The following are security-related tools that you can deploy in or check security against your web applications.

• Apache mod_rewrite security rules
  Description: These rules act as a baseline web application firewall built on common attack strings. If you get banned during legitimate traffic, you'll have to remove troubled keywords. If you can't, post'em to us. We'll send you finer version that suits your site. It's a must for all web servers. Remember it cannot help most web application attacks such as Information Leakage, Insufficent Authentication/Authorization, Bruteforcing, Predicatable Resource Location, Logic flaws.

  Requirements: Apache with mod_rewrite module enabled

  Date: March 2009

  # Hardened Apache Mod_Rewrite Security Rule # Provided by Aung Khant,http://yehg.net # Last Updated: Feb 24, 2010 # Note: You must experiment which strings make access denied in normal clean traffic. Remove such rules. Contact me if you can't. # Ref: http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritecond # NC = 'nocase|NC' (no case-sensitive) # OR = 'ornext|OR' (or next condition) # L = last rule RewriteEngine on # Allow only GET and POST verbs # 'Coz most vul scanners use HEAD for hunting buggy files existence RewriteCond %{REQUEST_METHOD} !^(GET|POST)$ [NC,OR] # Ban Typical Vulnerability Scanners and others # Kick out Script Kiddies RewriteCond %{HTTP_USER_AGENT} ^()$ [NC,OR] # void of UserAgent RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|java|curl|python|nikto|wkito|pikto|pykto|scan|acunetix|qualys|fuck|kiss|ass|Morfeus|0wn|hack|h4x|h4x0r|w3af).* [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR] # Block out common attack strings # Additional filtering can be put into # HTTP_USER_AGENT, HTTP_REFERER, HTTP_COOKIE,HTTP_FORWARDED,HTTP_ACCEPT # Directory Travarsal, Null Byte Injection, HTTP Response Splitting RewriteCond %{QUERY_STRING} ^.*(\.\./|\.\.%2f|\.\.%u2215|%u002e%u002e%u2215|%252e%252e%252f|%00|\\x00|\\u00|%5C00|%09|%0D%0A) [NC,OR] # SQL Injection Probing RewriteCond %{QUERY_STRING} ^.*(/select/|/union/|/insert/|/update/|/delete/).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(or|and)%20([0-9]=[0-9]).* [NC,OR] # Remote/Local File Inclusion # RFI: yoursite.com/?pg=http://evil.com/shell.txt? # LFI: yoursite.com/?pg=/logs/access_log? RewriteCond %{QUERY_STRING} .*(=https|=http|=ftp)(://|%3a%2f%2f).*\?$ [NC,OR] RewriteCond %{QUERY_STRING} (\/etc\/passwd|%2Fetc%2Fpasswd|c:\\boot\.ini|c%3A\\boot\.ini|c:\/boot\.ini|c:%2Fboot\.ini|c%3A%2Fboot\.ini|c:boot\.ini|c%3Aboot\.ini).* [NC,OR] # PHP Version Probing RewriteCond %{QUERY_STRING} ^(=PHP).* [NC,OR] # XSS Probing RewriteCond %{QUERY_STRING} ^.*(\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} ^.*(/XSS/).* [NC,OR] # PHP GLOBALS Overriding RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [NC,OR] # PHP REQUEST variable Overriding RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [NC,OR] # PHP Command Injection Probing # vuln.php?exec=uname -a;ls -al;whoami RewriteCond %{QUERY_STRING} ^.*(=|;)(uname%20-|ls%20-|whoami).* # Deny access RewriteRule ^(.*)$ index.php [F,L]

  
  
• Php-Brute-Force-Attack Detector
  Description: (Former name: Php Attack Detection Engine) to detect your web servers being scanned by brute force tools such as WFuzz, OWASP DirBuster and vulnerability scanners such as Nessus, Nikto, Acunetix ..etc. This helps you quickly identify probable probing by bad guys who's wanna dig possible security holes. For more info...

  Requirements: PHP5, MySQL 4>

  Date: June 2008

  
  
• PHP Login Info Checker (LIC) v.01
  Description: In your web applications wherever user/admin registration is required, use this checker script to strictly enforce admins/users to select stronger passwords. It tests cracking passwords against 4 rules. You can extend it stricter/stronger passwords easily. It has also built-in smoke test page via url loginfo_checker.php?testlic .
  Demonstration: View Online | Download

  Compatibility: PHP 4/5

  Date: April 2008

  
  
• php-DDOS-Shield
  Description: Php-Distributed Denial-of-Server Preventor. Nothing can stop DDOS? Don't be amazed. This is a tricky script to prevent idiot distributed bots which discontinue their flooding attacks by identifying HTTP 503 header code. Installation is to just do include.
  Requirement: PHP 4 >
  Date: July 30 2008
  
  
• phpMyAdmin Configuration Security Checker
  Description: Thousands of web servers are running phpMyAdmin in more or less insecure settings. This configuration script will check user-defined configuration values against pre-defined secure values. Set config file path. Run it and save the test result and then delete this script.

  Coded for: phpMyAdmin 2.11.7

  Date: July 2008

  
  
• PHPMySpamFIGHTER
  Description: It makes/fills email extractors/spammers' programs with thousands of fake email addresses endlessly dynamically generated by phpMySpamFighter. So even if your site visitors post their email addresses in plain format, spammers will give up searching for correct ones. It may cause Denial-Of-Service attack back to their programs.In fact, it fights not only spammers but also your attackers who use the similar tools to probe your web sites.
  Compatibility: PHP 4/5
  Resources: Demonstration | InstallGuide
  Date: March 2008