Results 1 to 2 of 2
  1. #1

    Mod_Security Notification Problem

    hi there

    i have server and it contain sites ( 1 , 2 , 3 ) i have a problem in Mod_security notification if someone tried to use ( file inclusion exploit ).

    i put this in the httpd.conf

    #SecFilterDefaultAction "deny,log,exec:/home/1/public_html/cgi-bin/re.cgi,redirect:"
    i used this CGI script

    $subject = "[mod_security] Web attack";
    $sendmail = "/usr/lib/sendmail -t";
    $to = "myemail\";
    $body = "";
    foreach $var (sort(keys(%ENV))) {
         $val = $ENV{$var};
         $val =~ s|\n|\\n|g;
         $val =~ s|"|\\"|g;
         $body = $body . "${var}=\"${val}\"\n";
         #print "${var}=\"${val}\"\n";
    open(EMAIL, "|$sendmail");
    print EMAIL "To: $to\n";
    print EMAIL "Subject: $subject\n";
    print EMAIL "Content-Type: text/plain\n\n";
    print EMAIL $body;

    if i tried to do the exploit on domain ( 1 ) i get email telling me that someone tried to do that exploit.

    BUT .......

    the real problem that if someone tried to do an exploit on the rest domain ( 2 or 3 ) i dont get any email from the server.

    is there any way to let the code work for all the domains in the server ( 1 and 2 and 3 ).

    waitting for a help guys.


  2. #2
    My guess is that you've foolishly made site #1 the global server DocumentRoot and put your two other sites in VirtualHost. If that's the case, add your mod_security directives to the <VirtualHost __default__:*></VirtualHost> section.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts