Disable Mod Security

Hari ini webnya di hack lagi, ini gara-gara cuma ngetest code ini di .htaccess, ternyata berbuah fatal.

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

Saya baru tau kalo kode diatas mematikan seluruh fungsi mode security yang ada, yah wajar kalo semua isi web jadi berantakan kayak kapal pecah, beserakan! habis kena jarah..

I would like to recommend every one, do not disable the mod security for whole hosting account under which you are facing the problem. You can ask your host to disable the offending mod security rule because mod security is one of the greatest security tool to secure the web content to be hacked/injected [1]

Reference :

[1] Linux7802. (01 Juni 2012). How to disable mod_security from .htaccess? Dikutip 02 Juli 2013, dari http://discussion.accuwebhost.com/linux-web-hosting-discussion-forum-support/1057-how-disable-mod_security-htaccess.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s