<html><body>
<p><font size="2" face="sans-serif">Hi,</font><br>
<br>
<font size="2" face="sans-serif">i'm preparing Zendto for Penetration Test and used some Scanner like Paros, Nikto ...</font><br>
<br>
<font size="2" face="sans-serif">1.) deactivate X-Powered-By (Server sends exact PHP-Version to client)</font><br>
<br>
<font size="2" face="sans-serif">in php.ini --> expose_php = Off</font><br>
<br>
<font size="2" face="sans-serif">2.) deactivate HTTP TRACE (used by Security Scanner for XSS)</font><br>
<br>
<font size="2" face="sans-serif"><a href="http://www.ducea.com/2007/10/22/apache-tips-disable-the-http-trace-method/">http://www.ducea.com/2007/10/22/apache-tips-disable-the-http-trace-method/</a></font><br>
<br>
<font size="2" face="sans-serif">3.) using mod_security as module for apache</font><br>
<br>
<font size="2" face="sans-serif">Mod_Security is an open source Web application firewall with a lot of preconfigured rulesets. Mod_Security prevents Injections, XSS, Commands ... I played with mod_security and add an sample (not complete)</font><br>
<br>
<font size="2" color="#FF0000" face="sans-serif"># Prevents Path disclosure for PHP Fatal Error</font><br>
<font size="2" color="#FF0000" face="sans-serif">SecRule RESPONSE_BODY "Fatal Error:" "deny,status:500,log,auditlog,msg:'PHP Fatal Error blocked'"</font><br>
<font size="2" color="#FF0000" face="sans-serif">ErrorDocument 500 /security-error.php</font><br>
<br>
<font size="2" color="#FF0000" face="sans-serif">#Prevent Security Scanner from Scanning the WebApplication"</font><br>
<font size="2" color="#FF0000" face="sans-serif">SecRule HTTP_User-Agent "(?:\b(?:m(?:ozilla\/4\.0 \(compatible\)|etis)|webtrends security analyzer|pmafind)\b|n(?:-stealth|sauditor|essus|ikto)|b(?:lack ?widow|rutus|ilbo)|(?:jaascoi|Paro)s|internet explorer|webinspect|\.nasl)" \</font><br>
<font size="2" color="#FF0000" face="sans-serif">"deny,log,msg:'Request Indicates a Security Scanner Scanned the Site',,status:500,phase:2"</font><br>
<br>
<font size="2" color="#FF0000" face="sans-serif">SecDefaultAction phase:2,redirect:/security-error.php,status:509,log,auditlog</font><br>
<br>
<font size="2" color="#FF0000" face="sans-serif">#Hides the Webserver signature (IIS, Apache ...)</font><br>
<font size="2" color="#FF0000" face="sans-serif">SecServerSignature "Hotzenplotz"</font><br>
<br>
<font size="2" color="#FF0000" face="sans-serif">#Root-Path</font><br>
<font size="2" color="#FF0000" face="sans-serif">SecRule REQUEST_URI "^/$" "log,allow,phase:2"</font><br>
<br>
<font size="2" color="#FF0000" face="sans-serif">#needed for ReCaptcha</font><br>
<font size="2" color="#FF0000" face="sans-serif">SecRule REQUEST_URI "<a href="https://www.google.com/recaptcha/api/image$">https://www.google.com/recaptcha/api/image$</a>" "log,allow,phase:2"</font><br>
<br>
<font size="2" color="#FF0000" face="sans-serif">#PHP-Sites</font><br>
<font size="2" color="#FF0000" face="sans-serif">SecRule REQUEST_FILENAME "^/security-error.php$" "log,allow,phase:2"</font><br>
<font size="2" color="#FF0000" face="sans-serif">SecRule REQUEST_FILENAME "^/about.php$" "log,allow,phase:2"</font><br>
<font size="2" color="#FF0000" face="sans-serif">SecRule REQUEST_FILENAME "^/verify.php$" "log,allow,phase:2"</font><br>
<font size="2" color="#FF0000" face="sans-serif">....</font><br>
<br>
<font size="2" face="sans-serif">The sample is not complete ...</font><br>
<br>
<font size="2" face="sans-serif">Mit freundlichen Grüßen / Best regards<br>
<br>
Patrick Gaikowski<br>
Tel: +49 7132 94 3568<br>
Fax: +49 7132 94 73568<br>
E-Mail: patrick.gaikowski@kaufland.com<br>
KI 967800 IT International / Infrastruktur<br>
Office:<br>
Lindichstrasse 11<br>
D-74189 Weinsberg</font><br>
<br>
<br>
<font size="2" face="sans-serif"><a href="http://www.kaufland.de">http://www.kaufland.de</a> </font><br>
<font size="2" face="sans-serif">Wir sind die Nr. 1:</font><br>
<font size="2" face="sans-serif">Kaufland ist "Bester Lebensmittelmarkt 2011"!</font><br>
<br>
<font size="2" face="sans-serif">Kaufland Informationssysteme GmbH & Co. KG</font><br>
<font size="2" face="sans-serif">Postfach 12 53 - 74149 Neckarsulm<br>
Kommanditgesellschaft<br>
Sitz: Neckarsulm<br>
Registergericht: Amtsgericht Stuttgart HRA 104163</font><br>
</body></html>