http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/
I am only surmising from the limited information I can see here that ModSecurity would have protected them? Comments on this one welcome…
Rule 959001 does seem to cover the “SelECT” part of the URL in the screen shots but when I try a random url with this string in it on my website I don’t get any reaction.
I am a little bit “tired” tonight but “%20SelECT%20” doesn’t trigger ModSecurities defenses on my site and I cannot see why. I would have thought any URL with “space select space” should have set off huge klaxons?
Leave a Reply