Posted inWeb application security

Test SMTP Authentication and StartTLS

Investigate SMTP authentication issues like a boss! Particular over TLS encrypted SMTP connections, it's always handy if you are able to test the SMTP authentication and StartTLS connection. Preferably from your command line. This post shows you how to test SMTP servers, create base64 encoded logon information, verify SMTP authentication over an opportunistic TLS connection, all from the Linux and Windows command line using OpenSSL.
17/05/2014Posted inWeb application security
Microsoft Internet Information Services logo
Posted inWindows Server

IIS Outbound Rules with gzip compression

Learn how to use URL Rewrite Outbound Rules in IIS, to offload content from a different server or host name. This way IIS with URL Rewrite acts as a reverse proxy. Add gzip compression to the mix, and this will improve website performance. In this post, I'll also show you how to fix the URL Rewrite Module error "Outbound rewrite rules cannot be applied when the content of the HTTP response is encoded ("gzip")." in IIS.
13/05/2014Posted inWindows Server
prettyPhoto DOM XSS on Saton.org
Posted inWeb application security

prettyPhoto DOM based XSS

prettyPhoto DOM based XSS on Saotn.org... This evening, after tweeting about preventing cross site scripting vulnerabilities, I received a reply from Olivier Beg. His reply to my tweet contained an image, as you can see above. He alerted me that Saotn.org was vulnerable to a DOM based XSS vulnerability, hidden in prettyPhoto used by my WordPress theme. Whoops! So, I had work to do! But, what is prettyPhoto and what exactly is a DOM based XSS?
04/05/2014Posted inWeb application security
Posted inWordPress

How to clean up Contact Form 7 temporary captcha files on IIS web servers

Contact Form 7 is a WordPress plugin that provides a simple but flexible contact form. On IIS, Contact Form 7 captcha has one HUGE disadvantage: temporary captcha files placed in wp-content/uploads/wpcf7_captcha, are not automatically removed. The files are made read only. Here is how to remove Contact Form 7 temporary captcha files on IIS...
28/04/2014Posted inWordPress
Posted inCode base

Set or remove the read-only attribute assigned to files with PHP chmod

Chmod.php, change file attributes with PHP, to make files read only or normally accessible on Windows IIS servers. Sometimes you need chmod to make files read only on your website, or make them normally accessible in case they already are read only. For instance Drupal's settings.php configuration file, or WordPress Contact Form 7 temporary captcha files, are examples of read-only files.
27/04/2014Posted inCode base
Umbraco Project Belle
Posted inUmbraco

Configure SQLServer sessionState for Umbraco

Prepare your Umbraco website for high performance web garden or web farm and load balancing environments: Store your sessions out-of-process (OutProc). As opposed to the default in-process (inProc) sessions, where sessions are saved in the worker process. Create a high performing, fast loading Umbraco website.
23/04/2014Posted inUmbraco
Posted inWordPress

How to load google-code-prettify syntax highlighting without plugins

If you run a WordPress blog where you display (parts of) source code, syntax highlighting is a must! It prettifies the code which makes it easier to read and it distinguishes code from text. However, most syntax highlighting is made available through plugins, and we all know too many plugins bring a lot of overhead to your blog. So, conditional load in WordPress: Load javascript only on posts in WordPress.
23/04/2014Posted inWordPress
Posted inCode base

Don’t turn off CURLOPT_SSL_VERIFYPEER and fix your PHP configuration

Don't turn off CURLOPT_SSL_VERIFYPEER but fix your PHP configuration to resolve SSL errors in PHP. These errors are often caused by not having an up-to-date bundle of CA root certificates on your system. So please, don't turn off CURLOPT_SSL_VERIFYPEER in your PHP config, but fix the cURL errors by updating cURL's bundle of CA root certificates and your php.ini configuration.
10/06/2013Posted inCode base
magnifying glass near gray laptop computer
Posted inWeb application security

Grep for forensic log parsing and analysis on Windows Server IIS

How to use GnuWin32 ported tools like grep.exe and find.exe for forensic log file analysis in Windows Server. In this article I'll give some real live examples of using these ported GnuWin tools like grep.exe for logfile analysis on Windows servers. The article provides three example, as an alternative to LogParser, because finding spam scripts fast is often very important.
19/04/2013Posted inWeb application security
Posted inWindows Server

Create your own PHP based Origin Pull CDN

The advantage of having your website content hosted on a Content Delivery Network (CDN) is having your content distributed and stored across the Globe. Utilizing the network of the Content Delivery Network provider. Hosting your WordPress website on a Content Delivery Network is an important WordPress optimization tip. Here is how to create your own Origin Pull CDN with just a few lines of PHP...
17/02/2013Posted inWindows Server
Posted inWindows Server

Convert .htaccess to web.config

This post describes some of the IIS URL Rewrite Module web.config equivalents of commonly used Apache .htaccess settings. This is useful when you convert your Apache .htaccess to IIS web.config. The second part of this post outlines how to use Internet Information Services Manager to import and convert .htaccess rules to web.config.
08/02/2013Posted inWindows Server