WordPress pingback mitigation
Peter Booth
peter_booth at me.com
Sun May 21 05:27:53 UTC 2017
Wow- I really like the sound of naxsi. In the past I've used F5's ASM, the WAF built on their big-ip platform. It was powerful though prone to false positives. I don't believe there are any real shortcuts that allow you to build an effective waf without understanding the details of your own website. These simply aren't build, deploy and forget devices. It sounds a if the creator of naxsi understands this.
Sent from my iPhone
> On May 20, 2017, at 11:43 AM, lists at lazygranch.com wrote:
>
> I had run Naxsi with Doxi. Trouble is when it cause problems, it was really hard to figure out what rule was the problem. I suppose if you knew what each rule did, Naxsi would be fine.
>
> That said, my websites are so unsophisticated that it is far easier for me just to use maps.
>
> Case in point. When all this adobe struts hacking started, I noticed lots of 404s with the word "action" in the url request. I just added "action" to the map map and 444 them.
>
> If you have an url containing any word used in SQL, Naxsi/Doxi goes in blocking mode. I recall it was flagging on the word "update". I had a updates.html and Nasxi/Doxi was having a fit.
>
> In the end, it was far easier just to use maps. Other than a few modern constructs like "object-fit contain", my sites have a 1990s look. Keeping things simple reduces the attack surface.
>
> I think even with Naxsi, you would need to set up a map to block bad referrers. I'm amazed at the nasty websites that link to me for no apparent reason. Case in point, I had a referral from the al Aqsa Martyrs Brigade. Terrorists! And numerous porn sites, all irrelevant. So Naxsi alone isn't sufficient.
>
> Original Message
> From: c0nw0nk
> Sent: Saturday, May 20, 2017 3:36 AM
> To: nginx at nginx.org
> Reply To: nginx at nginx.org
> Subject: Re: WordPress pingback mitigation
>
> I take it you don't use a WAF of any kind i also think you should add it to
> a MAP at least instead of using IF.
>
> The WAF I use for these same rules is found here.
>
> https://github.com/nbs-system/naxsi
>
> The rules for wordpress and other content management systems are found
> here.
>
> http://spike.nginx-goodies.com/rules/ ( a downloadable list they use
> https://bitbucket.org/lazy_dogtown/doxi-rules )
>
>
> Naxsi is the best soloution I have found against problems like this
> especialy with their XSS and SQL extensions enabled.
>
> LibInjectionXss;
> CheckRule "$LIBINJECTION_XSS >= 8" BLOCK;
> LibInjectionSql;
> CheckRule "$LIBINJECTION_SQL >= 8" BLOCK;
>
>
> Blocks allot of zero day exploits and unknown exploits / penetration testing
> techniques.
>
> If you want to protect your sites it is definitely worth the look and use.
>
> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274339,274341#msg-274341
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list