Welcome! Log In Create A New Profile

Advanced

Re: WordPress pingback mitigation

May 20, 2017 11:44AM
I had run Naxsi with Doxi. Trouble is when it cause problems, it was really hard to figure out what rule was the problem. I suppose if you knew what each rule did, Naxsi would be fine. 

That said, my websites are so unsophisticated that it is far easier for me just to use maps. 

Case in point. When all this adobe struts hacking started, I noticed lots of 404s with the word "action" in the url request. I just added "action" to the map map and 444 them. 

If you have an url containing any word used in SQL, Naxsi/Doxi goes in blocking mode. I recall it was flagging on the word "update". I had a updates.html and Nasxi/Doxi was having a fit. 

In the end, it was far easier just to use maps. Other than a few modern constructs like "object-fit contain"‎, my sites have a 1990s look. Keeping things simple reduces the attack surface. 

I think even with Naxsi, you would need to set up a map to block bad referrers. I'm amazed at the nasty websites that link to me for no apparent reason. Case in point, I had a referral from the al Aqsa Martyrs Brigade. ‎ Terrorists! And numerous porn sites, all irrelevant. So Naxsi alone isn't sufficient. 

  Original Message  
From: c0nw0nk
Sent: Saturday, May 20, 2017 3:36 AM
To: nginx@nginx.org
Reply To: nginx@nginx.org
Subject: Re: WordPress pingback mitigation

I take it you don't use a WAF of any kind i also think you should add it to
a MAP at least instead of using IF.

The WAF I use for these same rules is found here.

https://github.com/nbs-system/naxsi

The rules for wordpress and other content management systems are found
here.

http://spike.nginx-goodies.com/rules/ ( a downloadable list they use
https://bitbucket.org/lazy_dogtown/doxi-rules )


Naxsi is the best soloution I have found against problems like this
especialy with their XSS and SQL extensions enabled.

LibInjectionXss;
CheckRule "$LIBINJECTION_XSS >= 8" BLOCK;
LibInjectionSql;
CheckRule "$LIBINJECTION_SQL >= 8" BLOCK;


Blocks allot of zero day exploits and unknown exploits / penetration testing
techniques.

If you want to protect your sites it is definitely worth the look and use.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274339,274341#msg-274341

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

WordPress pingback mitigation

gariac May 20, 2017 04:30AM

Re: WordPress pingback mitigation

c0nw0nk May 20, 2017 06:35AM

Re: WordPress pingback mitigation

gariac May 20, 2017 11:44AM

Re: WordPress pingback mitigation

c0nw0nk May 20, 2017 12:35PM

Re: WordPress pingback mitigation

alexsamad May 20, 2017 06:16PM

Re: WordPress pingback mitigation

gariac May 21, 2017 03:42AM

Re: WordPress pingback mitigation

pbooth May 21, 2017 01:30AM

Re: WordPress pingback mitigation

mex May 21, 2017 05:25AM

Re: WordPress pingback mitigation

gariac May 21, 2017 06:00AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 101
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready