The WordPress WP-Super-Cache cache plugin doesn’t minify HTML cache files, which I find a disadvantage. Knowing minify libraries, I went looking for an existing solution (why reinvent the wheel?), and found one: WPSCMin. Read on …Continue reading
The Joomla security team have just released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from 1.5 to 3.4. This is a serious vulnerability that can be easily exploited and is already in the wild.
Fox-IT writes in a blogpost Ponmocup – A giant hiding in the shadows: Ponmocup, first discovered in 2006 as Vundo or Virtumonde, is one of the most successful botnets of the past decade, in terms of spread and persistence. The reasons why this botnet is considered highly interesting are that it is sophisticated, underestimated and is currently largest in size and aimed at financial gain.
OpenSSL comes in handy when you need to generate random passwords, for example for system accounts and services. In this short post I’ll give you a quick example on how to generate random passwords with OpenSSL in Linux (Bash), Windows and PHP…
Does Magento 2 throw an error about
always_populate_raw_post_data being set to
0? And are you having problems installing or updating Magento with PHP 5.6 and PHP 7? Then read on, because here is how to fix upgrades to Magento 2.0 in PHP 5.6 and higher: PHP 7+.
Marcin Probola conducted a PHP static code analysis of the top ~1000 WordPress plugins, and the results showed 103 plugins were vulnerable to at least one vulnerability type (XSS, SQL injection). This is roughly 10 percent! Marcin Probola writes that scanning results were manually verified in his spare time and delivered to official email@example.com from 04.07.2015 to 31.08.2015. Most of reported plugins are already patched, some are not. Vulnerable and not patched plugins are already removed from official wordpress plugin repository.
Imperva’s Web Application Attack Report shows spam is WordPress’ largest security threat. Imperva, an international cyber security company founded in 2002, published its 2015 web application attack report. The report includes a thorough analysis of attack data obtained through its Web Application Firewall (or WAF).
Here is how you can verify whether an external command in PowerShell was executed successfully or not by its errorlevel. Simply by verifying PowerShell’s return value, or exit code…Continue reading
Rewrite and proxy HTTP requests in IIS using a .htaccess
In my case scenario, I had to proxy requests in IIS, because a website was moved from web server A to B, and the DNS wasn’t updated yet. All HTTP requests for the moved website are handled in IIS’ Default Web Site; that’s the wildcard host, and the original host no longer existed there. We needed to match our website and proxy those requests to the new IIS web server. This can either be done using a proxy with URL Rewrite, IIS Application Request Routing (ARR), or a
.htaccess file handled by Helicon Ape.
How to retrieve the Hyper-V virtual machine’s serial number with PowerShell? Sometimes you need to have the serial number of a Hyper-V virtual machine (VM, or guest). We, for instance, use this serial number in our automatic, unattended deployment of the guest operating system. But then you need to know how to find this serial number…Continue reading
Keep Saotn.org posts close to keep ahead.
The feedly news reader app for Android is a great way to have all Saotn.org posts available on your smartphone. Feedly news reader is basically just an RSS-feed reader that you can install on your smartphone or tablet. In just a few steps you add the Saotn.org RSS feed to your favorite newspapers, magazines and blogs.
The Baidu spider (BaiduSpider user agent) can be a real pain to block, especially since it does not respect a robots.txt as it should. The following IIS URL Rewrite snippet blocks the Baidu spider based on its User-Agent string.
Tune OPcache and make PHP OPcache perform even better! Now that you’ve optimized PHP realpath_cache_size, it’s time to fine-tune OPcache. With just a few tweaks you can tune PHP OPcache to make it perform much better, and here is how…Continue reading
A vulnerability in BIND, and all it takes is just one tiny little packet…
BIND 9.x is vulnerable for a remote Denial of Service, where a tiny magic packet can cause BIND 9.x to stop and exit named with a REQUIRE assertion failure. All the attacker needs to send is a specially – and deliberately – constructed packet to exploit an error in the handling of queries for TKEY records. The vulnerability in BIND will crash and take down the BIND named daemon…Continue reading