What Is Mod AntiTamper (AT)
AntiTamper is an Apache 2.x module that could be used to prevent some sort of url and cookie tampering.
Specifically, AT could stop a lot of those malicious bots that take advantage from search engines. Moreover, attack techniques like HTTP Response Splitting and session hijacking/fixation will be mitigated.
Is important to notice that mod_anti_tamper is not an alternative to mod_security, which is more exaustive and useful for all web situations. AT could be a complement to mod_security.
- What is HMAC
HMAC is a validation algorithm to check the integrity of informations coupled with a secret password (more here).
AT will automatically generate a password and will save it in a ‘safe’ place (root owner with 600 mode).
How AT Works
AT is composed by two primary active components.
1. A filter for url links integrity check.
2. A filter for cookie integrity check.
Download mod_anti_tamper here:
Or read more here.
Recent in Countermeasures:
- AxCrypt – Open Source Windows File Encryption Software
- Smooth-Sec – IDS/IPS (Intrusion Detection/Prevention System) In A Box
- HoneyDrive Desktop v0.2 Released – Honeypot LiveCD
- gotroot modsecurity Rules for Apache – Anti-spam and Security
- Apache.org Hacked Using Remote SSH Key
- Hackers Penetrate Apache.org In Direct Targeted Attack
Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 118,553 views
- Password Hasher Firefox Extension - 116,529 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,500 views