Collaborate Disseminate
I have the Apache error.log file that has some access attempts that generate the errors below:
AH00082
AH01630
AH02430
AH00126
Is there any way to read the error.log file every minute, find the IP that generated this error code about 5 t… Continue reading Analyze Apache Logs and block IPs for errors
I am trying to setup SSL key logging with Apache 2.4 on Ubuntu 22.04.
I followed the very good Walkthrough provided by Lekensteyn in this post: Extracting openssl pre-master secret from apache2
What I have found is that the key logging do… Continue reading Problem Extracting SSL keys from Apache 2.4
I’m trying to scan my server (Apache2 on Debian), which is configured to support only TLS1.2 (and 1.3, presumably?). The config line is:
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
I scan it with:
msf6 > use auxiliary/scanner/ssl/ssl_versi… Continue reading Why does metasploit SSL scanner only show highest version available?
Attackers can exploit Apache Superset installations with default configurations to gain administrator access and execute code on servers and databases.
The post Organizations Warned of Security Risk in Default Apache Superset Configurations appeared fi… Continue reading Organizations Warned of Security Risk in Default Apache Superset Configurations
I manage some websites and one of them got a poor security rating (from sec scorecard). I have a managed server, so I asked the IT guys to help, but also would like to understand this issue a little more.
The problem is, there are old TLS1… Continue reading Remove old Cipher Suites [migrated]
I’m using Apache Airflow and I was troubleshooting built-in smtp setup. A mass email occurred on "ops@myexample.com". It was used as a "From:" email in a mass email attack.
Chronology: Started docker by running an exten… Continue reading Malicious Mass Email Attack Occurred, Do I Still Have Problem?
I’m new to PHP and Apache. I come from Node.js/Java backends and I’m new to this tech stack (PHP, CGI, Apache etc). My site currently uses ckeditor to handle user uploads and has high traffic. Often, someone, somehow just changes the names… Continue reading PHP website getting hacked – dir names changed [closed]
I have this version of Apache installed:
ApacheFriends XAMPP (Basispaket) version 1.6.8
Apache 2.2.9
MySQL 5.0.67 (Community Server)
PHP 5.2.6 + PHP 4.4.9 + PEAR
OpenSSL 0.9.8i
The ssl certificate was enabled, but I get this error on bro… Continue reading I get ERR_SSL_VERSION_OR_CIPHER_MISMATCH on apache server (installed with xampp on windows) [migrated]
I’m wondering if anyone knows how to approach this predicament I am facing using .htaccess.
I have a website that is accessible using 2 different domains. For one of the domains, I only want the website to be accessible to a subset of IPs … Continue reading Restrict access to specific http_host with .htaccess
Vulnerabilities like Log4j remain responsible for security breaches a full year after the discovery of the flaw. In the months after widespread reporting about the vulnerability, 40% of Log4j downloads remained vulnerable to exploitation. Rapid Response — by Both Security Teams and Hackers What made this exposure so damaging was how widespread this piece of […]
The post With 40% of Log4j Downloads Still Vulnerable, Security Retrofitting Needs to Be a Full-Time Job appeared first on Security Intelligence.