mod_security - world writable folders rule...
- Too many times I've seen people with 'upload' or 'images' folders with 777 permissions.
- Too many times someone has uploaded something malicious and stored it within there, such as a php-file-manager kind of thing.
I'm addressing similar problems via a different avenue, but I wanted to ask something of mod_security experts around...
1. I need a rule that checks if a folder has 0777 permissions, and if so will not allow POSTing to that folder
2. I need a rule that checks if a file/folder is owned by the apache user('www' or 'nobody'), and if so will not allow POSTing to that file/folder
Anybody got a quick answer? Might you hook me up? If not, do you know of any decent mod_security rules tutorials/references?
Thanks in advance...
