Archive | 2008

gotroot modsecurity Rules for Apache – Anti-spam and Security

Keep on Guard!

To follow on from Whitetrash which I posted about previously, here is another tool to secure your web site or web application. Essentially it’s a very comprehensive set of rules for mod_security.

ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.

For ModSecurity to be effective it needs a rule set just like any IDS or Anti-virus solution, gotroot currently provides the largest selection of rules to secure your site.

This is only an option if you are using Apache 1.x or Apache 2.x if you are using IIS or another web server you are out of luck.

If you run any kind of web application, you need a web application firewall. Simply put, a web application firewall analyzes the connections to your web application to make sure they don’t contain attacks, viruses, worms or violate certain rules about normal or acceptable behavior for your web application(s).

The gotroot rules protect against all of that, and more, such as SQL injection protection, URI formating protection, meta and null character filtering, path recursion attack protection, buffer and heap overflow defenses, remote file inclusion attack prevention and many many others. This helps to protect your web server, applications, database or anything else your web application(s) have potential access to from attack.

This is to protect the application level – firewalls only examine packets on the network level, IDS can do a little on the application side but not as much as ModSecurity and a good set of rules.

You can find the gotroot rules here:

gotroot mod_security rules

Including instructions on how to download/update them automatically.

Posted in: Countermeasures, Security Software, Web Hacking

Tags: , , , , , , ,

Posted in: Countermeasures, Security Software, Web Hacking | Add a Comment
Recent in Countermeasures:
- PwnBin – Python Pastebin Search Tool
- Microsoft Azure Web Application Firewall (WAF) Launched
- mongoaudit – MongoDB Auditing & Pen-testing Tool

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,649 views
- Password Hasher Firefox Extension - 118,166 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,813 views

Nugache – The Next Big Storm?

Outsmart Malicious Hackers

We’ve covered quite a few Storm stories – now it seems there is a new player in town, which could possibly the most advanced malware and botnet instigator so far.

It’s also something I’ve predicted before, peer to peer malware networks running without a command and control server, no single point of failure and much more tricky to take down. The guys writing these things are getting smart, random communications, peers drop and reconnect, everything is encrypted..

Dittrich, one of the top botnet researchers in the world, has been tracking botnets for close to a decade and has seen it all. But this new piece of malware, which came to be known as Nugache, was a game-changer. With no C&C server to target, bots capable of sending encrypted packets and the possibility of any peer on the network suddenly becoming the de facto leader of the botnet, Nugache, Dittrich knew, would be virtually impossible to stop.

“The authors are making these subtle little changes to keep it under the radar, and they’re succeeding,” said Dittrich.

This is the future of malware and it’s not a pretty picture. What it is, is a nightmare: a new breed of malicious software developed, tested and sold by professionals and engineered to change on the fly, adapt to its environment and evade traditional defenses.

It’s definitely going to be interesting watching this one develop and waiting to see what kind of countermeasures come up. Software quality is starting to appear in malware, these are robust and technically competent worms and botnets.

The creators of these Trojans and bots not only have very strong software development and testing skills, but also clearly know how security vendors operate and how to outmaneuver defenses such as antivirus software, IDS and firewalls, experts say. They know that they simply need to alter their code and the messages carrying it in small ways in order to evade signature-based defenses. Dittrich and other researchers say that when they analyze the code these malware authors are putting out, what emerges is a picture of a group of skilled, professional software developers learning from their mistakes, improving their code on a weekly basis and making a lot of money in the process.

It seems like it’s a real cottage industry right now and there are some very talented programmers and security specialists working on these projects.

But then again it’s just like any other industry, where there’s bad there’s good and vice versa..and there is money to be made on both sides of the fence.


Posted in: Malware

Tags: , , , , , , , , ,

Posted in: Malware | Add a Comment
Recent in Malware:
- WannaCry Ransomware Foiled By Domain Killswitch
- Hajime Botnet Reaches 300,000 Hosts With No Malicious Functions
- BEURK – Linux Userland Preload Rootkit

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,621 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,772 views
- US considers banning DRM rootkits – Sony BMG - 45,013 views

Happy New Year – Best Wishes from Darknet!

Outsmart Malicious Hackers

Happy New Year to everyone and cheers to a fantastic 2008.

Let’s hope the year is buzzing with security news, there are interesting and exciting new developments and tools and the Darknet community can grow and become more active.

If you can help us promote the site we’d appreciate it! Just drop a mention to friends, link to us from your blog or website and be a part of the active commenting community.

There have been some excellent activity in the last couple of months comments wise and I appreciate it! I do read every comment and there has been some pretty interesting debates about various subjects.

So keep up the activity, keep discussing, learning and sharing and we can all grow as information security professionals together.

Happy 2008 to all our readers and subscribers – let’s hope we get more in 2008!

Posted in: Site News

Tags: , , , ,

Posted in: Site News | Add a Comment
Recent in Site News:
- Darknet Moving Servers & Upgrades Etc
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,669 views
- Get the ball rollin’ - 19,013 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,276 views