[nycphp-talk] UPDATE: Bypassing Registration forms on vBulletin forums ...
sbeam
sbeam at onsetcorps.net
Tue Nov 25 10:32:49 EST 2008
On Monday 24 November 2008 22:29, mikesz at qualityadvantages.com wrote:
> Any comments on possible ways to detect and/or redirect and/or prevent
> automated hacker tools like this from hijacking your site?
one option: assuming you have root and use Apache, you could setup
mod_security
http://www.onlamp.com/pub/a/apache/2003/11/26/mod_security.html
http://www.modsecurity.org/projects/modsecurity/apache/index.html
and most competent shared hosts will have this installed already. It will
block most automated and/or common attacks. As with any security measure,
sometimes it can be a PITA due to false positives, and it is only one part of
a good defense. But I wouldn't run any non-trusted PHP code on a public
server without it, if your host doesn't use it get one who does.
More information about the talk
mailing list