The centrality of security
In a recent post about a small security issue in Wordpress, Matt said
“One note, even if the vulnerability was present in your blog, you would still be safe if your host ran mod_security on their servers.”
Matt had grabbed me the other day about the potential vulnerability in Wordpress and how it couldn’t be reproduced here. Well, it wasn’t that the vulnerability didn’t exist but that we actively prevent a wide range of certain things.
In fact, we have not been affected by a single application (e.g. Textpattern, Wordpress, MovableType, PHPBB ) or “language” (e.g. PHP) vulnerability as a result of a large, proactive and custom set of mod_security rules used in addition to a few other things.
I’ve been developing a set of mod_security and other rules for nearly three years now, and while I’ve never publicly discussed even the mod_security aspect of it (well, not on the weblog or in “marketing” materials) it’s something I’ve been fortunate enough to introduce to a few people.
Besides blocking exploit attempts, it’s used in conjunction with a network appliance to identify and then block millions of comment and trackback spam attempts every month. In fact, we’ve shared our ruleset and they’ve been pushed up into the datacenter proper where they are being used to block up to a 100 million requests a day (equivalent of about 4Mbps constant). TextDrive that!
·:· Posted 29 May 2005, 22:02 by Jason Hoffman to Security |
© Copyright 2004–2005 TextDrive Inc. · TextDrive™ is a trademark of Joyent Inc.
Acceptable Use ·
Terms of Service ·
Privacy ·
Safe Harbor ·
All prices in US$
— evening 2 June 2005, 13:16 #