httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicholas Sherlock <n.sherl...@gmail.com>
Subject [users@httpd] Re: iFrame Injection Blocking
Date Mon, 25 May 2009 02:38:16 GMT
Grant Peel wrote:
> Then I suppose the next question is, could one use mod_rewrite or some 
> other tool to parse the content (html cide), (and obliterate it 
> possibly) before it is even sent to the client?

Not effectively, given the way it encodes itself to avoid detection. 
Anything you write will only block this _specific_ infection, and won't 
patch the gaping holes in your server that are letting it through in the 
first place. Secure your FTP credentials and update the PHP packages you 
are using.

Cheers,
Nicholas Sherlock


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message