[Mediawiki-l] Security Questoin

[Russ Lavoie]

Ya...  Disabling mod_security would be..  Worse than all the false
positives in my opinion.  I just wanted to see if anyone out here had a
template that works like it should and detects legit hack attempts.

Thanks Again :)

-----Original Message-----
From: mediawiki-l-bounces at lists.wikimedia.org
[mailto:mediawiki-l-bounces at lists.wikimedia.org] On Behalf Of Fernando
Carpani - INCO
Sent: Monday, March 12, 2007 2:20 PM
To: MediaWiki announcements and site admin list
Subject: Re: [Mediawiki-l] Security Questoin

Hello.
With mod_security y can't write english !!!!!!!!!

Try the following phrase:

".... select the option from the following list..."


I think that this is detected as SQL !!!

We need a solution different from disable mod_security. :-)

Fernando Carpani.

Brion Vibber wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Russ Lavoie wrote:
>  
>
>>I know this isn't related to mediawiki...  But I am wondering if any
of
>>you out there are using mod_security to secure their mediawiki site.  
>>
>> 
>>
>>I am running it but I am getting so many false positives why even have
>>it running.
>>    
>>
>
>All we ever hear about are the false positives. We get plenty of bug
>reports from people discovering they can't write an article about
>"python" or "/etc/passwd" or whatever...
>
>- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.2.2 (Darwin)
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
>iD8DBQFF9aSewRnhpk1wk44RAqh9AJ9Y3MNeMqeS6WTzagI6ArPqQuci4gCfSePB
>LJtyxc9eA3O9arYGx5d6AAw=
>=xJzf
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>MediaWiki-l mailing list
>MediaWiki-l at lists.wikimedia.org
>http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>  
>


_______________________________________________
MediaWiki-l mailing list
MediaWiki-l at lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l