How to Install Apache in Windows | To install Apache in Windows, use builds available from the Apache Lounge. The Apache Lounge provides current up-to-date Apache releases compiled with current versions of OpenSSL for best security. This is preferred over apache.org Windows builds as apache.org does not maintain OpenSSL security updates. The download link is: http://www.apachelounge.com/download At the time of this post,
Drupal Security Notes | Check out this article on Drupal Security: Drupal Security Notes If you find this topic interesting, you may also be interested in Expert Pen Testing or CISSP training. Cool!
Enable or Disable Compression in Apache | I’ll show you a quick way to actively check a server for compression as well as how to disable compression in Apache. Note: This has _no_ effect on the CRIME TLS vulnerability. Test for Compression A simple test page to test for HTTP compression is here: http://www.gidnetwork.com/tools/gzip-test.php Or alternatively, below is a manual test for
Install Drupal 7 in Ubuntu 12.04 | Drupal 7 is provided in Ubuntu 12.04. I’ll show you how to get it up and running! 1. Install the package drupal7: $ sudo apt-get install drupal7 2. Create the following apache site configuration file: $ sudo nano /etc/apache2/sites-available/drupal7 Alias /drupal7 “/usr/share/drupal7″ < Directory /usr/share/drupal7 > Options -Indexes FollowSymLinks MultiViews < /Directory > 3. Enable
In-Depth WordPress Security | Here is an excellent write up on WordPress Security: In-Depth WordPress Security If you find this topic interesting, you may also be interested in Expert Pen Testing training. Check it out!
Fun with SHODAN | Shodanhq.com is awesome. These are fun: http://www.shodanhq.com/search?q=X-Powered-By%3A+PHP%2F5.1.2 Many sites running old PHP from 2006. Edit as desired to find an old php target. http://www.shodanhq.com/search?q=X-AspNet-Version%3A+1.1.4322 Incredible how many sites still use ASP .NET 1.x http://www.shodanhq.com/search?q=%22cisco-ios%22+%22last-modified%22 Web management pages for Cisco devices that have authentication disabled. http://www.shodanhq.com/search?q=Server%3A+Microsoft-IIS%2F5.0+ IIS 5.0 http://www.shodanhq.com/search?q=Server%3A+Apache%2F1. Ancient versions of Apache still in use
Create self-signed SSL certificate for Virtual Host | In Debian or Ubuntu, it is easy to generate a self-signed certificate for your virtual host. Here is how it works! 1. First, install the package ssl-cert: $ sudo apt-get install ssl-cert Since godaddy and the like are making 2048 bit certs common these days, optionally edit the file /usr/share/ssl-cert/ssleay.cnf and change 1024 bit 2048