Web Hosting Geeks | Web Hosting Experts
Need help? Call us 1(866)TOP-HOST

14318 reviews 1707 hosting providers

Questions & Answers

Blocking post text strings with mod security

Oct 8, 2013 by rooby
Hi all
I have installed the mod sec on my cPanel server. I also installed common rules on my cPanel server.  Now I need to be able to block a defacement bot . This bit is currently  modifying  the files through an unknown defect in a file. An identifying section of script appends to some files with the text string "b88007"

so I want to block this string  in the query URLs with the mod security used for interim measure . can anyone please help me achieve this?
Thanks all

1 Answer

0 votes
Oct 8, 2013 by TopNet
Add this code to your modsec config file:
SecRule REQUEST_METHOD "post" "deny,chain,status:500,id:9379635"
SecRule REQUEST_HEADERS " b88007"

To later track this run 'stat' on a modified file. Using the change and modify times find the times in the access log (domlog). This will deny any POST request with that string