Answer the question
In order to leave comments, you need to log in
I
I
imhoil2016-03-26 23:05:40
imhoil, 2016-03-26 23:05:40
Scriptkiddis, webshell and the like. How to protect yourself with reverse proxy (nginx, etc)?
It so happened that I had to understand a little about this topic.
I understand that various kinds of cms, such as joomla, wp and even 1c bitrix, are quite full of holes, especially when nginx, php, apache are configured incorrectly.
Even more worrying are 0day vulnerabilities, that is, vulnerabilities for which there is no "patch". More worrying is that this vulnerability could have been exploited for a long time before.
Simply, not so long ago I found an obfuscated php script, after a long and tedious deobfuscation, it turned out that this is a fairly advanced web shell classified by drweb as PHP.Shell.101
By the way, whoever decides to repeat my path, execution is possible not only through eval, but also through preg_replace /e, i.e., print|echo preg_replace /e will cause the code to be executed.
I understand that xss and mysql injections could be used.
In general, a question. Bydolkod is bad, but is it possible to at least partially protect against this using nginx, haproxy, naxi?
Similar questions
E
M
A
A
Andrey Tumanchik2017-02-01 11:15:58
How to set redirect to HTTPS in Nginx for all but some URIs?
2Reply
W
winDeD2017-02-02 12:38:42
Two SSL sites on NGINX. Why does www redirect to a neighboring site?
3Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question