Security

“Joomla sites misused to deploy malware” – Update

Posted on

The Internet Storm Center reports that a large number of Joomla sites are currently deploying malicious code and infecting visitors with malware; some WordPress sites are also thought to be affected. The German CERT-Bund⁠ Computer Emergency Response Team, which is operated by the German Federal Office for Information Security (BSI), has confirmed that similar attacks […]

Security

WordPress Crayon Syntax Highlighter Plugin “wp_load” Remote File Inclusion Vulnerability

Posted on

Charlie Eriksen has discovered a vulnerability in the Crayon Syntax Highlighter plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the “wp_load” parameter in wp-content/plugins/crayon-syntax-hightlighter/util/ajax.php and wp-content/plugins/crayon-syntax-hightlighter/util/preview.php is not properly verified before being used to include files. This can be exploited to include arbitrary PHP files […]

Security

“htaccess files should not be used for security restrictions”

Posted on

Many PHP web applications use .htaccess files to restrict access to specific files or directories that may contain sensitive information. For example, in order to restrict access to all files in a specific directory you can create a .htaccess file in that directory containing the string “deny from all”. In many cases it is wrong to impose security restrictions using .htaccess files.

Windows Server

Microsoft Deployment Workbench: silent installation of various applications

Posted on
Windows Server logo small

Silently deploy applications through Windows Deployment Services (WDS) / Microsoft Deployment Workbench, or the command line. Sometimes you just can’t find the correct command parameter – or switch – for silent, unattended software installations. Unattended, silent installation of software is ideal in an automated deployment installation of Windows Server or Windows 7, 8 & 8.1 […]

PHP

The PHP Benchmark

Posted on

PHPBench.com – The PHP Benchmark was constructed as a way to open people’s eyes to the fact that not every PHP code snippet will run at the same speed. You may be surprised at the results that this page generates, but that is ok. This page was also created so that you would be able […]

WordPress

Clean up WordPress post revisions

Posted on

Delete WordPress post revisions, turn them off and speed up your WordPress blog. Everytime you write or edit a WordPress post, WordPress saves the change as a post revision. As you might expect, this fills up your database with a huge amount of unneeded post revisions and information. This uses space which should be free […]