security on abyss webserver

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
Jasper Hofland
Guest





PostPosted: Sun Aug 11, 2002 8:34 pm    Post subject: security on abyss webserver Reply with quote

Hi there Aprelium ,

Back with yet a new question ...

Time, Event, Intruder, Count
09-08-2002 13:06:17, HTTP POST data contains script, a213-84-32-243.adsl.xs4all.nl, 1

Can i prevent abyss webserver from running the posted script ???
I have made a forum in php but when somebody posts a script instead of text abyss webserver will run the script , my firewall knows what is going on. But abyss doesn't really seam to care ... Is this because of my settings ? Could you please help me.

Thnx in advance,

Jasper Hofland
Back to top
aprelium
-


Joined: 22 Mar 2002
Posts: 6800

PostPosted: Mon Aug 12, 2002 4:19 am    Post subject: Re: security on abyss webserver Reply with quote

Jasper Hofland wrote:
Hi there Aprelium ,

Back with yet a new question ...

Time, Event, Intruder, Count
09-08-2002 13:06:17, HTTP POST data contains script, a213-84-32-243.adsl.xs4all.nl, 1

Can i prevent abyss webserver from running the posted script ???
I have made a forum in php but when somebody posts a script instead of text abyss webserver will run the script , my firewall knows what is going on. But abyss doesn't really seam to care ... Is this because of my settings ? Could you please help me.

Thnx in advance,

Jasper Hofland

First of all, Abyss Web Server has nothing in its code that allows direct execution of posted data. The suspect is your forum software that may allow such a behaviour (which is highly dangerous by the way).
But what is missing in your question is the following information:
* What does the
Quote:
Time, Event, Intruder, Count
09-08-2002 13:06:17, HTTP POST data contains script, a213-84-32-243.adsl.xs4all.nl, 1
mean and where do they come from ?
* What is the forum you use ?
* How an intrusion is done exactly ? Can you give us a scenario to replay an attack ?

You can use the forum or send all these information to support@aprelium.com .
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
Jasper Hofland
Guest





PostPosted: Mon Aug 12, 2002 4:40 pm    Post subject: more info Reply with quote

Time, Event, Intruder, Count
09-08-2002 13:06:17, HTTP POST data contains script, a213-84-32-243.adsl.xs4all.nl, 1

This a warning of my firewall , he detects a script in the post..

What is the forum you use ?

my forum is handmade with php ....

I have send you a mail with details and files.

Thnx again .

Jasper Hofland
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group