PHP 5.4 Packages for Red Hat | Red Hat Enterprise Linux is an excellent stable distro for mission critical enterprise environments. However the PHP and MySQL versions included are a tad behind mainstream. There is a great community repository from Rackspace that offers recent PHP, MySQL, and Python versions for Red Hat. The project page is: http://iuscommunity.org For Red Hat 5 and
Drupal Security Notes
Drupal Security Notes | Check out this article on Drupal Security: Drupal Security Notes If you find this topic interesting, you may also be interested in Expert Pen Testing or CISSP training. Cool!
Protect Against XSS by Enabling HttpOnly for Linux Apache PHP
Protect Against XSS by Enabling HttpOnly for Linux Apache PHP | HttpOnly is a session cookie flag created to protect against cross site scripting and theft of session cookies. For good security, this should be enabled for PHP running under Apache especially for sites such as WordPress, Drupal, Joomla, and other popular PHP-based web applications. OWASP has some information on HttpOnly. I’ll show you how to
Fun with SHODAN
Fun with SHODAN | Shodanhq.com is awesome. These are fun: http://www.shodanhq.com/search?q=X-Powered-By%3A+PHP%2F5.1.2 Many sites running old PHP from 2006. Edit as desired to find an old php target. http://www.shodanhq.com/search?q=X-AspNet-Version%3A+1.1.4322 Incredible how many sites still use ASP .NET 1.x http://www.shodanhq.com/search?q=%22cisco-ios%22+%22last-modified%22 Web management pages for Cisco devices that have authentication disabled. http://www.shodanhq.com/search?q=Server%3A+Microsoft-IIS%2F5.0+ IIS 5.0 http://www.shodanhq.com/search?q=Server%3A+Apache%2F1. Ancient versions of Apache still in use
Make Your Web Server Snappy With php-apc
Make Your Web Server Snappy With php-apc | In Debian / Ubuntu, simply installing one package will instantly make your web server faster. (That is, if you are serving up php!) Here ya go: sudo apt-get install php-apc Next, edit the following file: $ sudo nano /etc/php5/conf.d/apc.ini And put in the following values. Increase the apc.shm_size as high as is available: extension=apc.so apc.shm_size=64M
Test Your Server for MySQL Injection
Test Your Server for MySQL Injection | Q: What tools are used for testing for MySQL and other database injection vulnerabilities? The following are often used to automate testing for SQL injections by network and security admins: sqlmap – automatic SQL injection and database takeover tool Havij – automated SQL injection tool metasploit – security framework (Metasploit as you may be aware
Securing phpMyAdmin
Securing phpMyAdmin | phpMyAdmin is a great tool but it is also a large target by hackers. Take these initial steps to secure your phpMyAdmin install in Ubuntu Linux. 1. First we will setup an Apache login and password in order to load the phpmyadmin page. This command creates an apache authenticated user (Example here creates a username
Securing Apache and PHP
Securing Apache and PHP | A few simple adjustments to keep Apache and PHP from displaying so much information about your server.
