التواصل المباشر مع الادارة والاعضاء القدامى من خلال قناة التلغرام



العودة   :: vBspiders Professional Network :: > [ ::. الـحـمـايـة ~ Security .:: ] > حمـــاية السيــرفرات والمواقـــع

إضافة رد
 
LinkBack أدوات الموضوع انواع عرض الموضوع
قديم 02-21-2009, 02:25 AM   رقم المشاركة : 1 (permalink)
معلومات العضو
BlueHacker
/[Security]\
 
الصورة الرمزية BlueHacker
 

 

 
إحصائية العضو








BlueHacker غير متواجد حالياً

إرسال رسالة عبر MSN إلى BlueHacker إرسال رسالة عبر Yahoo إلى BlueHacker

 

 

إحصائية الترشيح

عدد النقاط : 10
BlueHacker is on a distinguished road

.... اقوي و احدث رولز لـ mode security


السلام عليكم ورحمة الله وبركاتة

الان موعدنا مع رولز قويه و ممتازه من وجهه نظري المتواضعه ...

يمكنك استخدامها اي كانت مواصفات سيرفرك ...

تحميك من الشل و الكثير من الاشياء اكتشفها بنفسك ...

طريقة التركيب :

انصح بتركيب المود سيكيورتي المدمج مع الاباتشي من علي سيرفرك .

افتح الشل و قم بكتابه الامر التالي :

كود:
nano /usr/local/apache/conf/modsec2.user.conf
اذا كان بداخله اي محتويات قم بحذفها و انسخ التالي :

كود:
#fake server banner - NOYB used - no one needs to know what we are using
SecServerSignature "Modevps.com  security  Apache"

# Check *******-Length and reject all non numeric ones
SecRule REQUEST_HEADERS:*******-Length "!^\d+$" "deny,log,auditlog,msg:'*******-Length HTTP header is not numeric', severity:'2',id:'960016'"

# Do not accept GET or HEAD requests with bodies
SecRule REQUEST_METHOD "^(GET|HEAD)$" "chain,deny,log,auditlog,msg:'GET or HEAD requests with bodies', severity:'2',id:'960011'"
SecRule REQUEST_HEADERS:*******-Length "!^0?$"

# Require *******-Length to be provided with every POST request.
SecRule REQUEST_METHOD "^POST$" "chain,deny,log,auditlog,msg:'POST request must have a *******-Length header',id:'960012',severity:'4'"
SecRule &REQUEST_HEADERS:*******-Length "@eq 0"

# Don't accept transfer encodings we know we don't know how to handle
SecRule HTTP_Transfer-Encoding "!^$" "deny,log,auditlog,msg:'ModSecurity does not support transfer encodings',id:'960013',severity:'5'"

# Check decodings
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "@validateUrlEncoding" 
    "chain, deny,log,auditlog,msg:'URL Encoding Abuse Attack Attempt',id:'950107',severity:'4'"
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})"

# allow request methods
SecRule REQUEST_METHOD "!^((?:(?:POS|GE)T|OPTIONS|HEAD))$" 
    "phase:1,log,auditlog,msg:'Method is not allowed by policy', severity:'2',id:'960032'"

# Restricted HTTP headers 
SecRule REQUEST_HEADERS_NAMES "\.(?:Lock-Token|Translate|If)$" 
    "deny,log,auditlog,msg:'HTTP header is restricted by policy',id:'960038',severity:'4'"

# Session fixation
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "(?:\.معهد الحمايه العربىمعهد الحمايه العربىمعهد الحمايه العربىمعهد الحمايه العربىمعهد الحمايه العربىe\b.*?;\W*?(?:expires|domain)\W*?=|\b***********\W+set-معهد الحمايه العربىمعهد الحمايه العربىمعهد الحمايه العربىمعهد الحمايه العربىمعهد الحمايه العربىe\b)" 
        "capture,ctl:auditLogParts=+E,log,auditlog,msg:'Session Fixation. Matched signature <%{TX.0}>',id:'950009',severity:'2'"

