Collaborate Disseminate
ModSecurity blocked access due to the following:
[msg “XSS Filter – Category 3: Javascript URI Vector”] [data “Matched
Data: esrco found within ARGS:as_email:hearsesesrcool@yahoo.com”]
[severity “CRITICAL”]
Why does… Continue reading ModSecurity Rule 973338
In my organization I found servers running JBoss Web/7.0.13.Final and JBoss Web/7.0.12.Final.
I could not find security vulnerabilities for this server’s versions, but they seem old to me.
How can I find JBoss Web security … Continue reading JBoss Web vulnerabilities
I published the following diary on isc.sans.org: “Converting PCAP Web Traffic to Apache Log“: PCAP data can be really useful when you must investigate an incident but when the amount of PCAP files to analyse is counted in gigabytes, it may quickly become tricky to handle. Often, the first protocol
[The post [SANS ISC] Converting PCAP Web Traffic to Apache Log has been first published on /dev/random]
Continue reading [SANS ISC] Converting PCAP Web Traffic to Apache Log
I built a form that lets the user to upload files to a specific directory (apache2, php). I already limited file type and did some other security things. But I would anyway also like to deny the execution of those files to al… Continue reading How to deny execution of any file on a specific directory?
Every time I install Apache to test a script, this question comes up for me. I don’t do it very often, but I remember this being a pain point since about 2007.
A lot of tutorials/forums recommend using:
sudo chmod -R 777 /v… Continue reading What are the risks of mismanaging apache users/permissions and what is the right way to do it?
Recently I setup mod_evasive on my Ubuntu server to block any overload of HTTP requests to my website.
For some reason in the last 2 hours i’ve had 2 people blocked – which are in the same country as my client’s business is… Continue reading mod_evasive too sensitive? How can I set it to be more sensible?
I have a website in our development environment “Windows / Apache 2.4 server” that has client certificate authentication.
When you initially visit the site, it works ok. Since I have multiple client certificate installed, th… Continue reading Browser Suddenly gets kicked out of client certificate authenticated site on Apache Windows Environment
It’s time once again to see how those tax dollars are spent, this time in the form of a “Data Entry Keyboard” manufactured by Hughes Helicopters. This device was built circa 1986 or so, and was used in the AH-64A Apache. Specifically, this panel would have been located by the gunner’s left knee, and served as a general purpose input device for the Apache’s Fire Control System. Eventually the Apache was upgraded with a so-called “glass cockpit”; consolidating various vehicle functions into a handful of multi-purpose digital displays. As such, this particular device became obsolete and was pulled from the …read more
Continue reading Milspec Teardown: AH-64A Apache Data Entry Panel
I have a client who hosts multiple sites in Apache. They’re storing each site’s access.log and error.log in the docroot under logs/, and they’re publicly accessible via the web.
To me, this seems like bad practice, but I don… Continue reading Storing Apache logs in docroot
I found these entries in my access log, and I found them rather weird. As I don’t know what HEAD’s purpose is here or what their intent was with this. I have the first couple as an example, but it’s happened from multiple IPs… Continue reading What is going on with these requests? HEAD with encoded backslash, and my site embedded in the url