8 Tips to improve Joomla performance
...If you’re not running Joomla 3.6.5, at the time of this writing, then stop using Joomla entirely! Joomla (< 3.6.4) Account Creation/Elevated Privileges write-up and exploit Joomla 3.6.5 Security release...
Search Results for security
Convert .htaccess to web.config
...value --> <add name="Cache-Control" value="max-age=691200" /> </customHeaders> </httpProtocol> </system.webServer> </configuration> Also read: Learn how to set an HSTS HTTP Strict-Transport-Security header Remove Server response header in IIS One-time donation Your...
Free up disk space in Windows Server – 5 extra methods
...Control Panel > System and Security > System Click Advanced system settings, and click Settings… under Performance in System Properties In the Performance Options screen, click the tab Advanced, and...
MySQL Connector/NET and Entity Framework
...generated connection string <add name="modelEntities" connectionString="metadata=res://*/Model.csdl|res://*/Model.ssdl|res://*/Model.msl; provider=MySql.Data.MySqlClient; provider connection string="server=mysql.server.ext; User Id=mysqluser; Persist Security Info=True; database=mysqldb; password=mysqlpwd"" providerName="System.Data.EntityClient" /> Correct connection string <add name="modelEntities" connectionString="metadata=res://*/Model.csdl|res://*/Model.ssdl|res://*/Model.msl; provider=MySql.Data.MySqlClient; provider connection string='server=mysql.server.ext; User...
3 Ways of blocking sendmail.php on IIS webserver
...to the sendmail.php at an earlier stage and thus faster than using a URL Rewrite Module rewrite rule. <security> <requestFiltering> <denyUrlSequences> <add sequence="sendmail.php" /> </denyUrlSequences> </requestFiltering> </security> block sendmail.php by...
Disable ECDH public server param reuse in Windows Server IIS
...to in Windows Registry editor Using PowerShell: if(!(Test-Path "hklm:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\ECDH")) { New-Item "hklm:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms" -name "ECDH" } New-ItemProperty "hklm:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\ECDH" -Name EphemKeyReuseTime -Value -PropertyType DWord While you are at it, add your own...
HackRepair.com’s Bad Bots .htaccess in web.config for IIS
...Link\ Scout|zibber-v|zimeno|Zing-BottaBot|ZipppBot|zmeu|ZoomSpider|ZuiBot|ZumBot|Zyborg|Zyte).*quot; /> </conditions> <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" /> </rule> </rules> </rewrite> <security> <!-- To block IP addresses, see example format below. Add to list as needed: --> <ipSecurity>...
“How we broke PHP, hacked Pornhub and earned $20,000”
This is a very interesting read on how Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide) were able to find a PHP unserialize bug to exploit and gain remote code...
Tunnel RDP through SSH & PuTTY
Do you need to tunnel Remote Desktop over SSH with PuTTY? Have you ever been in a situation where you needed to perform remote administration on a Windows Server, and...
Retrieve SSH public key from Active Directory for SSH authentication
If you want to be able to log on to your Windows Servers through Win32-OpenSSH, you can make use of key-based authentication in OpenSSH through a ~/.ssh/authorized_keys file. But if...
Generate pseudorandom passwords with OpenSSL
In this post you’ll learn how to use OpenSSL to generate passwords – or create pseudorandom strings. Random strings you can use as secure passwords. Yes, hexadecimal and base64 strings...
Install SSL/TLS certificates in Windows Server using PowerShell
The following PowerShell snippet can be used to quickly install an SSL (or TLS) certificate in Windows Server. It assumes you have a PFX file and its password. The default...
PHP on IIS: “No input file specified”
When you host your PHP website on Windows Server IIS, you may receive an “No input file specified” error message, when a HTTP request is made to non-existing .php files....
How-to fix Windows Defender error “Get-MpComputerStatus : The extrinsic Method could not be executed.”
Enabling Windows Defender per GPO failed with an error message: “Get-MpComputerStatus : The extrinsic Method could not be executed.“. Here is how to resolve this issue. Photo by Ed Hardie...
Deny vulnerable WordPress plugins using Windows Server File Server Resource Manager’s File Screens
Using Windows Server File Server Resource Manager‘s File Screens you can block vulnerable WordPress plugins from being uploaded to your IIS web server. In the following example, you’ll learn how...
