This morning, I was reading ArsTechnica like I do every morning, and saw an article about how yet another popular WordPress plugin was found to have a remote execution vulnerability. The comments on the article were predictably bad and misinformed, so I decided to look into the security fix and see what caused the original […]
Security
LAMP Server Setup Pt. 3
Configuring Apache HTTP Server to run in a chroot jail using mod_chroot is easier that doing it manually, but it still isn’t the simplest process in the world. As of Apache 2.2.10, Apache includes mod_chroot functionality, and to enable it, you only need to set ChrootDir /chroot/httpd and you’re done. Well not quite, you still […]
LAMP Server Setup Pt. 2
Mod_Security is a great module for Apache 2 which adds many new security features and fixes a number of exploits. It’s also quite easy to install. Installation Requirements ModSecurity 2.x works only with Apache 2.0.x or higher. Version 2.2.x is highly recommended Make sure you have mod_unique_id installed mod_unique_id is packaged with Apache httpd libapr […]
Checking for root kits
“A root kit is one variety of hacker tool kit. It can perform a number of functions depending on the flavor of the root kit. The original core of most root kit applications was some kind of network-sniffing tool designed to allow the attacker to find additional usernames and passwords. More recently, these functions have […]
What really happens when you delete a file?
There are a lot of misconceptions about deleting computer files, with many of them being caused by those damn Hollywood movies! In this article I am going to talk about default, modern setups for Microsoft Windows, Linux, and Mac. When you delete a file, it normally goes to the Recycling Bin on your computer. This […]
Compiling PHP with Suhosin
So upon checking php.net I noticed they released PHP 5.2.11. I still haven’t upgraded to PHP 5.3.0 because it breaks too many things and I haven’t bothered to figure out how to install both of them at the same time (Working on it though). I’ve compiled PHP so many times I can do it quickly […]
- Development
- ...
Essential PHP Security
PHP is a high level language, and is very secure, but only when used properly. Failure to check user input is one of the most common mistakes among new php users. Here are some more mistakes, and their solutions All forms should be validated with PHP. Use isset instead of strlen if you are checking […]