MySQL InnoDB performance improvement: InnoDB buffer pool instances – Updated!
Are you running into MySQL load problems? Learn how to tune MySQL servers for a heavy InnoDB workload, by configuring innodb_buffer_pool_instances. Dividing the InnoDB buffer pool into multiple instances improves Disk I/O. By doing so, you run your database and website more efficiently and faster. Here is a little help for you.
KMS Migration from 2008 R2 to Windows Server 2012 R2 and KMS Activation Known Issues
How to migratie an Windows Server 2008 R2 KMS to Windows Server 2012 R2, for volume activation of Microsoft products? On a new KMS server? You don’t, apparently there is no Windows Server 2008 (R2) KMS to Windows Server 2012 R2 migration. There is no way to automatically transfer your KMS role along with the products its activating to another server. Luckily Charity Shelbourne wrote up a handy how to for this task.
17+ Useful WordPress snippets
Here are 17+ valuable WordPress snippets for site-specific plugins and functions.php to provide you a better WordPress experience. Enhance your WordPress site with these small PHP snippets: WordPress filters, actions and functions. Quickly add or extend the functionality you need for your WordPress website! Read on…
MySQL DoS in the Procedure Analyse Function – CVE-2015-4870
Sri Lankan Security researcher Osanda Malith discovered a DoS -or crash- vulnerability in MySQL’s Procedure Analyse Function. The vulnerability crashes MySQL versions up to 5.5.45.
Breaking into a WordPress site without knowing WordPress/PHP or InfoSec at all
Someone posted to notehub.org an article on how he broke into his college’s WordPress website, without having any prior knowledge of WordPress, PHP, and without any experience with hacking web servers. The attempts were spread out over a month, but effectively totaled a day maybe. The author said to have learned a lot of things while doing the research part which accounted for most of his time, though. On NoteHub, he shares some of the relevant details and how he went along doing this.
How to install IIS URL Rewrite Module on Windows Server 2016 & IIS 10
When you start to play with Windows Server 2016 and IIS 10, you’ll receive an error when you try to install the IIS URL Rewrite Module in IIS. The error occurs because the URL Rewrite Module installer contains an invalid version check for the IIS being used. Here is how to install IIS URL Rewrite Module in IIS 10…
Continue readingPowerShell blacklist check script: find an IP address’ blacklist status & reputation
Here’s a blacklist check script written in PowerShell. You can use this to lookup an IP address in various blacklists (DNSBL, RBL). Such a check is a great indicator for an IP address’ reputation. Basically this PowerShell blacklist checker is a port of my Bash script to check an IP address blacklist status in Linux.
Continue readingAppCmd introduction and examples
The AppCmd command is your one-stop-shop for administering Windows Server IIS web servers. In combination with WinRM it’s your Swiss Army knife for your daily routine. This post introduces appcmd and provides you with a lot of helpful appcmd examples.
Ghost on IIS with HTTPS, how to resolve a “Too many redirects” error
When you use iisnode to host the Node.js blogging software Ghost on your IIS web server, and you set up an SSL certificate for your Ghost website, you may run into too many redirect issues when changing Ghost’s config.js file. This happend to me yesterday, and here is the solution.
XSS Vulnerability in Wordfence 6.1.1 to 6.1.6
Security researcher Kacper Szurek reported a reflected XSS vulnerability in the current version of Wordfence. The CVSS scoring mechanism rates the severity of this XSS vulnerability as medium. A Wordfence update 6.1.7 is released to address the XSS vulnerability.
WordPress 4.5.2 Security Release
WordPress 4.5.2 – a security release – is just released tonight. WordPress 4.5.2 fixes a vulnerability through Plupload, the third-party library WordPress uses for uploading files.
ImageMagick Is On Fire – CVE-2016-3714
TL;DR: There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.
Get current number of FTP client connections (NonAnonymous) with PowerShell and Get-Counter
Ever wanted to know the current number of active FTP client connections on your Windows Server FTP Service? You can get this statistic using PowerShell, the Get-Counter cmdlet and the Microsoft FTP Service Current NonAnonymous Users performance counter.
Binary webshell through OPcache in PHP 7
GoSecure wrote up a new PHP exploitation technique using the default OPcache engine from PHP 7. Using this attack vector, it’s possible to bypass certain hardening techniques that disallow the file write access in the web directory. This could be used by an attacker to execute his own malicious code in a hardened environment.
Simple PowerShell introduction for Windows Server administration, automation and scripting
Windows PowerShell (“PS” for short) is an important tool in Windows Server for administrators. You can use PowerShell for Windows Server administration, software installation, automation, and shell/command-line scripting. Here is a small and simple introduction to Windows PowerShell.