Currently viewing the category:
"Security"
In my development environment, we have 2 levels of PHPmyAdmin user, the superuser (root) and developer user. Superuser is able to access all features available in PHPmyAdmin and developer user is the database user for database planet_shop which have limitation as stated in MySQL user privilege table.
The current problem is that developer user, which [...]
We have several directories which have been restricted to some users in our company. Since they will need to authenticate before able to access the directory via web browser, I need to manage simple Apache user authentication using htpasswd.
User Authentication
To create new password protected directory under /home/website/public_html/secure1, create a new .htaccess file:
$ [...]
Scanning on FTP is really important in order to protect your server from the most popular file transferring method available to users. In my case, my boss wants to make sure every uploaded files via FTP is free from virus, trojan or malware.
In order to achieve this, I need to use PureFTPd as the [...]
Version
SELECT @@version;
Comments
SELECT 1; #comment SELECT /*comment*/1;
Current User
SELECT user(); SELECT system_user();
List Users
SELECT user FROM mysql.user;
List Password Hashes
SELECT host, user, password FROM mysql.user;
List Privileges
SELECT grantee, privilege_type, is_grantable FROM information_schema.user_privileges; SELECT host, user, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv, File_priv, Grant_priv, References_priv, Index_priv, Alter_priv, [...]
Following point is written from my experience and webmaster observation since becoming server administrator of various web servers:
Directory Browsing Enabled
Depending on your web host server configuration, you might need to check this feature should be DISABLED. If not, it will allow unnecessary access by public user to other files. [...]
If you install Apache and PHP web server from your distribution repository, the system will auto-configure your web server to handle PHP script using Dynamic Shared Object (DSO) handler. The major effect of DSO is Apache process will be run under Apache user (it can be user nobody, www-data or wwwroot). If some PHP script [...]
My boss recently wants me to create a dummy PHP information page as known as phpinfo. This page can gives much more information on your server environment and application supported inside the web server. His purpose is only want to mislead anyone who is trying to view the phpinfo.php file in the web server. And surprisingly, [...]
Some of our servers are running on Dell which include Open Manage Server Administrator (OMSA) to manage the physical server remotely. OMSA can be access via port 1311 in HTTPS by using web browser. Most of the time, I only use OMSA to manage and monitor our physical disk which run on RAID.
The version [...]
Since I have a DMZ server, it is possible to setup a SSH honeypot, where we can track what hackers and crackers are trying to do when got into our system. My honeypot server setup will be like this:
Variable that I used is:
OS: CentOS 6.2 64bit
Web [...]
The best server maintenance practice is to have all software run up-to-date by following the latest stable release. Most of our servers are has been upgraded to CentOS 6 from CentOS 5 (major release), but also need to upgrade from CentOS 6.0 to CentOS 6.2 (minor release) which usually comes by every about 4 to [...]
Do you have any files in the server that hold some sensitive information and you only want to open it using a password? That is where GPG helps. GPG stands for GNU Privacy Guard, a tools to encrypt and sign your data and communication, features a versatile key management system as well as access modules for [...]
At this moment, my designer encounter problem to access target.com, an online shopping website to see some of the stuff for their design work. Target.com only allowed connections from USA and Canada at this moment due to their website crash issue last couple of weeks. Since this is quite urgent, I need to setup a [...]
Subscribe via Email
Sci/Tech – Google News- Xbox One: What We Wanted vs. What We Got - PC Magazine 22 May 2013
- Twitter Enacts Extra Security Layer in Response to High-Profile Cyber Attacks - Fox Business 22 May 2013
- NASA awards grant for 3D food printer; could it end world hunger? - Pakistan Daily Times 22 May 2013
- Creator of GIF files insists it's 'jif' - Internet in turmoil - NBCNews.com 22 May 2013
- Nip narcissism in the bud - The Borneo Post 22 May 2013
