“Joomla sites misused to deploy malware” – Update

The Internet Storm Center reports that a large number of Joomla sites are currently deploying malicious code and infecting visitors with malware; some WordPress sites are also thought to be affected. The German CERT-Bund⁠ Computer Emergency Response Team, which is operated by the German Federal Office for Information Security (BSI), has confirmed that similar attacks on and via Joomla servers have also been observed in […]

Continue reading

WordPress Crayon Syntax Highlighter Plugin “wp_load” Remote File Inclusion Vulnerability

Charlie Eriksen has discovered a vulnerability in the Crayon Syntax Highlighter plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the “wp_load” parameter in wp-content/plugins/crayon-syntax-hightlighter/util/ajax.php and wp-content/plugins/crayon-syntax-hightlighter/util/preview.php is not properly verified before being used to include files. This can be exploited to include arbitrary PHP files from external FTP resources.

Continue reading

"The length of the URL for this request exceeds the configured maxUrlLength value"

The length of the URL for this request exceeds the configured maxUrlLength value is an IIS error telling you the length of the given URL exceeds a limit. IIS default maximum length for a URL is defined by the HttpRuntimeSection.MaxUrlLength property. Its value is 260 characters. This may cause problems with longer than configured maxUrlLength URL’s, and here is how to resolve this issue…

Continue reading

“10+ useful SQL queries to clean up your WordPress database”

10+ useful SQL queries to clean up your WordPress database

Continue reading

DMARC: “Domain-based Message Authentication, Reporting & Conformance”

Just came across DMARC.org, which looks like a promising specification to fight email-based abuse. From its website:

Continue reading

“htaccess files should not be used for security restrictions”

Many PHP web applications use .htaccess files to restrict access to specific files or directories that may contain sensitive information. For example, in order to restrict access to all files in a specific directory you can create a .htaccess file in that directory containing the string “deny from all”. In many cases it is wrong to impose security restrictions using .htaccess files.

Continue reading

Free eBook: OWASP Top 10 for .NET developers

Free eBook: OWASP Top 10 for .NET developers

Continue reading

WordPress HyperDB is an advanced database class that supports replication

HyperDB database class. HyperDB: an advanced database class for WordPress, that supports replication and partition of data. HyperDB is a replacement for the standard wpdb class, which adds the ability to use multiple databases. HyperDB supports partition of data as well as replication.

Continue reading

Multiple IIS 6.0/7.5 Vulnerabilities

Multiple vulnerabilities found in IIS 6.0 and 7.5 web servers. On the Full-Disclosure mailinglist Kingcope posted several IIS 6.0 and 7.5 bugs. Because I am a Windows Server and IIS admin, I took some time to test the various vulnerabilities …

Continue reading

How to filter web traffic with blacklists

Block and filter unwanted web HTTP traffic with blacklists, on both IIS and Apache. Protect your website easily with this PHP blacklist class. Let’s create our own HTTP web blacklist filter.

Continue reading

Microsoft Deployment Workbench: silent installation of various applications

Windows Server logo small

Silently deploy applications through Windows Deployment Services (WDS) / Microsoft Deployment Workbench, or the command line. Sometimes you just can’t find the correct command parameter – or switch – for silent, unattended software installations. Unattended, silent installation of software is ideal in an automated deployment installation of Windows Server or Windows 7, 8 & 8.1 client computers, through Windows Deployment Services (WDS).

Continue reading

The PHP Benchmark

PHPBench.com – The PHP Benchmark was constructed as a way to open people’s eyes to the fact that not every PHP code snippet will run at the same speed. You may be surprised at the results that this page generates, but that is ok. This page was also created so that you would be able to find discovery in these statistics and then maybe re-run […]

Continue reading

Clean up WordPress post revisions

Delete WordPress post revisions, turn them off and speed up your WordPress blog. Everytime you write or edit a WordPress post, WordPress saves the change as a post revision. As you might expect, this fills up your database with a huge amount of unneeded post revisions and information. This uses space which should be free space, the MySQL database becomes bloated. You can clean up […]

Continue reading

How to use .htaccess files on Windows Server IIS

Learn how to use .htaccess in Windows Server IIS. In this post I’ll provide you with some useful .htaccess URL rewrite examples. URL rewrite examples that you can use on Window Server IIS for your website.

Continue reading

Umbraco CMS admin password reset

Umbraco admin password reset: When you’ve forgotten your Umbraco admin password, use the following SQL query to reset your password for Umbraco:

Continue reading