Will these codes help avoid script injections?

Discussion in 'Security' started by lvtim, Dec 6, 2008.

0
  1. #1
    I'm implementing this in the .htaccess of one of the WordPress blogs I'm helping recently, to avoid from getting the injection hacking method being exploited:

    RewriteEngine on
    RewriteCond %{QUERY_STRING} http[:%] [NC]
    RewriteRule .* /------------http----------- [F,NC]
    RewriteRule http: /---------http----------- [F,NC]

    Found this method via http://www.whyron.com/http.htm

    I'm pretty new to .htaccess, so could anyone explain to me what's actually happening here? And will this really block script injection exploits in the future? (I'm betting this has NOTHING to do with SQL injections?)
     
    lvtim, Dec 6, 2008 IP
  2. Tearabite

    Tearabite Prominent Member

    Messages:
    4,629
    Likes Received:
    429
    Best Answers:
    0
    Trophy Points:
    300
    #2
    i dont know mod_rewrite enough to know if those will help or not, but have you thought about using Mod_secruity, or if you are not on a dedicated/VPS, using BadBehavior?

    BadBehavior out of the box will block most of not all of inection exploits, and mod_security WILL block everything (and much more) when properly configured - and it's easier than messing with .HTACCESS..
     
    Tearabite, Dec 6, 2008 IP
  3. hostindya

    hostindya Banned

    Messages:
    46
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    tearabite is correct u need to install mod_security
     
    hostindya, Dec 7, 2008 IP
  4. lvtim

    lvtim Well-Known Member

    Messages:
    291
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    130
    #4
    Thanks for the feedback, I'll check out BadBehavior and mod_security. I'm still curious about what those mod_rewrite code does, though.
     
    lvtim, Dec 7, 2008 IP
  5. UseShots

    UseShots Peon

    Messages:
    244
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    0
    #5
    @lvtim: You are right. This code has nothing to do with SQL injections. It only protects from one particular remote script injection exploit (which I believe latest versions of WordPress are not vulnerable to).

    This trick assumes that your scripts include remote scripts passed in URL parameters and legitimate remote scripts never contain "http:" in them.

    The rewrite code checks if a QUERY_STRING of the requested URL contains "http:" or "http%" then the 403 error is returned.

    Note that this code will also block all legitimate requests with "http:" in the query string.
     
    UseShots, Dec 10, 2008 IP
    lvtim likes this.
  6. lvtim

    lvtim Well-Known Member

    Messages:
    291
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    130
    #6
    Thank you so much for the explanation. I suspected as much that this may block even the site's own http query, and I have mentioned this suspicion to the owner of the site. I dealt with a hacked WordPress site recently, which was caused by not updating to the latest version, making it vulnerable to attacks.

    Your Unmask Parasites site tools looks great, BTW :)
     
    lvtim, Dec 10, 2008 IP
  7. olddocks

    olddocks Notable Member

    Messages:
    3,275
    Likes Received:
    165
    Best Answers:
    0
    Trophy Points:
    215
    #7
    follow this tutorial to install mod_security in apache.

    to prevent mysql injections you can also use mysql_real_escape_string() function from php.
     
    olddocks, Dec 11, 2008 IP