“How we broke PHP, hacked Pornhub and earned $20,000”

This is a very interesting read on how Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide) were able to find a PHP unserialize bug to exploit and gain remote code execution on Pornhub. Pornhub’s bug bounty program is at Hackerone In stead of actively attacking Pornhub, they took another road and attacked what Pornhub is built upon: PHP.

Read more

SSL in WordPress, how to move your WordPress site to HTTPS? The Definitive Guide

HTTPS

Add SSL and HTTPS in WordPress: an SSL certificate on your website is the de-facto standard nowadays. Google ranks sites having HTTPS – or an SSL certificate – higher in their SERP. But in WordPress, what do you need to do to set up and install an SSL certificate in your WordPress website? I’ll try to explain the steps to move WordPress from http to https in this post.

Read more

SQL PowerShell: July 2016 update

Ayo Olubeko of the SQL Server Blog writes in the SQL PowerShell: July 2016 update. The July update for SSMS includes the first substantial improvement in SQL PowerShell in many years. We owe a lot of thanks for this effort to the great collaboration with our community. We have several new CMDLETs to share with you, but firstly, there is a very important change we had to make to be able to ship monthly updates to the SQL PowerShell component.

Read more

MySQL InnoDB performance improvement: InnoDB buffer pool instances – Updated!

High Performance MySQL

Are you running into MySQL load problems? Learn how how I tuned my MySQL servers for a heavy InnoDB workload, by configuring innodb_buffer_pool_instances. Dividing the InnoDB Buffer Pool into multiple regions, or instances, improves Disk I/O. By doing so, you run your website, or application, efficiently and fast, by optimizing your MySQL database server InnoDB configuration. Here is a little help for you.

Read more

KB3157663: Cumulative Update for Windows Server 2016 Technical Preview 5

Windows Server 2016

When you’re installing Windows Server 2016 Technical Preview 5, don’t forget to install KB3157663 before installing any server roles, features, or other products. Installing KB3157663 prior to any other software will fix an error with DISM and Install-WindowsFeature, error code 0x800F081F:

Read more

KMS Migration from 2008 R2 to Windows Server 2012 R2 and KMS Activation Known Issues

How to migratie an Windows Server 2008 R2 KMS to Windows Server 2012 R2, for volume activation of Microsoft products? On a new KMS server? You don’t, apparently there is no Windows Server 2008 (R2) KMS to Windows Server 2012 R2 migration. There is no way to automatically transfer your KMS role along with the products its activating to another server. Luckily Charity Shelbourne wrote up a handy how to for this task.

Read more

10 Valuable WordPress snippets you never knew you could live without

WordPress.org logo

10 WordPress site-specific plugin and functions.php snippets that give you a better WordPress experience. Enhance your WordPress blog / website with these small PHP snippets; WordPress filters, actions and functions. Quickly extend the functionality you need for your WordPress website! Read on…

Read more

MySQL DoS in the Procedure Analyse Function – CVE-2015-4870

Sri Lankan Security researcher Osanda Malith discovered a DoS -or crash- vulnerability in MySQL’s Procedure Analyse Function. The vulnerability crashes MySQL versions up to 5.5.45.

Read more

Breaking into a WordPress site without knowing WordPress/PHP or InfoSec at all

Someone posted to notehub.org an article on how he broke into his college’s WordPress website, without having any prior knowledge of WordPress, PHP, and without any experience with hacking web servers. The attempts were spread out over a month, but effectively totaled a day maybe. The author said to have learned a lot of things while doing the research part which accounted for most of his time, though. On NoteHub, he shares some of the relevant details and how he went along doing this.

Read more

How to install IIS URL Rewrite Module on Windows Server 2016 & IIS 10

IIS URL Rewrite Module installation error IIS 10

When you start to play with Windows Server 2016 and IIS 10, you’ll receive an error when you try to install the IIS URL Rewrite Module. The error occurs because the URL Rewrite Module installer contains an invalid version check for the IIS being used. Here is how to install IIS URL Rewrite Module in IIS 10

Read more

PowerShell blacklist check script: find an IP address’ blacklist status & reputation

Here’s a blacklist check script written in PowerShell. You can use this to lookup an IP address in various blacklists (DNSBL, RBL). Such a check is a great indicator for an IP address’ reputation. Basically this PowerShell blacklist checker is a translation of my Bash script to check an IP address blacklist status in Linux.

Read more

,

AppCmd introduction and examples

AppCmd, in combination with WinRM, is the Windows Server IIS systems administrator’s swiss-army knife for his daily routine. This post introduces AppCmd and provides a lot of AppCmd examples.AppCmd.exe is a command-line utility to manage IIS 7+ web servers. It exposes all important IIS server management functionality available through a set of intuitive management objects that can be manipulated through the cmd.exe or PowerShell command-line, or through PowerShell scripts. In this post you’ll find more information about AppCmd usage and examples.

Read more

Ghost on IIS with HTTPS, how to resolve a “Too many redirects” error

Ghost logo

When you use iisnode to host the Node.js blogging software Ghost on your IIS web server, and you set up an SSL certificate for your Ghost website, you may run into too many redirect issues when changing Ghost’s config.js file. This happend to me yesterday, and here is the solution.

Read more

XSS Vulnerability in Wordfence 6.1.1 to 6.1.6

Security researcher Kacper Szurek reported a reflected XSS vulnerability in the current version of Wordfence. The CVSS scoring mechanism rates the severity of this XSS vulnerability as medium. A Wordfence update 6.1.7 is released to address the XSS vulnerability.

Read more

WordPress 4.5.2 Security Release

WordPress 4.5.2 – a security release – is just released tonight. WordPress 4.5.2 fixes a vulnerability through Plupload, the third-party library WordPress uses for uploading files.

Read more