'php'에 해당되는 글 65건
- 2015.07.28 PHP File Manager 취약점 주의 권고
- 2014.07.08 SnortDLP - an open source DLP solution utilizing snort
- 2012.07.12 webhoneypot: Web Application Honeypot
- 네덜란드 보안 컨설턴트 시멘 루호프(Sijmen Ruwhof)는 웹기반 File Manager로 사용되는 Revived Wire Media社의 PHP File Manager에서 백도어, 파일 다운로드 취약점 등의 18개 취약점을 발견
- PHP File Manager 4.5 이하버전
- 현재 보안 업데이트가 발표되지 않아 패치가 발표 될 때까지 PHP File Manager 사용 자제
- 해당 취약점 문제가 해결될 때까지, 타 File Manager 사용
- 한국인터넷진흥원 인터넷침해대응센터: 국번없이 118
SnortDLP a.k.a. "Pig Pen" is an open source data loss prevention project that utilizes Snort to detect the exfiltration of sensitive data.
Web based application
- Written in PHP and utilizes a MySQL backend for cross operating system portability
- Administrative login to protect unauthorized access
- Determines a unique fingerprint for
- free text
- individual documents
- each document in a repository of sensitive documents
- database tables (future)
- Supports plain text documents (including doc, ppt, etc) and emails
- Generates Perl-compatible regular expressions (PCREs) and automatically adds a custom snort rule for each document or file
- Detects and alerts administrators through a Snort interface
- Flagging and carving out zip/pdf files based on file headers
- Office 2007 (docx, pptx, xlsx) support
- PDF support
- Email integration
출처 : https://code.google.com/p/snortdlp/
webhoneypot is a DShield Web Application Honeypot offering this honeypot for users to capture automated web application exploits. It is a very simple “semi interactive” honeypot implemented in PHP.
webhoneypot project is used to develop the honeypot. Do not use this code to install a honeypot unless you are interested in helping development.
Prerequisitesfor installing webhoneypot.
- dshield.org account
- Publicly routable IP address that can receive requests on TCP port 80. Dynamic IP addresses are ok, but you should sign up with a dynamic dns provider like dyndns so that you can provide a constant hostname.
- Linux or Windows machine with a webserver, PHP5 support and the curl extension installed.
webhoneypot installation section should also be applicable to nearly any LAMP (Linux, Apache, MySQL, PHP) application platform, but the exact paths are taken from Fedora Core, and will need to be altered to match your environment.
Installation is very easy
- Extract the archive file honeypot.tgz ( webhoneypot ) to a temporary directory or into the directory for a virtual host that you plan to create.
- Edit etcconfig.local and edit the userid (userid=…) and password (password=…) to match your account information for your Dshield login; If you provide the password, the script automatically converts it into a hashed password replacing the password entry. Also, complete the full path to the location where you will be keeping your log files (logdir=…) if different from the default location logs/.
- Edit your apache configuration file /etc/httpd/httpd.conf ??
- Now copy the four folders and contents into the appropriate folders
- Set the appropriate permissions. The userid that your webserver runs under — usually apache — will need read permissions to the template folder. Use the chown command to make apache the owner of the templates folder, then use the chmod command to give the apache user read access to the files. (chmod + r) The apache user will also need write access to the logs folder. Once again change the owner to apache with the chown command and give apache write access with chmod + w.
- Test the site. Open a webbrowser and navigate to your webhoneypot site. You should be get back the default template which states that you are using the demo server and welcome to phpmyadmin. Try http://[webhoneypot ip or dns name]/robots.txt and you should get back template 104 which is a robots.txt file. If you get an error instead the most common problems are an incorrect path in one of your configuration files, a permissions problem writing to the logfile, or you did not install the curl extension that is required to post the results back to Dshield. You should be able to determine which one it is by the webpage returned from the server or your logfile if you have one.
- Check your logfile. If everything is operating properly, you should see the details of which templates are being matched, and the client request successfully posted to http://isc1.sans.org/weblogs/post.html.
- Once you have completed your testing list any operational honeypots under your DShield profile page.
- Log in to your account, go to the “my info” page and use the link provided to activate webhoneypot .
webhoneypot v0.1.r123 – webhoneypot.0.1.r123.tgz