28 Nov 2011
Sticky en verbeterd!
In mijn dagelijkse werk als systeembeheerder kom ik nog te vaak tegen dat websites van klanten gehackt of aangepast worden. Websites worden voorzien van iframes of andere codes. Of iets simpels als dat men geen e-mail meer kan versturen of ontvangen omdat een virusscanner instellingen heeft aangepast. Vaak is de computerbeveiliging niet op orde waardoor websites worden gehackt, spam verzonden en bankrekeningen via internetbankieren geplunderd.
Gezien het aantal artikelen over computerbeveiliging en tips daarvoor betekent dit dat de artikelen en/of materie te moeilijk, te onduidelijk, niet interessant of te complex is.
21 Aug 2014
E-Book Gallery for Microsoft Technologies, free content for Azure, ASP.NET, Office, SQL Server, SharePoint Server and other Microsoft technologies in e-book formats. Reference, guide, and step-by-step information are all available. All the e-books are free. New books will be posted as they become available.
More quality sysadmin & DevOps IT books selected for you. Categories include:
- DNS, DNSSEC and BIND
- Drupal, Node.js, WordPress (website and web applications)
- MySQL: installing, configuring, securing, optimizing and databases
- Security, hacking and forensics
- Windows Server 2012 (and R2) and IIS
20 Aug 2014
DefenseCode‘s Leon Juranic released an article explaining an old-school hacking technique: Unix wildcard poisoning attacks. No ASLR bypass, ROP exploits or 0day remote kernel exploits, but if you wonder how basic Unix tools like ‘tar’, ‘chmod’ or ‘chown’ can lead to full system compromise, keep on reading.
Currently, the default PHP version for Microsoft’s WebMatrix 3 is PHP 5.5.11. Which is good because it is 5.5.x. Sometimes you may need to upgrade or even downgrade the PHP version available in WebMatrix 3. If you have to match your development environment to your web hosting production environment for example. Or if you want to use OPCache and/or WinCache. The PHP modules OPCache and WinCache are PHP accelerators, used to cache PHP bytecode (the compiled version of the PHP script) and decrease CPU usage.
Increased SQL injection activity: Since a week or so, I notice a huge increase in SQL injection attacks on various websites. Anyone else seeing the same SQL injection attacks lately? On various websites/databases, for example (some information redacted)
SELECT * FROM Figures WHERE tPath='1' and(SeLeCt 1 FrOm(SeLeCt count(*),CoNcAt((SeLeCt(SeLeCt CoNcAt(char(33,126,33),LoAd_fIlE(0x2f6574632f706173737764),char(33,126,33))) FrOm information_schema.TaBlEs LiMiT 0,1),floor(rand(0)*2))x FrOm information_schema.TaBlEs GrOuP By x)a) and '1'='1' ORDER BY ID_Figures DESC;
SELECT cnt_id, cnt_title, cnt_title_link, cnt_plaats, cnt_meta, cnt_content1, cnt_Publish, cnt_date_insert, cnt_laatste_bewerkt, keuze_afbeelding, Bnr_Visible_from, Bnr_Visible_till, Bnr_Visible_Unlimited FROM tbl_content WHERE Foobar and(select 1 from(select count(*),concat((select (select (select distinct concat(0x7e,0x27,column_name,0x27,0x7e) from `information_schema`.columns where table_schema=0x696E666F726D6174696F6E5F736368656D61 and table_name=0x494E4E4F44425F4255464645525F504147455F4C5255 limit 12,1)) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1 = 1 and cnt_Publish = 1 and ('2014-08-07 10:51:21' Between Bnr_Visible_from And Bnr_Visible_till or Bnr_Visible_Unlimited = 1) ORDER BY cnt_date_insert DESC LIMIT 0, 1;
SELECT * FROM course_offerings where courseID = '54' AnD sLeep(3) ANd '1';
SELECT * FROM course_offerings where ((courseTitle = '54' AnD sLeep(3) ANd '1') AND (courseType = 2));
SELECT page_content FROM pages WHERE page_name = 'weblog_en' AND SLEEP(3) oRDeR BY 1 #';
sleep(3) in these SQL injection attacks (attempts) can be very nasty and can lead to MySQL sleep() attacks causing website and backend database-server Denial-of-Service (DoS) attacks. This is something I’ve described earlier.
