Sep 292014

The most new and dangerous bug around it’s the one called “shellshock”, this is a security bug in the widely used Unix Bash shell which was disclosed on 24 September 2014. Many Internet daemons, such as web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.

The bug causes Bash to unintentionally execute commands when they are stored in specially crafted environment variables. Within days, a series of further related vulnerabilities in Bash were found, leading to the need for further patches.

By 25 September, botnets based on computers compromised with this exploit were being used by attackers for distributed denial-of-service attacks and vulnerability scanning, source wikipedia

Let’s see how to check if your computer or server is vulnerable.
Continue reading »

flattr this!

Apr 022014


Article by: Kerry Blake

Apache is the most widely used Web server on the Internet. It was developed to work in Unix environment, but was ported to other server operating system like Windows. The Apache web server serves millions of websites and web-applications. A wide range of authentication schemes and a lot of language interfaces support and security features makes it the favorite Web server of millions of users all over the globe.

The stardom and popularity also makes websites that are backed by Apache favorite target among hackers. Websites that are backed by Apache often fall prey for hack attacks not because of security risks and holes in Apache, but mainly because of poorly written code and other security issues associated with Database. Apache and Linux combination provides good security, but things might go wrong if you don’t take the measures. There are several things one need to do to secure Apache. We have compiled a list of simple things you should perform to make you Web server secure.
Continue reading »

flattr this!

Mar 222013

Finally spring is come, it’s a good time to start to go out and do some walks, or perhaps it’s a good moment to take a look at the best articles published on during this cold winter.

This is a short list of the most read articles during last winter:

7 – The Importance of Securing a Linux Web Server

With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

Many risks are possible from a compromise including using the web server into a source of malware, creating a spam-sending relay, a web or TCP proxy, or other malicious activity. The operating system and packages can be fully patched with security updates and the server can still be compromised based purely on a poor security configuration. Security of web applications first begins with configuring the server itself with strict security in mind.
Continue reading »

flattr this!

How to log the correct Ip having Varnish and Nginx

When you run a webserver behind a reverse proxy or HTTP accelerator such as Varnish, the webserver access logs will display the IP of the proxy (generally instead of the end user’s IP. This is a problem when you have a software like webalizer, awstats or similar log file analysis program, because you lose [...]

The different faces of PHP

This is an article of mine first published on Wazi PHP is a widely-used language, it offers general purpose scripting that is well suited for Web development. It can be embedded into HTML, and is compatible with all major operating systems such as Linux, many Unix variants, Microsoft Windows, Mac OS X, RISC OS and [...]