Posts

Showing posts from January, 2013

modsecurity configuration

-
    Disable modsec on certain ip address via .htaccess   SetEnvIfNoCase Remote_Addr ^202\.202\.202\.202$ MODSEC_ENABLE=Off     SetEnvIfNoCase Request_URI ^/images/upload\.php$ MODSEC_ENABLE=Off
Post a Comment
Read more

Finding web shells on compromised linux servers

-
Finding web backdoor shells (1) grep -RPn "(system|phpinfo|pcntl_exec|python_eval|base64_decode|gzip|mkdir|fopen|fclose|read file|passthru)" (2) Install GIT and download git clone ssh://git@github.com:Neohapsis/NeoPI.git (see the documentation) (3) grep -RPl --include=*.{php,txt,asp} "(passthru|shell_exec|system|phpinfo|base64_decode|chmod|mkdir|fopen|fclose|readfile) *\(" /var/www/ (4) grep -RPnDskip "(passthru|shell_exec|system|phpinfo|base64_decode|chmod|mkdir|fopen|fclose|readfile) *\(" public_html/ Other Useful Links
Post a Comment
Read more

maildrop allow domain

-
if (/^From: .*@conal\.com/) {         log "conal.com disable SPAM filtering"     to "$HOME/$DEFAULT" } if (/^From: .*@atl\.com/) {         log "atl.com disable SPAM filtering"     to "$HOME/$DEFAULT" }}
Post a Comment
Read more