Saotn.org

Sysadmins of the North, a technical blog in English and Dutch

Sticky en verbeterd!

In mijn dagelijkse werk als systeembeheerder kom ik nog te vaak tegen dat websites van klanten gehackt of aangepast worden. Websites worden voorzien van iframes of andere codes. Of iets simpels als dat men geen e-mail meer kan versturen of ontvangen omdat een virusscanner instellingen heeft aangepast. Vaak is de computerbeveiliging niet op orde waardoor websites worden gehackt, spam verzonden en bankrekeningen via internetbankieren geplunderd.
Gezien het aantal artikelen over computerbeveiliging en tips daarvoor betekent dit dat de artikelen en/of materie te moeilijk, te onduidelijk, niet interessant of te complex is.

In dit artikel zal ik proberen een aantal tips te geven, in -hopelijk- normaal en begrijpelijk Nederlands.

Read More

E-Book Gallery for Microsoft Technologies, free content for Azure, ASP.NET, Office, SQL Server, SharePoint Server and other Microsoft technologies in e-book formats. Reference, guide, and step-by-step information are all available. All the e-books are free. New books will be posted as they become available.

E-Book Gallery for Microsoft Technologies

More quality sysadmin & DevOps IT books selected for you. Categories include:

Enjoy!


This is a somewhat older article by Stefan Esser, which I didn’t want to keep from you. During the development of a new Suhosin version, he and his team found a phpinfo() type confusion vulnerability. The information leak even allows a PHP script to steal the private SSL key.

Read More

DefenseCode‘s Leon Juranic released an article explaining an old-school hacking technique: Unix wildcard poisoning attacks. No ASLR bypass, ROP exploits or 0day remote kernel exploits, but if you wonder how basic Unix tools like ‘tar’, ‘chmod’ or ‘chown’ can lead to full system compromise, keep on reading.

http://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt

Currently, the default PHP version for Microsoft’s WebMatrix 3 is PHP 5.5.11. Which is good because it is 5.5.x. Sometimes you may need to upgrade or even downgrade the PHP version available in WebMatrix 3. If you have to match your development environment to your web hosting production environment for example. Or if you want to use OPCache and/or WinCache. The PHP modules OPCache and WinCache are PHP accelerators, used to cache PHP bytecode (the compiled version of the PHP script) and decrease CPU usage.

Even using the command line, with AppCmd, it is still pretty easy to install a custom PHP version in IIS Express and WebMatrix 3. Here is how.

Read More

Increased SQL injection activity: Since a week or so, I notice a huge increase in SQL injection attacks on various websites. Anyone else seeing the same SQL injection attacks lately? On various websites/databases, for example (some information redacted)

SELECT * FROM Figures WHERE tPath='1' and(SeLeCt 1 FrOm(SeLeCt count(*),CoNcAt((SeLeCt(SeLeCt CoNcAt(char(33,126,33),LoAd_fIlE(0x2f6574632f706173737764),char(33,126,33))) FrOm information_schema.TaBlEs LiMiT 0,1),floor(rand(0)*2))x FrOm information_schema.TaBlEs GrOuP By x)a) and '1'='1' ORDER BY ID_Figures DESC;
SELECT cnt_id, cnt_title, cnt_title_link, cnt_plaats, cnt_meta, cnt_content1, cnt_Publish, cnt_date_insert, cnt_laatste_bewerkt, keuze_afbeelding, Bnr_Visible_from, Bnr_Visible_till, Bnr_Visible_Unlimited FROM tbl_content WHERE Foobar and(select 1 from(select count(*),concat((select (select (select distinct concat(0x7e,0x27,column_name,0x27,0x7e) from `information_schema`.columns where table_schema=0x696E666F726D6174696F6E5F736368656D61 and table_name=0x494E4E4F44425F4255464645525F504147455F4C5255 limit 12,1)) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1 = 1 and cnt_Publish = 1 and ('2014-08-07 10:51:21' Between Bnr_Visible_from And Bnr_Visible_till or Bnr_Visible_Unlimited = 1) ORDER BY cnt_date_insert DESC LIMIT 0, 1;
SELECT * FROM course_offerings where courseID = '54' AnD sLeep(3) ANd '1';
SELECT * FROM course_offerings where ((courseTitle = '54' AnD sLeep(3) ANd '1') AND (courseType = 2));
SELECT page_content FROM pages WHERE page_name = 'weblog_en' AND SLEEP(3) oRDeR BY 1 #';