# Basic rules with arbitrary command detection
SecRule REQUEST_URI "\.htgroup"
SecRule REQUEST_URI "\.htaccess"
SecRule REQUEST_URI "cd\.\."
SecRule REQUEST_URI "///cgi-bin"
SecRule REQUEST_URI "/cgi-bin///"
SecRule REQUEST_URI "/~root"
SecRule REQUEST_URI "/~ftp"
SecRule REQUEST_URI "/htgrep" chain
SecRule REQUEST_URI "/\.history"
SecRule REQUEST_URI "/\.bash_history"
SecRule REQUEST_URI "/~nobody"
SecRule REQUEST_URI "<script"
SecRule REQUEST_URI "psybnc"
SecRule REQUEST_URI "cmd=cd\x20/var"
SecRule REQUEST_URI "dir=http"
SecRule REQUEST_URI "\?STRENGUR"
SecRule REQUEST_URI "/etc/motd"
SecRule REQUEST_URI "/etc/passwd"
SecRule REQUEST_URI "conf/httpd\.conf"
SecRule REQUEST_URI "/bin/ps"
SecRule REQUEST_URI "bin/tclsh"
SecRule REQUEST_URI "tclsh8\x20"
SecRule REQUEST_URI "udp\.pl"
SecRule REQUEST_URI "linuxdaybot\.txt"
SecRule REQUEST_URI "wget\x20"
SecRule REQUEST_URI "bin/nasm"
SecRule REQUEST_URI "nasm\x20"
SecRule REQUEST_URI "/usr/bin/perl"
SecRule REQUEST_URI "links -dump "
SecRule REQUEST_URI "links -dump-(charset|width) "
SecRule REQUEST_URI "links (http|https|ftp)\:/"
SecRule REQUEST_URI "links -source "
SecRule REQUEST_URI "cd\x20/(tmp|var/tmp|etc/httpd/proxy|dev/shm)" 
SecRule REQUEST_URI "cd\.\." 
SecRule REQUEST_URI "///cgi-bin" 
SecRule REQUEST_URI "/cgi-bin///" 
SecRule REQUEST_URI "/~named(/| HTTP\/(0\.9|1\.0|1\.1)$)" 
SecRule REQUEST_URI "/~guest(/| HTTP\/(0\.9|1\.0|1\.1)$)" 
SecRule REQUEST_URI "/~logs(/| HTTP\/(0\.9|1\.0|1\.1)$)" 
SecRule REQUEST_URI "/~sshd(/| HTTP\/(0\.9|1\.0|1\.1)$)" 
SecRule REQUEST_URI "/~ftp(/| HTTP\/(0\.9|1\.0|1\.1)$)" 
SecRule REQUEST_URI "/~bin(/| HTTP\/(0\.9|1\.0|1\.1)$)" 
SecRule REQUEST_URI "/~nobody(/| HTTP\/(0\.9|1\.0|1\.1)$)"  
SecRule REQUEST_URI "/\.history HTTP\/(0\.9|1\.0|1\.1)$" 
SecRule REQUEST_URI "/\.bash_history HTTP\/(0\.9|1\.0|1\.1)$"
SecRule REQUEST_URI "lynx "
SecRule REQUEST_URI "Fhome"
SecRule REQUEST_URI "cvs"
SecRule REQUEST_URI "\.php\?phpinfo"
SecRule REQUEST_URI "\.php\?phpini"
SecRule REQUEST_URI "\.php\?mem"
SecRule REQUEST_URI "\.php\?cpu"
SecRule REQUEST_URI "\.php\?users"
SecRule REQUEST_URI "\.php\?tmp"
SecRule REQUEST_URI "\.php\?delete"
SecRule REQUEST_URI "curl "
SecRule REQUEST_URI "echo "
SecRule REQUEST_URI "links -dump-width "
SecRule REQUEST_URI "links http:// "
SecRule REQUEST_URI "links ftp:// "
SecRule REQUEST_URI "links -source "
SecRule REQUEST_URI "cd /tmp "
SecRule REQUEST_URI "cd /var/tmp "
SecRule REQUEST_URI "cd /etc/httpd/proxy "
SecRule REQUEST_URI "&highlight=%2527%252E "
SecRule REQUEST_URI "changedir=%2Ftmp%2F.php "
SecRule REQUEST_URI "arta\.zip "
SecRule REQUEST_URI "cmd=cd\x20/var "
SecRule REQUEST_URI "HCL_path=http "
SecRule REQUEST_URI "clamav-partial "
SecRule REQUEST_URI "vi\.recover "
SecRule REQUEST_URI "netenberg "
SecRule REQUEST_URI "psybnc "
SecRule REQUEST_URI "fantastico_de_luxe "
SecRule REQUEST_URI "2Fpublic_html&"
SecRule REQUEST_URI ".htaccess"
SecRule REQUEST_URI "c99sh_datapipe.pl"
SecRule REQUEST_URI "listDBs"
SecRule REQUEST_URI "%2home%2"
SecRule REQUEST_URI "%2home%"
SecRule REQUEST_URI "%home%"
SecRule REQUEST_URI "%home"
SecRule REQUEST_URI "home%"
SecRule REQUEST_URI "%2Fhome%2"
SecRule REQUEST_URI "%2Fhome%"
SecRule REQUEST_URI "%Fhome%"
SecRule REQUEST_URI "%Fhome"
SecRule REQUEST_URI "Fhome%"
SecRule REQUEST_URI "2Fpublic_html&"         
SecRule REQUEST_URI "/etc/"
SecRule REQUEST_URI "sqlman"
SecRule REQUEST_URI "act=security"         
SecRule REQUEST_URI "act=cmd"
SecRule REQUEST_URI "act=chmod"
SecRule REQUEST_URI "act=ls&d="
SecRule REQUEST_URI "act=f&f="
SecRule REQUEST_URI "act=sql"
SecRule REQUEST_URI "Bcc:" 
SecRule REQUEST_URI "Bcc:\x20" 
SecRule REQUEST_URI "cc:" 
SecRule REQUEST_URI "cc:\x20" 
SecRule REQUEST_URI "bcc:" 
SecRule REQUEST_URI "bcc:\x20" 
SecRule REQUEST_URI "bcc: " 
SecRule REQUEST_URI "cd "
#SecRule REQUEST_URI "id "

