NeBaut.net
The Corner Shop
mod_rewrite, mod_alias y mod_setenvif
~# cat /etc/apache/conf.d/redirect.conf
<IfModule mod_alias.c>
RedirectMatch permanent (.*)cmd.exe(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)root.exe(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)default.ida(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/_vti_(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/MSOffice\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/scripts\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/msadc\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/MSADC\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/x90\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)awstats(.*)$ http://www.fbi.gov
RedirectMatch permanent (.*)(phpmyadmin|phpMyAdmin)(.*)$ http://www.fbi.gov
RedirectMatch permanent (.*)(amember|payment|linkpoint)(.*)$ http://www.fbi.gov
RedirectMatch permanent (.*)(c99.|r57.)(.*)$ http://www.fbi.gov
RedirectMatch permanent (.*)(xmlrpc.php|firmwarecfg)$ http://www.fbi.gov
RedirectMatch permanent (.*)(main.php|readdump.phpmain.php|cmd.php)$ http://www.fbi.gov
RedirectMatch permanent ^/horde(.*)$ http://www.fbi.gov
RedirectMatch permanent (.*)mail\/\/README$ http://www.fbi.gov
RedirectMatch permanent (.*)\/chat\/(.*)$ http://www.fbi.gov
</IfModule>
SetEnvIf Request_URI (.*)cmd.exe(.*)$ attack
SetEnvIf Request_URI (.*)root.exe(.*)$ attack
SetEnvIf Request_URI (.*)default.ida(.*)$ attack
SetEnvIf Request_URI (.*)\/_vti_(.*)$ attack
SetEnvIf Request_URI (.*)\/scripts\/(.*)$ attack
SetEnvIf Request_URI (.*)\/_mem_bin\/(.*)$ attack
SetEnvIf Request_URI (.*)\/msadc\/(.*)$ attack
SetEnvIf Request_URI (.*)\/MSADC\/(.*)$ attack
SetEnvIf Request_URI (.*)\/c\/winnt\/(.*)$ attack
SetEnvIf Request_URI (.*)\/d\/winnt\/(.*)$ attack
SetEnvIf Request_URI (.*)\/x90\/(.*)$ attack
SetEnvIf Request_URI (.*)awstats(.*)$ attack
SetEnvIf Request_URI (.*)(phpmyadmin|phpMyAdmin)(.*)$ attack
SetEnvIf Request_URI (.*)(amember|payment|linkpoint)(.*)$ attack
SetEnvIf Request_URI (.*)(c99.|r57.)(.*)$ attack
SetEnvIf Request_URI (.*)(xmlrpc.php|firmwarecfg)$ attack
SetEnvIf Request_URI (.*)(main.php|readdump.phpmain.php|cmd.php)$ attack
SetEnvIf Request_URI ^/horde(.*)$ attack
SetEnvIf Request_URI (.*)mail\/\/README$ attack
SetEnvIf Request_URI (.*)\/chat\/(.*)$ attack
SetEnvIf User-Agent (.*)(libwww-perl|libwwwperl|curl|nikto|morfeus|pxyscand)(.*)$ attack
SetEnvIf Request_Method "(TRACE|DELETE|HEAD|SEARCH|CONNECT|OPTIONS)" attack
y en los vhost
...
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^(.*)(libwww-perl|libwwwperl|curl|nikto|morfeus|pxyscand)(.*) [NC,OR]
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|HEAD|SEARCH|CONNECT|OPTIONS) [NC]
RewriteRule .* http://www.fbi.gov [L,R=301]
ErrorLog /var/log/apache/error.log
CustomLog /var/log/apache/access.log combined env=!attack
CustomLog /var/log/apache/attacks.log combined env=attack
mod_rewrite
,
mod_alias
y
mod_setenvif
Aule
7:16 PM el 17 de Febrero 2008
|
enlace
Navigation
/home
/linux (7)
/seguridad (6)
/tools (7)
/unix (3)
/win32 (7)
Feeds
Bookmarks
Fotos
Acerca de
Reciente
Otra vez la virtualizacion y VMware
VMWare WebAccess y Firefox 3.6
Comandos basicos de Linux
Clubs
Firewall benchmarking
Carpetas de la biblioteca multimedia en Vista MCE
Varias sesiones concurrentes en Windows Vista
Validacion en PHP
Linksys WRT54GS (con DD-WRT v24-sp1) y 3Com Office Connect 812
Lo han vuelto hacer otra vez!! :(
Links
www.514.es
514
www.unsec.net
aramosf::personal corner
www.haxorcitos.com
HXR - Reversing Security
www.reversing.org
reversing.org |
www.sahw.com
Sergio Hernando
www.hacktimes.com
Where Information Meets Freedom
www.rs-labs.com
RoMaNSoFt's ReSe@rch Labs
plutontech.losplutonianos.net
Pluton Technologies
www.fr33project.org
fr33project
elladodelmal.blogspot.com
Un informatico en el lado del mal
blog.48bits.com
48Bits Blog
www.securitybydefault.com
Security By Default