Sysadmins of the North

Technical blog, where topics include: computer, server, web, sysadmin, MySQL, database, virtualization, optimization and security

Tag: web application security

Basic Authentication module for Windows Server IIS

Basic Authentication managed HTTP module for IIS with virtual users support

In my pursuit of a basic authentication alternative in IIS, other than the built-in Basic Authentication module or Helicon Ape, I came across Devbridge AzurePowerTools. It’s apparently one of few HTTP managed modules for IIS that enables HTTP Basic Authentication with support for virtual users.

Continue reading

Acunetix 11 Review by Help Net Security. Acunetix is one of the biggest players in the web security arena. The European-based company released the first version of their product back in 2005, and thousands of clients around the globe use it to analyze the security of their web applications. They recently unveiled Acunetix version 11, so Help Net Security decided to take it for a spin.

WordPress advisory: Akal premium theme XSS vulnerability

Over the course of one week I had the opportunity to audit two hacked WordPress websites. I could quickly discover two vulnerabilities: a Cross Site Scripting, or XSS, in a premium WordPress theme Akal, and a Denial-of-Service in an undisclosed newsletter plugin. This post describes the Akal premium WordPress theme XSS vulnerability.

Continue reading

Cracking PHP rand()

Sjoerd Langkemper writes about Cracking PHP rand(): Webapps occasionaly need to create tokens that are hard to guess. For example for session tokens or CSRF tokens, or in forgot password functionality where you get a token mailed to reset your password. These tokens should be cryptographically secure, but are often made by calling rand() multiple times and transforming the output to a string. This post will explore how hard it is to predict a token made with rand().

Continue reading

Generate pseudo-random passwords with OpenSSL

OpenSSL comes in handy when you need to generate random passwords, for example for system accounts and services. In this short post I’ll give you a quick example on how to generate random passwords with OpenSSL in Linux (Bash), Windows and PHP…

Continue reading

Joomla websites abused as open proxy for Denial-of-Service attacks

Joomla websites using the Googlemaps plugin for Joomla are actively abused as open proxy for launching Denial-of-Service (DoS) attacks. Even though the Googlemaps plugin vulnerability plugin_googlemap2_proxy.php was released over one and a half (1,5) years ago, I still see these DoS-attacks happening on a regular basis…

Continue reading

Exploit PHP’s mail() to get remote code execution

Exploit PHP’s mail() function to perform remote code execution, under rare circumstances.

Continue reading

Mod_evasive on IIS

Mod_evasive is a module for Apache and Windows Server IIS (using Helicon Ape). It provides protection and evasive action in the event of an HTTP DoS-, DDoS or brute force attack. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denies an IP address access to a website if it’s requesting the same page more than 10 times a second. This is configurable.

Continue reading

Huge increase in WordPress xmlrpc.php POST requests

WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites… Secure WordPress xmlprc.php interface and reduce service disruption.

Continue reading

“A journey to abused FTP sites”

Malware Must Die! has done a great, and extensive write-up on the subject of hacked and abused FTP sites (accounts). This topic fits well within my daily routine investigating and closing down hacked websites, for which I have to use various techniques for finding those hacked sites. As you might know, website security is one of the major themes of this site.

Continue reading

Validate MIME types with PHP Fileinfo

How to check the file type in PHP and secure file uploads: it is important to validate MIME types in PHP. Especially of files uploaded through an upload form to your website. Using PHP, the best way to validate MIME types is with the PHP extension Fileinfo. Any other method might not be as good or secure as you might think…

Continue reading

Clean-up WordPress spam comments and meta data

How to clean up WordPress spam comments and meta data with phpMyAdmin. A lot of WordPress spam comments and meta data will keep your WordPress database huge, and slows down your site. It’s best to delete spam comments regularly, but if you’re facing hundreds of thousands spam comments, here is how to delete them all in bulk

Continue reading

Don’t turn off CURLOPT_SSL_VERIFYPEER, fix your PHP configuration

An often heard solution to PHP cURL errors with SSL is to turn off CURLOPT_SSL_VERIFYPEER. Please don’t turn off CURLOPT_SSL_VERIFYPEER, but fix your PHP config instead. This article provides you two solutions to solve CA certificate validation errors with PHP cURL and OpenSSL. For system administrators and end-users.

Continue reading

7 Snippets to use .htaccess as a Web Application Firewall

.htaccess to secure your website

In this post I provide you with 7 .htaccess snippets to secure your website, by letting .htaccess act as a kind of Web Application Firewall (WAF). You can use this information to block out exploit- and rogue HTTP requests on your website.

Continue reading