من هی میخوام شرکت نکنم تو این بحثا نمیزارید !
از کی تاحالا به گذاشتن چند تا rule (حالا 300 تا) میگن امن کردن ؟
میدونید تک تک rule هاتون به سادگی آب خوردن میتونن Bypass بشن ؟
میدونید با mod_security فقط میتونید http header هایی رو که به سمت سرور فرستاده میشه رو فیلتر کرد و فقظ هکر اگر method رو عوض کنه دیگه تمامی این rule های شما بی فایده میشه ؟
این کاری که شما میکنید اصلا بهش امن کردن نمیگن !!!
و همچنان معتقدم هیچ گونه مطالعه و علمی نسبت به حرفایی که میزنید ندارید !
( این جمله ایتون رو هم که BOLD کردم اگه یکی بفهمه کلی میخنده، ای کاش نمینوشتی ! )
A sample attack
As an example of an attack that allows privilege escalation, imagine that an attacker was able to successfully exploit a bug in an FTP server daemon that would allow him to run commands of his choice as the root user. A smart attacker who wanted to gain full interactive shell access to the system could add a second user with root privileges by executing the following:
useradd -u 0 -g 0 -G 1,2,3,4,6,10 -o -M root2
The above adds a new user named root2, and sets its user ID (uid) and group ID (gid) to 0. Since uid 0 and gid 0 are associated with the root user, this creates a second root account. If the attacker is successful in executing the command he will have a shiny new root account waiting for him. There is only one problem—the account is disabled and doesn't have a password set for it. To set a password for an account you would normally use the Linux passwd command, however this requires that the new password is input at the command line—something which the attacker doesn't have access to yet. He can however use the expect command to work around this problem. Expect is a tool that allows programmatic simulation of keyboard interaction. In this case, an attacker can use it to add a password by having expect simulate typing the password in when passwd prompts for it. A simple shell script is all that is needed:
#!/usr/bin/expect
spawn passwd root2
expect "password:"
send "newpassword\r"
expect "password:"
send "newpassword\r"
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009 Download at WoweBook.Com
The above shell script, when executed, changes the password of the user account root2 to "newpassword". An attacker can easily create this seven-line script using the echo command and then execute the script. After it runs, he can log in via SSH using the credentials root2/newpassword and will have complete control of the system.
This attack illustrates why a chroot jail can be very beneficial as a way to protect server processes with potential security flaws. The attack was made possible because several things helped the attacker gain control of the system:
The initial exploit in the FTP server gave the attacker a way to execute arbitrary commands on the system
The ability of the attacker to execute the programs useradd, passwd, and expect made it possible for him to add a second root account and gain full interactive shell access to the system
The initial flaw can be hard to protect against—even the most well-written software packages can suffer from vulnerabilities that end up packaged as a "zero-day exploit". This is an exploit that is traded in the underground community and the name refers to the fact that the exploit code is available before any patch or knowledge of the vulnerability has been widely circulated.
لطفا به این سند من پاسخ بدید
من بی مطالعه هستم
بی سواد هستم
شما smart hacker هستی