# Miscellaneous malicious requests 
# These rules can be very effective, however "general" rules such as the following 
# have issues with false positives in some environments. Comment out as needed. 

#XSS attempts for STYLE, VBSCRIPT, JAVASCRIPT, EXPRESSION, and XML 
SecRule REQUEST_URI "\<IMG.*/\bonerror\b[\s]*=/Ri" 
SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]text\/javascript/i" 
SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]application\/x-javascript/i" 
SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]text\/jscript/i" 
SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]text\/vbscript/i" 
SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]application\/x-vbscript/i" 
SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]text\/ecmascript/i" 
SecRule REQUEST_URI "STYLE[\s]*=[\s]*[^>]expression[\s]*\(/i" 
SecRule REQUEST_URI "[\s]*expression[\s]*\([^}]}[\s]*<\/STYLE>/i" 
SecRule REQUEST_URI "<!\[CDATA\[<\]\]>SCRIPT" 

# For deny Shells opening  
SecRule REQUEST_FILENAME "/(r57shell|TrYaG|TrYg|m0rtix|r0nin|c99shell|phpshell|sa3ekashell|crackit|c777|void\.ru|phpremoteview|directmail|bash_history|\.ru/|brute|c991)\.php" 
SecRule REQUEST_FILENAME "\.pl" 
SecRule REQUEST_FILENAME "perl .*\.pl(\s|\t)*\;" 
SecRule REQUEST_FILENAME "\;(\s|\t)*perl .*\.pl" 
SecRule RESPONSE_BODY "TrYaG" 
SecRule RESPONSE_BODY "shell" 
SecRule RESPONSE_BODY "Sniper" 
SecRule RESPONSE_BODY "SnIpEr_SA" 
SecRule RESPONSE_BODY "c99"  

بعد الانتهاء اضغط ctrl +x ثم y ثم enter

بعدها قم بتنفيذ الامر التالي :

كود:
httpd restart



hr,d , hp]e v,g. gJ mode security

   

رد مع اقتباس
إضافة رد

مواقع النشر (المفضلة)


تعليمات المشاركة
لا تستطيع إضافة مواضيع جديدة
لا تستطيع الرد على المواضيع
لا تستطيع إرفاق ملفات
لا تستطيع تعديل مشاركاتك

BB code is متاحة
كود [IMG] متاحة
كود HTML معطلة
Trackbacks are متاحة
Pingbacks are متاحة
Refbacks are متاحة

الانتقال السريع

المواضيع المتشابهه
الموضوع كاتب الموضوع المنتدى مشاركات آخر مشاركة
حصريا برنامج الحماية العملاق باصداريه Avast! AntiVirus Pro & Internet Security 5.0.677 Final فى احدث اصدارته على اكثر من سيرفر Prince-Of-Hacker حمـــاية الأجهــزة وانظمتـــها 7 10-17-2011 05:11 PM
اقوى اختراقاتنا للحد الساعة TeAm Security Eviles X-Sn4k3 Hackers Showoff 11 03-01-2010 06:48 PM
ما هي احدث او اقوى طريقة للتشفير حاليا ؟؟ storm جـــ'ابات العناكــ'ب 8 11-18-2009 02:14 PM


الساعة الآن 01:33 AM


[ vBspiders.Com Network ]

SEO by vBSEO 3.6.0