[Security] Updated ModSecurity Filters


Monday, August 8th, 2011 - Security

As we mentioned in an earlier post, today we are beginning the deployment of new ModSecurity filters on our shared hosting servers.

We haved decided to push out these updates a few days before they were scheduled due to the recent TimThumb exploit (some details here). These new rules will hopefully help mitigate any damage that this exploit can cause (But please note – The new ModSecurity rules do not solve the problem completely, affected TimThumb users should upgrade or discuss this with your theme developer). We are going to be going through the servers looking for TimThumb scripts in the next few days and you may receive an email about this.

These new ModSecurity rules do have the potential to cause certain security issues for some websites. Some actions and files will generate false positives. Rules can be exempted for your website, if a certain rule is causing you problems. You will just need to open a support ticket with our support staff regarding this.

To open a support ticket, go to our Account Management page:

http://www.amshelp.com

And click on the Support Ticket link.

These new rules should help prevent exploits and compromises on your webhosting account, this is why they are being put into place. We do apologize for any inconvenience these new rules might cause.

Steven