prettyPhoto DOM based XSS on Saotn.org… This evening, after tweeting about preventing cross site scripting vulnerabilities, I received a reply from Olivier Beg. His reply to my tweet contained an image, as you can see above. He alerted me that Saotn.org was vulnerable to a DOM based XSS vulnerability, hidden in prettyPhoto used by my WordPress theme. Whoops! So, I had work to do! But, what is prettyPhoto and what exactly is a DOM based XSS?
Learn to block WordPress comment spammers manually. The less spammers hit your WordPress blog, the better your blog performs, is one of my opinions. A second is, the less unnecessary plugins you use on your WordPress blog, the better. So, a little while ago I decided to remove plugins like Stop Spammer Registration Plugin and do its work myself. Here is why & how.
How to use GnuWin32 ported tools like grep.exe and find.exe for forensic log file analysis in Windows Server. In this article I’ll give some real live examples of using these ported GnuWin tools like grep.exe for logfile analysis on Windows servers. The article provides three example, as an alternative to LogParser, because finding spam scripts fast is often very important.
An article explaining why .htaccess files should not be used to secure sensitive data. In many cases it is wrong to impose security restrictions using .htaccess files.
I needed a HTTP blocklist. Block and filter unwanted web HTTP traffic with blocklists, on both IIS and Apache webservers. Protect your website easily with this PHP blocklist class. Let’s create our own little HTTP filter.
Here are 7 .htaccess snippets for you to secure your website, by using .htaccess as a kWeb Application Firewall (WAF). You can use this information to block exploits and rogue HTTP requests on your website.