2009 June | R-fx Networks

Archive for June, 2009

Snorting the Web Farm

by Ryan M. on Jun.10, 2009, under My Blog

Here are some rules for you snort freaks to chew on that I have found useful in web heavy environments.
alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:”ET ATTACK RESPONSE x2300 phpshell detected”; content:”Locus7Shell”; nocase; classtype:web-application-activity; reference:url,www.rfxn.com; sid:300010; rev:1;)
alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:”ET ATTACK RESPONSE RFI Scanner detected”; content:”RFI Scanner”; classtype:web-application-activity; reference:url,www.rfxn.com; sid:300020; [...]

Comments Off :ids, ips, snort, web hosting, web server more...

Welcome to R-fx Networks!
I welcome you to the new R-fx Networks, now strictly devoted to our projects and community at large. Join me as I strive to find a new path for the site and projects - we are still very much alive and active!

Please see the about us page for more details on why this change has been made.
Recent Posts
OSS-SEC Updates
- phpmyvisites 2.3 March 10, 2010
- CVE Request -- MediaWiki - v1.15.2 March 9, 2010
- Re: CVE Request: libesmtp does not check NULL bytes in commonName March 9, 2010
- CVE Request: postgresql integer overflow in hash table size calculation March 9, 2010
- Re: CVE Request -- cURL/libCURL 7.20.0 March 9, 2010
BugTraq Updates
Milw0rm Updates
- ProdLer <= 2.0 (prodler.class.php sPath) RFI Vulnerability September 20, 2009
- BigAnt Server <= 2.50 SP6 Local (ZIP File) Buffer Overflow PoC #2 September 20, 2009
- Joomla com_mytube (user_id) Blind SQL Injection Exploit September 20, 2009
- cP Creator 2.7.1 (Cookie tickets) Remote SQL Injection Exploit September 20, 2009
- Joomla com_jinc (newsid) Blind SQL Injection Vulnerability September 20, 2009

Categories

Links

Looking for something?

Use the form below to search the site:

Site Links

A few links to navigate our site quicker...

Archives

All entries, chronologically...