Protecting your server against URL Injections

Code Injection Prevention Tips:
Check the server behind the IP address above for suspicious files in /tmp, /var/tmp, /dev/shm, along with checking the process tree ps -efl or ps -aux. Use ls -lab for checking directories as sometimes compromised servers will have hidden files that a regular "ls" will not show.

Installing some apache modules such as mod_security and configuring it to prevent $GET requests:

  • Turn off fopen url wrappers

  • Disable wget / fetch / lynx+links binaries

  • If you have a WHM/Cpanel Server make use of all the utilities provided to you in the Security section of your WHM.

You can also follow the steps at:

Schedule regular security audits on a timely basis - either monthly or weekly - where you can run chkrootkit and rkhunter and scan for vulnerabilities. This can be automated with cron and even email you upon completion. (See & for more information.)

Was this helpful to you?   

Powered by LiveZilla Website Chat Software