Collaborate Disseminate
I am developing an android application and in the future also for IOS, and I use a server in PHP.
Is it possible for my server to know the source of the application sending the requests?
For example, if someone modifies the apk of my app… Continue reading How can I prevent my server from receiving requests for a modified application? [duplicate]
My hoster placed a .user.ini in my public_html. What is the recommended file permission be? Now it’s 644.
Continue reading What is the best file permission for .user.ini in hosting folder?
How is it possible to detect malicious files or web shell on a vps web server?
I used to use a shared hosting, and when I tried to upload any malicious code for testing it got deleted automatically. Now I’m on my own vps and I want to inc… Continue reading How to detect malicious files or web shell on a vps web server
I am learning some web security. I have encountered some webshell on a system and want to test it further.
https://pastebin.com/LvGtfA9k
Before i test it on my system i want to know whether there is any backdoor in the above shell whic… Continue reading Any backdoor in this webshell script [closed]
The hack redirects all my sites to another site
All are running WP 5.4.1 (latest) and I even have a site that barely runs any plugins, just a simple open-source theme with 3 common plugins – Contact Form 7, etc.
Thus, can I assume the at… Continue reading All 4 WP sites hosted in A2 Hosting were hacked
After the second hack, we did all the necessary things written here – https://wordpress.org/support/article/hardening-wordpress/ , https://security.stackexchange.com/a/180925 and we also changed the file permission (wp-config.php to 400). … Continue reading My WP site just got hacked for the third time even after following WP hardening guidelines
OpenVAS found a vulnerability where it points to PHP versions 5.4.3 and 5.3.13.
But both the two hosts I checked with OpenVAS are running PHP 7.2.x.
Would this vulnerability be a false positive?
High (CVSS: 7.5) NVT: PHP-CGI-based setups … Continue reading Why does OpenVAS warn about PHP 5 when I am running PHP 7?
A friend of mine works for a company which owns a 15-ish years old website written in PHP using Apache/MySQL/home brew CMS and outdated hosting on OS Debian 8 “jessie”. SSH allows passwords (with no fail2ban or similar) plus both their “ad… Continue reading Prevent SQL injections on the old PHP website using software
While editing “live” CLI PHP scripts, which are regularly running on my computer and which interact with external services, such as sending POST data via HTTPS to some website, generating the content, I often have the paranoid thought that… Continue reading Can you think of any kind of bug which would make a PHP script send its own code, or part of its code, somewhere?
There is a standard XSS exploitation technique where one can use javascript keyword in <a href=””> to execute javascript code. Example:
<a href=”javascript:alert(42);”>please clickme</a>
Let’s us consider PHP code wh… Continue reading Is XSS possible when using htmlspecialchars and https prefix check in href?