Posted inCode base
Check website availability with PHP and cURL
Perform a PHP cURL request to check if your website is up or not. Verify your website's online status and availability using just PHP.
Posted inWeb application security
Exploit PHP mail() to get remote code execution
If you are able to control the 5th parameter of PHP mail() function ($options), you have the opportunity to execute arbitrary commands. Remote Code Execution (RCE) in PHP mail()
Posted inWindows Server
Custom PHP version on IIS Express and WebMatrix 3
PHP 7 with OPcache in IIS Express for Microsoft WebMatrix 3: learn how to create your own PHP development environment easily with Microsoft WebMatrix and IIS Express and your own custom PHP version. Note: this guide also applies to newer PHP versions, just change the version numbers. (outdated)
Posted inWeb application security
Increase in SQL injection attacks
Since a week or so, I notice a huge increase in SQL injection attacks on various websites. Anyone else seeing the same SQL injection attacks lately? This increased SQL injection activity - on various web sites and databases - has the following characteristics
Posted inWeb application security
MySQL sleep() attacks
MySQL sleep() command injection attacks: how not validating your PHP user input can lead to Denial of Service (DoS) attacks against websites and back-end database servers. Simply by putting "AND sleep(3)" in the address bar... Here is how to put a MySQL server to sleep, happy SQL injection!
Posted inWordPress
Send authenticated SMTP email over TLS from WordPress
How to configure TLS for SMTP email in WordPress. I was suprised WordPress is not able to send email using an SMTP server out-of-the-box. Not to mention using authenticated SMTP or TLS transport for security. A quick Google search showed me multiple plugins to handle this, but I wanted to create something myself. Here is how to override the wp-mail() function and send email using authenticated SMTP and StartTLS from WordPress.
Posted inCode base
Magento maintenance script for IIS
Optimize the speed and performance of your Magento ecommerce webshop by carrying out important maintenance. Now for Windows Server IIS too. Remove old MySQL database log files and Magento cache data on a regular basis.
Posted inWindows Server
Mod_evasive on IIS
Website DDoS protection with mod_evasive.Mod_evasive is a module for Apache and Windows Server IIS (using Helicon Ape). It provides protection and evasive action in the event of an HTTP DoS-, DDoS or brute force attack. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denies an IP address access to a website if it's requesting the same page more than 10 times a second. This is configurable.
Posted inWordPress
Huge increase in WordPress xmlrpc.php POST requests
WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites... Secure WordPress xmlprc.php interface and reduce service disruption.
Posted inWindows Server
Remove IIS Server version HTTP Response Header
Windows Server IIS love to tell the world a website runs on IIS. And dito for ASP.NET Framework. But this gives hackers a lot of information, right? Let's remove the IIS Server header and ASP.NET version headers. Security by obscurity as a pro :-)
Posted inWindows Server
.svc WCF web service returns 404 Not Found on IIS 8
When a Windows Communications Foundation (WCF) web service returns a 404 Not Found error, after installing the HTTP-Activation feature in IIS, you might need to add an extra Handler to your IIS configuration.
Posted inWeb applications
8 Tips to improve Joomla performance
Speed-up Joomla with just a few config settings: 8 Tips to improve Joomla performance. Add caching, gzip compression, set your sessions & optimize MySQL database functions... Provide your visitors with a blazing fast Joomla website!
Posted inMySQL
MySQL database optimization with indices
MySQL indexes (indices) are important. Why? Because they speed up the process for MySQL to find requested information.
Posted inMySQL
Convert MySQL MyISAM tables to InnoDB
Convert MyISAM to InnoDB for better database performance. In the earlier days of MySQL, the default storage engine for your database tables was "MyISAM". InnoDB is the engine to use now, and MyISAM is no longer actively developed. Therefore all MySQL optimizations are for InnoDB, and it's recommended to switch from MyISAM to this InnoDB storage engine for your MySQL database tables. Follow this tutorial on how to convert from MyISAM to InnoDB.
Posted inWindows Server
Send email with Ghost using SMTP authentication and TLS encryption
As you know, more and more web hosting providers require SMTP authentication (often abbreviated as SMTP AUTH) and a TLS encrypted connection to send email. Here you'll find some script examples to Send secure SMTP email from your website.