Therefor, to prevent SQL injection, it is very important to validate user supplied input in your PHP, classic ASP, Perl and ASP.NET code! For PHP, use mysqli or PHP Data Objects (PDO) to prepare SQL statements. With classic ASP, use ADODB.Command object to prepare statements.
This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time our two projects have coordinated on joint security releases.
05 Aug 2014
The other day I noticed several hung queries (SELECT statements) on one of the MySQL database servers I administer. All hung queries had in common they were runnig for a very long time, and
mysqladmin processlist -vshowed a
sleep()command in the query. Given the casing of the command (SLeeP) this was obviously done by a sql injection tool of some kind. I could simply kill the MySQL queries and threads and be done with it, but I also wanted to be sure this MySQL sleep() attack couldn’t happen again.
SMTP and TLS with WordPress, by overriding the function
wp-mail() and utilizing the PHPMailer class.
I was suprised WordPress is not able to send email using an SMTP server out-of-the-box. Not to mention using TLS transport for security. A quick Google search showed me multiple plugins to handle this. Hence, everything is handled through plugins in WordPress… Need to optimize your website?Use plugin x. Want a more secure WordPress? Use plugin y.
I haven’t checked how other plugins work, but I was sure that I wouldn’t want my SMTP credentials to be stored in the MySQL database. My thought was that storing the SMTP credentials in the wp-config.php file might be better. I decided to try something, and it turns out to be pretty easy! Just follow the next few steps and you’ll send emails from WordPress using authenticated SMTP (SMTP AUTH) over a StartTLS/TLS secured connection.
25 Jul 2014
Perform regular Magento maintenance on IIS webservers for better performance
Magento Community Edition is a very popular ecommerce and webshop solution. And very bloated as we all know. Anywhere you run your Magento webshop, it’s important to perform maintenance. Carrying out maintenance on a regular basis optimizes Magento’s -and thus your website’s- speed and performance.
Two of such tasks are clearing out and emptying the MySQL database cache and log tables, and file system cache directories in
/var. Most scripts and solutions out there are for Linux- and Unix webservers only. I decided to modify a Magento maintenance script to run on Windows Server and IIS too. For MySQL database optimization, it utilizes my MySQLi multi_query statement to optimize all MySQL tables in one statement.
Ask your hosting provider to schedule this script as a Windows Server scheduled task, for instance once a day, and you’ll notice a speed improvement of your Magento webshop. Next, add support for WinCache and your Magento webshop is very, very fast, even on IIS!
24 Jul 2014
Mod_evasive is a module for Apache and IIS (with Helicon Ape), to provide protection and evasive action in the event of an HTTP DoS-, DDoS or bruteforce attack. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denies an IP address access to a website if it’s requesting the same page more than 10 times a second. This is configurable. Properly configured and tested, mod_evasive provides great security and protection from Denial of Service (DoS)- or Distributed Denial of Service (DDoS) attacks, and bruteforce attacks.
21 Jul 2014
WordPress XMLRPC DDoS attacks?
Update 2014-08-07: WordPress and Drupal security updates fixes XML-RPC DoS
Since today, I notice a huge increase in HTTP POST requests on WordPress
xmlrpc.php, on multiple websites. Anyone got a clue what is causing this? Are you seeing this too? Please comment.
I’ll update this post when (if) more information comes available, might it be something new.
This could be related to WordPress’ xmlrpc.php pingback DDoS vulnerability discoverd last March and reported by Sucuri, or it may be related to the WordPress pingback vulnerability reported by Acunetix. But it might be something new as well.
When the .svc web service handler doesn’t work on IIS 8.0 with ASP.NET 4.5
When a WCF web service returns a 404 Not Found error, after installing the HTTP-Activation feature in IIS, then you might need to add an extra Handler to your IIS configuration:
- Request path:
System.ServiceModel.Activation.ServiceHttpHandlerFactory, System.ServiceModel.Activation, Version=188.8.131.52, Culture=neutral, PublicKeyToken=31bf3856ad364e35
29 Jun 2014
Everyone wants a fast loading website, whether it’s based on WordPress, Drupal, Joomla, or something else. For WordPress, a lot of posts are available here to optimize WordPress performance, and Drupal can easily be improved with the BOOST module. But what about Joomla?
Here are three basic tips to improve Joomla performance and loading speed. All changes can be made through the administrator back-end of Joomla, or by downloading and editing the configuration.php file.