Page 1 of 1

Looking for cms-related rules

Posted: Wed Jan 28, 2015 4:12 am
by nielsh
Hi,

I'm trying out the Atomicorp mod_security rules with nginx, and I have enabled the recommended basic rules.

I am however looking for rules specific to out-of-date CMS-applications, namely Wordpress. I want to protect sites against for example the recent revslider and symbosium vulnerabilities. I have tried out the revslider exploit on a vulnerable site however this attack is not blocked. I've done a grep on "revslider" in the rule-files however I could not find this string, so I'm not sure which rules I should enable to protect Wordpress websites against out-of-date plugins.

Could you point me in the right direction?

Thanks!
- Niels

Re: Looking for cms-related rules

Posted: Wed Jan 28, 2015 7:57 pm
by hostingg
the nginx modsecurity software is unreliable, so its probably not going to work like you expect

Re: Looking for cms-related rules

Posted: Thu Jan 29, 2015 9:36 am
by scott
Nginx is mod_security is getting there, but there are still some significant blockers on the list:

https://github.com/SpiderLabs/ModSecurity/issues

Re: Looking for cms-related rules

Posted: Wed Feb 04, 2015 7:48 am
by nielsh
Hi Scott,

I did get it running, but I'm just not sure which rules are responsible for what. Which rules are responsible for the CMS-related vulnerabilities, such as the Wordpress Revslider vulnerability?

Thanks!

Re: Looking for cms-related rules

Posted: Wed Feb 04, 2015 6:31 pm
by scott
Its not really laid out like that, we look more at methodologies of attack.