Looking for cms-related rules

Customer support forums for the modsecurity rules feed. There is no such thing as a bad question here as long as it pertains to using the real time modsecurity rules feed. Newbies feel free to get help getting started or asking questions that may be obvious.
nielsh
New Forum User
New Forum User
Posts: 2
Joined: Wed Jan 28, 2015 4:07 am
Location: Netherlands

Looking for cms-related rules

Unread post by nielsh »

Hi,

I'm trying out the Atomicorp mod_security rules with nginx, and I have enabled the recommended basic rules.

I am however looking for rules specific to out-of-date CMS-applications, namely Wordpress. I want to protect sites against for example the recent revslider and symbosium vulnerabilities. I have tried out the revslider exploit on a vulnerable site however this attack is not blocked. I've done a grep on "revslider" in the rule-files however I could not find this string, so I'm not sure which rules I should enable to protect Wordpress websites against out-of-date plugins.

Could you point me in the right direction?

Thanks!
- Niels
User avatar
hostingg
Forum User
Forum User
Posts: 63
Joined: Mon Mar 18, 2013 6:26 pm
Location: Earth

Re: Looking for cms-related rules

Unread post by hostingg »

the nginx modsecurity software is unreliable, so its probably not going to work like you expect
If everything was easy, then the world wouldn't need engineers.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Looking for cms-related rules

Unread post by scott »

Nginx is mod_security is getting there, but there are still some significant blockers on the list:

https://github.com/SpiderLabs/ModSecurity/issues
nielsh
New Forum User
New Forum User
Posts: 2
Joined: Wed Jan 28, 2015 4:07 am
Location: Netherlands

Re: Looking for cms-related rules

Unread post by nielsh »

Hi Scott,

I did get it running, but I'm just not sure which rules are responsible for what. Which rules are responsible for the CMS-related vulnerabilities, such as the Wordpress Revslider vulnerability?

Thanks!
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Looking for cms-related rules

Unread post by scott »

Its not really laid out like that, we look more at methodologies of attack.
Post Reply