Protecting your server against URL Injections
Code Injection Prevention Tips:
Check the server behind the IP address above for suspicious files in /tmp, /var/tmp, /dev/shm, along with checking the process tree ps -efl or ps -aux. Use ls -lab for checking directories as sometimes compromised servers will have hidden files that a regular "ls" will not show.
Installing some apache modules such as mod_security and configuring it to prevent $GET requests:
- Turn off fopen url wrappers
- Disable wget / fetch / lynx+links binaries
- If you have a WHM/Cpanel Server make use of all the utilities provided to you in the Security section of your WHM.
You can also follow the steps at: http://www.topwebhosts.org/tools/apf-bfd-ddos-rootkit.php
Schedule regular security audits on a timely basis - either monthly or weekly - where you can run chkrootkit and rkhunter and scan for vulnerabilities. This can be automated with cron and even email you upon completion. (See http://en.wikipedia.org/wiki/Remote_File_Inclusion & http://en.wikipedia.org/wiki/Code_injection for more information.)