Collaborate Disseminate
A hacker submitted this via apache $_SERVER[“HTTP_IF”]:
http://localhost/aaaaaaa潨硣睡焳椶䝲稹䭷佰畓穏䡨噣浔桅㥓偬啧杣㍤䘰硅楒吱䱘橑牁䈱瀵塐㙤汇㔹呪倴呃睒偡㈲测水㉇扁㝍兡塢䝳剐㙰畄桪㍴乊硫䥶乳䱪坺潱塊㈰㝮䭉前䡣潌畖畵景癨䑍偰稶手敗畐橲穫睢癘扈攱ご汹偊呢倳㕷橷䅄㌴摶䵆噔䝬敃瘲牸坩䌸扲娰夸呈ȂȂዀ栃汄剖䬷汭佘塚祐䥪塏䩒䅐晍Ꮐ栃䠴攱潃湦瑁䍬Ꮐ栃千橁灒㌰塦䉌灋捆关祁穐䩬&g… Continue reading How do I decode this hacker payload?
In my application there are couple of PHP scripts that need about 2-3 hours to be executed by requests from the application admins. I failed to change the Apache TimeOut directive limit only for these scripts.
So I decided t… Continue reading Is setting the Apache’s TimeOut directive to 3 hours risky?
We tried zxid a few years back – got it working with consulting help and special tweaks for the customer but the project was cancelled. Now we have a new need to link to SAML for another customer. This is going to be vanill… Continue reading SAML plug-ins for Apache httpd or Apache Tomcat?
Using django, I get the following error showing up in my apache errorlog:
Invalid HTTP_HOST header: ‘kyortisdzheykob.ru’. You may need to add u’kyortisdzheykob.ru’ to ALLOWED_HOSTS.
But I do not have any mention of this ho… Continue reading Getting a suspicious error in apache error.log (DJANGO)
I have a web server with many virtual hosts, config files, etc.
I’d like to track all of my web server & PHP config files using Git and have them hosted on a public GitHub repository, as this will make managing and backi… Continue reading What are the security implications of publishing my web server & PHP config files?
for example, in .htaccess we deny direct access to specific file example.com/myfile.txt, using this command:
RewriteEngine on
RewriteCond %{THE_REQUEST} myfile.txt
RewriteRule ^ – [F,L]
that says, if url contains myfil… Continue reading Is there any way to bypass .htaccess PATH restriction (in URLs)?
I have Apache web server configured for reverse proxy. with telnet command, I can connect to different URL. but when scan with nmap. it not returning the CONNECT method output.
when connect to my web server with telnet got t… Continue reading nmap not scanning open proxy connect web server
I have been given a server to hack into for a cyber security class I have taken.
After using dirb to look at the file structure, the only accessible file was the phpinfo.php file. I need to use this file to find the path to … Continue reading How can I use phpinfo.php file to find new files on a server
Is there any way to stop/block proxy servers to access https based sites ?.
As I have enabled mod_geoip to allow certain countries traffic, to access our critical websites, but still open web proxies are easily searchable b… Continue reading How to block proxy servers to access HTTPS based sites
I’m running an Apache 2 server with Ubuntu 16. Here’s my current configuration:
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite
I’m a bit confused as to what I should use for SSLCipherSuite. I’m takin… Continue reading SSL – Enabling Forward Secrecy with or without RC4