Collaborate Disseminate
Just like: Apache/Linux server, DoS attack from own IP
I’m experiencing something quite odd as the OP in that question. I had a similar problem, a kind of DoS attack using my own server IP.
I found out, in my case, that main root problem… Continue reading Discover PHP scripts that are calling URLs [migrated]
Data management company Datastax, one of the largest contributors to the Apache Cassandra project, today announced that it has acquired The Last Pickle (and no, I don’t know what’s up with that name either), a New Zealand-based Cassandra consulting and services firm that’s behind a number of popular open-source tools for the distributed NoSQL database. […] Continue reading Datastax acquires The Last Pickle
If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.
Yes, that’s possible because all versions (9.x/8.x/7.x/6… Continue reading GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat
I’m using LDAP authentication in Django, as shown below and also using password hashers.
from django_auth_ldap.config import PosixGroupType, LDAPSearch
import ldap
PASSWORD_HASHERS = [
‘django.contrib.auth.hashers.PBKDF2PasswordHashe… Continue reading How to apply hashing SHA256 on Django LDAP login? [closed]
So, I was involving in one of projects where client site and admin panel/dashboard was hosted on different sites. Not like a lot of CRM`s do or 90% of common sites (just in /admin or other URL location on root client site), but literally o… Continue reading Is it possible to bypass .htacess protection?
I am monitoring a webdav service that has been probed repeatedly since the beginning of February. The Apache 2.4 httpd server hosts just this one application. Access to the application is only possible over https and is controlled by an … Continue reading can one obtain a file listing from a protected directory when one has not authenticated
A few days ago while messing around with a web server, I put my server into a DMZ via my router and forgot to disable it. I opened port 80 and 3306 on the server’s firewall (Windows Server) to access it on my LAN. Today I logged into the s… Continue reading Left port 80 exposed, several IPs accessed phpmyadmin
I recently ran a Nessus scan on my network, and one of the issues that it revealed is a possible avenue for cookie injection (session fixation) through Javascript. The related Nessus issue can be found here:
https://www.tenable.com/plugin… Continue reading Patching session fixation issue on Apache server
Today I got reports about one of my websites becoming inaccessible. I’ve come to learn that at the time we were under DDOS attack.
After getting through that, the website started throwing a permission denied error, so I narrowed it down t… Continue reading .htaccess File Changed – Question About Possible Breach Or Default Defense Mechanism
Is it possible that a user can hack a server running Apache httpd from the website it hosts? Let’s say I have a PHP web application running under Apache with explicit user www-data in the virtual host configuration. If the user hacks the w… Continue reading Can a user hack a server running apache from a website