Tag Archives: webattacks

Faking (all) user agents

Posted on May 24, 2012 by danielcid

If you are going to fake a user agent, do it right :) Seeing some web scanners faking all possible browsers out there in one single request: Firefox/3.6 Chrome/9 Firefox/3.0 Opera/9.99? Safari and more.. This is the actual log (searching … Continue reading →

Posted in log analysis, webattacks | Tagged log analysis, logging, webattacks | Leave a comment

OSSEC rule for the PHP-CGI vulnerability

Posted on May 9, 2012 by danielcid

I am seeing many scans for the PHP-CGI vulnerability in the wild and put up a quick OSSEC rule to detect/block those: <rule id=”31110″ level=”6″> <if_sid>31100</if_sid> <url>?-d|?-s|?-a|?-b|?-w</url> <description>PHP CGI-bin vulnerability attempt.</description> <group>attack,</group> </rule> It looks for the possibly dangerous … Continue reading →

Posted in ossec, webattacks | Tagged logging, ossec, webattacks | Leave a comment