This is actually a very simple hack to fix using mod_security. First off find where your mod_security config file is located, this all depends on your install of mod_security and OS but it's normally called modsec.conf
or modsec2.conf
, sometimes security.conf
but very seldom.
You can find it using the locate
command, if installed, on most linux systems.
sudo updatedb
locate modsec.conf
or
locate modsec2.conf
If you don't have locate
your going to need to go to the /
directory and just run find
, this will take some time but sometimes panels install it in weird places not just in /etc
.
cd /
find . -type f -iname 'modsec*.conf'
Either way will work to find the config file. Once found use your favorite editor to edit the file and go to the very bottom and add the following:
SecRuleEngine On
SecRule ARGS {php} "severity:4,log,deny"
SecRule ARGS eval "severity:4,log,deny"
SecRule ARGS base64_decode "severity:4,log,deny"
Basically your telling it to filter arguments in GET
and POST
. That's it, restart apache now:
CentOS:
service httpd restart
Ubuntu:
service apache2 restart
Now you might be thinking this will block you from using those commands in scripts, not at all. That only blocks those words from being sent over GET
or POST
. If someone tries they get a Not Acceptable
error and it just doesn't work at all.
This saves you from having to block a bunch of IP's from your firewall or WHMCS and potential customer's.