MonitorWare Knowledge Base

We recently ran a Nessus scan against our network (oh the joys of security compliance!) Nessus found my Rsyslog/phplogcon box and says that my sites are vulnerable to cross site scripting attackes (XSS) and since phplogcon & phpmyadmin are the only two sites on the box...Anyway, has anyone seen this before and/or have suggestions for how to prevent XSS attacks on phplogcon?

Thanks!

• Custom phpLogCon configuration?
• Maintenance Contract?
• Installation support?

Hi,

I would recommend to secure access to your phpLogCon and phpMyAdmin installation by using a .htaccess and basic authentication.
Both applications are not designed or meant to run free and open on the internet, or anywhere else where you do not have a trusted environment.

Such a .htaccess can look like this for example:

Code: Select all

require valid-user
AuthUserFile "/var/www/default/.passwd"
AuthName "Auth Only"
AuthType Basic

The file /var/www/default/.passwd can be created by using a command like this:

Code: Select all

htpasswd -c /var/www/default/.passwd username

I hope this helps,
best regards,
Andre Lorbach

Andre, I think it would still be useful to look into what causes the XSS. Imagine when phpLogCon once becomes know as the invaluable application it is. In that case, someone may craft an attack so that a not directly accessible system can still be used to carry out an attack. At least, we should know what the real issue is, it then probably is even easy to address it.

Rainer

It would be interesting to see the full results of this Nessus scan to tell more about this XSS attacks possibility.