May 20, 2017 06:35AM
I take it you don't use a WAF of any kind i also think you should add it to a MAP at least instead of using IF.

The WAF I use for these same rules is found here.

https://github.com/nbs-system/naxsi

The rules for wordpress and other content management systems are found here.

http://spike.nginx-goodies.com/rules/ ( a downloadable list they use https://bitbucket.org/lazy_dogtown/doxi-rules )


Naxsi is the best soloution I have found against problems like this especialy with their XSS and SQL extensions enabled.

LibInjectionXss;
CheckRule "$LIBINJECTION_XSS >= 8" BLOCK;
LibInjectionSql;
CheckRule "$LIBINJECTION_SQL >= 8" BLOCK;


Blocks allot of zero day exploits and unknown exploits / penetration testing techniques.

If you want to protect your sites it is definitely worth the look and use.

http://www.networkflare.com/
Subject Author Posted

WordPress pingback mitigation

gariac May 20, 2017 04:30AM

Re: WordPress pingback mitigation

c0nw0nk May 20, 2017 06:35AM

Re: WordPress pingback mitigation

gariac May 20, 2017 11:44AM

Re: WordPress pingback mitigation

c0nw0nk May 20, 2017 12:35PM

Re: WordPress pingback mitigation

alexsamad May 20, 2017 06:16PM

Re: WordPress pingback mitigation

gariac May 21, 2017 03:42AM

Re: WordPress pingback mitigation

pbooth May 21, 2017 01:30AM

Re: WordPress pingback mitigation

mex May 21, 2017 05:25AM

Re: WordPress pingback mitigation

gariac May 21, 2017 06:00AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 153
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready