security

Joomla websites abused as open proxy for Denial-of-Service attacks

Joomla websites using the Googlemaps plugin for Joomla are actively abused as open proxy for launching Denial-of-Service (DoS) attacks. Even though the Googlemaps plugin vulnerability plugin_googlemap2_proxy.php was released over one and a half (1,5) years ago, I still see these DoS-attacks happening on a regular basis… Jan ReilinkMy name is Jan. I am not a…

Continue reading Joomla websites abused as open proxy for Denial-of-Service attacks

Increase in SQL injection attacks

Since a week or so, I notice a huge increase in SQL injection attacks on various websites. Anyone else seeing the same SQL injection attacks lately? This increased SQL injection activity – on various web sites and databases – has the following characteristics: Jan ReilinkMy name is Jan. I am not a hacker, coder, developer…

Continue reading Increase in SQL injection attacks

MySQL sleep() attacks

MySQL sleep() command injection attacks: how not validating your PHP user input can lead to Denial of Service (DoS) attacks against websites and back-end database servers. Simply by putting “AND sleep(3)” in the address bar… Happy SQL injection! Jan ReilinkMy name is Jan. I am not a hacker, coder, developer or guru. I am merely…

Continue reading MySQL sleep() attacks

Mod_evasive on IIS

Mod_evasive is a module for Apache and Windows Server IIS (using Helicon Ape). It provides protection and evasive action in the event of an HTTP DoS-, DDoS or brute force attack. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denies an IP address access to a website…

Continue reading Mod_evasive on IIS

prettyPhoto DOM based XSS

prettyPhoto DOM based XSS on Saotn.org… This evening, after tweeting about preventing cross site scripting vulnerabilities, I received a reply from Olivier Beg. His reply to my tweet contained an image, as you can see above. He alerted me that Saotn.org was vulnerable to a DOM based XSS vulnerability, hidden in prettyPhoto used by my…

Continue reading prettyPhoto DOM based XSS

Fix "Could not establish trust relationship for the SSL/TLS secure channel" error

Today one of our clients received a System.Net.WebException error on a newly deployed ASP.NET web application. Part of the exception was: “System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.“. Here is how we resolved that issue. Jan ReilinkMy name is Jan. I am not a hacker, coder,…

Continue reading Fix "Could not establish trust relationship for the SSL/TLS secure channel" error

How to send authenticated SMTP over a TLS encrypted connection, in PHP, ASP and ASP.NET?

Send authenticated SMTP (auth-SMTP) over a TLS encrypted connection. If you want to send email securely from your website, this post is for you! In this post I’ll provide some script examples for ASP, PHP, and ASP.NET (C# / VB.Net) that you can easily integrate in your website. Jan ReilinkMy name is Jan. I am…

Continue reading How to send authenticated SMTP over a TLS encrypted connection, in PHP, ASP and ASP.NET?