The sleep(3) in these SQL injection attacks (attempts) can be very nasty and can lead to MySQL sleep() attacks causing website and backend database-server Denial-of-Service (DoS) attacks. This is something I’ve described earlier.

Therefor, to prevent SQL injection, it is very important to validate user supplied input in your PHP, classic ASP, Perl and ASP.NET code! For PHP, use mysqli or PHP Data Objects (PDO) to prepare SQL statements. With classic ASP, use ADODB.Command object to prepare statements.

This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time our two projects have coordinated on joint security releases.

Read More

The other day I noticed several hung queries (SELECT statements) on one of the MySQL database servers I administer. All hung queries had in common they were runnig for a very long time, and mysqladmin processlist -v showed a sleep() command in the query. Given the casing of the command (SLeeP) this was obviously done by a sql injection tool of some kind. I could simply kill the MySQL queries and threads and be done with it, but I also wanted to be sure this MySQL sleep() attack couldn’t happen again.

Read More

SMTP and TLS with WordPress, by overriding the function wp-mail() and utilizing the PHPMailer class.

I was suprised WordPress is not able to send email using an SMTP server out-of-the-box. Not to mention using TLS transport for security. A quick Google search showed me multiple plugins to handle this. Hence, everything is handled through plugins in WordPress… Need to optimize your website?Use plugin x. Want a more secure WordPress? Use plugin y.

I haven’t checked how other plugins work, but I was sure that I wouldn’t want my SMTP credentials to be stored in the MySQL database. My thought was that storing the SMTP credentials in the wp-config.php file might be better. I decided to try something, and it turns out to be pretty easy! Just follow the next few steps and you’ll send emails from WordPress using authenticated SMTP (SMTP AUTH) over a StartTLS/TLS secured connection.

Read More

Perform regular Magento maintenance on IIS webservers for better performance

Magento Community Edition is a very popular ecommerce and webshop solution. And very bloated as we all know. Anywhere you run your Magento webshop, it’s important to perform maintenance. Carrying out maintenance on a regular basis optimizes Magento’s -and thus your website’s- speed and performance.
Two of such tasks are clearing out and emptying the MySQL database cache and log tables, and file system cache directories in /var. Most scripts and solutions out there are for Linux- and Unix webservers only. I decided to modify a Magento maintenance script to run on Windows Server and IIS too. For MySQL database optimization, it utilizes my MySQLi multi_query statement to optimize all MySQL tables in one statement.

Ask your hosting provider to schedule this script as a Windows Server scheduled task, for instance once a day, and you’ll notice a speed improvement of your Magento webshop. Next, add support for WinCache and your Magento webshop is very, very fast, even on IIS!

Read More

Mod_evasive

Mod_evasive is a module for Apache and IIS (with Helicon Ape), to provide protection and evasive action in the event of an HTTP DoS-, DDoS or bruteforce attack. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denies an IP address access to a website if it’s requesting the same page more than 10 times a second. This is configurable. Properly configured and tested, mod_evasive provides great security and protection from Denial of Service (DoS)- or Distributed Denial of Service (DDoS) attacks, and bruteforce attacks.

Read More

Umbraco listens to both http://example.com and http://www.example.com. This is not good for your Google ranking and SEO, since this will be seen as duplicate content. Fortunately, it is pretty easy to redirect your website to it’s www variant. Here you’ll learn how to accomplish this.

