or httpd.conf.example-full to
get some idea of that to do. Or even better, read the manual.
Apache 1.x static compilation
-----------------------------
To compile the module into the body of the web server do
the following:
1. Copy the file mod_security.c to /src/modules/extra
2. Configure Apache distribution with two additional
configuration options:
--activate-module=src/modules/extra/mod_security
--–enable-module=securit
3. Compile and install as usual |
I have NO idea what that means. I only know how to FTP things into directories ... so I'm lost as to "compiling".
Someone mentioned the "GNU Autotools" ... but thought I'd ask around to see if anyone has any opinions, ideas or recommendations?
Thanks! |
| |
|
   
  |
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2496
|
| Posted:
Sat May 15, 2004 7:00 am |
|
Yeah there are a lot of those neat Apache toys that don't have binaries for windows. I kind of gave up on the ones that don't. But most likely http://www.mingw.org/msys.shtml
would do the job.
But I'm not a C guy so you'll have to find one of those for help with that. |
| |
|
|
|
|
newbie
|
| Posted:
Sat May 15, 2004 7:30 am |
|
Hi Six,
Thanks for the reply. I haven't yet tried any that don't have binaries ... but there are soooo many cool looking "toys" that I'm really tempted now.
I just don't have any idea where to begin! Thanks for the link ... headed that way now!
The hunt is on |
| |
|
|
|
|
sixonetonoffun
|
| Posted:
Sat May 15, 2004 7:46 am |
|
|
|
|
|
newbie
|
| Posted:
Sat May 15, 2004 8:13 am |
|
Awww Shoot!
Leads to a 404 page.
Sounds good though. Protector does a good job of blocking people who hammer the site, but it lets them back in ... I have several instances of people hitting the pages OVER and over again and getting locked out for 999 seconds and then coming back and doing it 5, 10 and 15 times again!!!! And the weird thing about it is that since I got hacked those two times 3 weeks ago, I have put NO content back in the Nuke portion yet. I've decided to beef up the security first and then readd my content.
And even with NO content ... at any time I can log in and see 4 or 5 guests there ... for 30, 40 minutes and sometimes over an hour!
What in the world are they looking at in the nuke area for over an hour?! |
| |
|
|
|
|
sixonetonoffun
|
| Posted:
Sat May 15, 2004 8:25 am |
|
Probably just spyders or something try looking up the ip for fun |
| |
|
|
|
|
newbie
|
| Posted:
Sat May 15, 2004 8:33 am |
|
Yeah,
It gives me their IP and stuff and I've excluded most of the search engines. But these are the same ip's who get tossed for hammering and come right back. I'm still getting at least 3 or 4 hackalert notifications a day.
I thought it would have slowed by now. |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sat May 15, 2004 11:26 am |
|
Try renaming the hack script to something that only you know. That should retard those on file |
| |
|
|
|
|
newbie
|
| Posted:
Sat May 15, 2004 12:03 pm |
|
| Raven wrote: | | Try renaming the hack script to something that only you know. That should retard those on file |
Thanks Raven,
Will give that a shot.
Also ... just updated the hackalert script per a post in here to:
Code:// Raven http://ravenphpscripts.com
$queryString = strtolower($_SERVER['QUERY_STRING']);
if (stristr($checkurl,'%20union%20') or
strstr($checkurl,'eCcgVU5JT04gU0VMRUNUIDEvKjox') or
strstr($checkurl,'/*')) {
$loc = $_SERVER['QUERY_STRING'];
header("Location: hackattempt.php?$loc");
die();
|
I received SOOOOO many notifications of people hitting the hackalert script one day (one of the kiddies didn't hide his referral info and I traced it to a post in a "kiddie forum" where they'd posted a direct sql injection method to MY site!!!) that I've now set the hackattempt.php to redirect to www.fbi.gov as well as reporting it.
It's kind'a cool ... because it carries over the url to the FBI site ... so it looks like they're trying to hack the FBI 
I'm very, very glad I found you all when I did! Wish it'd been about a week earlier... it would have saved me a major headache.
But yet, the learning experience is invaluable.
Take care!
Darla |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
