CERIAS Weblogs » Using mod_security to block PHP injection attacks

[topcap]

Ed Finkler

Ed Finkler is the Web and Security Archive Administrator for CERIAS. He is a member of the PHP Security Consortium, and on better days thinks of himself as an expert in web application security and interface design.

Author XML Feeds

Search

[bottomcap]
May 19th, 2006 by Ed Finkler in Secure IT Practices

mod_security is an essential tool for securing any apache-based hosting environment. The Pathfinder High Performance Infrastructure blog has posted a good starter piece on using mod_security to block email injections.

One of the more common problems with PHP-based applications is that they can allow the injection of malicious content, such as SQL or email spam. In some cases we find that over 95% of a client’s ISP traffic is coming from spam injection. The solution? Grab an industrial size helping of Apache mod_security.

BTW, Ivan Ristic’s (the developer of mod_security) Web Security Blog is well worth a spot in your blogroll.

(Edit: fixed title. Duh.)

Tags for this post: , , , , ,
Related posts:

del.icio.us »

2 Responses to “Using mod_security to block PHP injection attacks”

  1. Anonymous Says:
    May 22nd, 2006 at 7:57 pm

    The title of this article should be changed…. mod_apache?

  2. Ed Finkler Says:
    May 23rd, 2006 at 9:16 am

    durrr…..

Leave a Reply

« Re: Security Absurdity
Reporting Vulnerabilities is for the Brave »