Read More

WordPress XMLRPC DDoS attacks?
Update 2014-08-07: WordPress and Drupal security updates fixes XML-RPC DoS

Since today, I notice a huge increase in HTTP POST requests on WordPress xmlrpc.php, on multiple websites. Anyone got a clue what is causing this? Are you seeing this too? Please comment.
I’ll update this post when (if) more information comes available, might it be something new.

This could be related to WordPress’ xmlrpc.php pingback DDoS vulnerability discoverd last March and reported by Sucuri, or it may be related to the WordPress pingback vulnerability reported by Acunetix. But it might be something new as well.

Read More

IIS loves to tell the world that a website runs on IIS, it does so with the Server response header as shown below. In this post I’ll show you how to rewrite and remove unwanted response headers in IIS, because we don’t want to give hackers too much information about our servers.

Read More

When the .svc web service handler doesn’t work on IIS 8.0 with ASP.NET 4.5

When a WCF web service returns a 404 Not Found error, after installing the HTTP-Activation feature in IIS, then you might need to add an extra Handler to your IIS configuration:

  • Request path: *.svc
  • Type:
    System.ServiceModel.Activation.ServiceHttpHandlerFactory, 
    System.ServiceModel.Activation, Version=4.0.0.0, Culture=neutral, 
    PublicKeyToken=31bf3856ad364e35
  • Name: svc-Integrated-4.0


Read More

Everyone wants a fast loading website, whether it’s based on WordPress, Drupal, Joomla, or something else. For WordPress, a lot of posts are available here to optimize WordPress performance, and Drupal can easily be improved with the BOOST module. But what about Joomla?

Here are three basic tips to improve Joomla performance and loading speed. All changes can be made through the administrator back-end of Joomla, or by downloading and editing the configuration.php file.

Read More


1 2 3 4 24
Search & find

Custom Search
About Sysadmins of the North

Hi and welcome to Sysadmins of the North!
Sysadmins of the North is just another technical blog. Just like so many others out there. Most posts are written in English, some in Dutch. On Saotn.org you can find all kinds of computer, server, web, sysadmin, database and security related stuff.

About me: My name is Jan Reilink. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing his daily thing at Vevida Services in the Netherlands. Living in the north of the Netherlands, so hence the name Sysadmins of the North :-)
Drop me a comment somewhere or send an email to say hi, or discuss about security, website or WordPress, performance, Windows or IIS topics.

Article translations

When an article is in a language you can't read (Dutch maybe...), don't worry. You'll find Google translate links in the right sidebar below.

Support Saotn.org

If you feel that Sysadmins of the North has helped solve your problem, saved time or you simply like Saotn.org, please consider making a donation. Thanks! :)

Advertisement

IT Books & WP Themes

Windows PowerShell Cookbook: The Complete Guide to Scripting Microsoft\'s Command Shell
DNS and BIND - 5th Edition
DNSSEC Mastery: Securing the Domain Name System with BIND
Windows Server 2012 Unleashed
Enfold - Responsive Multi-Purpose WordPress Theme
Striking MultiFlex & Ecommerce Responsive WordPress Theme

 

The Sysadmins of the North network

Just for the fun of it, Sysadmins of the North is hosted on mulitple servers:

  1. one (shared) Windows Server 2012, IIS 8.0 webserver running PHP 5.5
  2. one (shared) MySQL database server, running MariaDB 5.5
  3. one Varnish Cache HTTP reverse proxy with Nginx Droplet, for offloaded static content, running Debian 7.0 @ DigitalOcean
Easy share

Be social and share posts if you like them. Thanks!
RSS feed

 

If you like Saotn.org:
donate to Sysadmins of the North
Twitter Feed

What's happening, right now, around Saotn.org?


Bad Authentication data
Copyright © 2007-2014 Saotn.org . Design by OrangeIdea