Password Protection Plugin Status
Enumerating Permissions can be Annoying
Don’t ask me how because I won’t tell you, but on one of the hosts I was testing on that did not allow direct access I was able to get the Apache server running as dhapache to erroneously write a file into my users blog directory. This is a big security no-no and I now have my .htaccess file written into the blog directory where it should go, but instead of my php script’s user having write access to the file so I can modify it, its owned by dhapache! Because the file is owned by dhapache I shouldn’t even be allowed to know it exists, but there it is. So the next step was to try and take ownership of the .htaccess file so that I could modify it. I tried and tried but was unsuccessful, I couldn’t modify it so that was another dead end. Actually it took me awhile to figure out how to remove the file from my directory. Being that it was owned by dhapache I couldn’t delete or modify it using my php process or even through ftp/ssh! Sysadmins regularly run find commands that search the servers for any files owned by dhapache that should not be there as this is a big red flag that someone has found a way to manipulate dhapache which could potentially lead to modifying dhapache-owned server config files, which sometimes is all it takes to hack your website and server.. Luckily I was able to delete it by basically running the hack again to overwrite the file.
Tagged: .htaccess plugin, Apache, askapache, htaccess, password protection, Security, WordPress | 2 Comments | Continue...
Ultimate Htaccess Tutorial for .htaccess files
This is not an introduction to .htaccess… This is the evolution of .htaccess… The BEST, the ORIGINAL, the NEWEST, and the most HIGHEST, FLYEST .htaccess tricks I can find.
Originally known as the “Ultimate .htaccess Guide”, its changed over the years by adding new .htaccess tricks and .htaccess examples to it.. I also add my favorite .htaccess links, the best .htaccess articles on AskApache, the coolest .htaccess experiments, the Web’s best .htaccess hacks, and update this article on the regular.
Tagged: .htaccess examples, Apache, Cache, caching, Files, FilesMatch, Google, Hacking, howto, htaccess, htaccess guide, htaccess help, htaccess howto, htaccess rewrite, htaccess tricks, htaccess tutorial, httpd, litespeed, mod_rewrite, Mod_Security, rewritecond, rewriterule, sample .htaccess, Security, SEO, seo secrets, SetEnvIf, ssl, ultimate htaccess | 56 Comments | Continue...
Advanced .htaccess Tricks for Securing Sites
This is all new, experimental, and very very cool. It literally uses .htaccess techniques to create several virtual “locked gates” that require a specific key to unlock, in a specific order that cannot be bypassed. It uses whitelisting .htaccess tricks to specify exactly what is allowed, instead of trying to specify everything that isn’t allowed. Also, by setting specific cookies/tokens after successfully passing through a gate, we can then require the exact cookie/token from the previous gate, which stops an attacker from skipping or bypassing gates.
Tagged: advanced, Hacking, htaccess, mod_rewrite, phpBB, Security, ssl | 7 Comments | Continue...
Optimize a Website for Speed, Security, and Easy Management
Learn how to setup, configure, secure, optimize, and create a low-maintenance website the AskApache way. I’m piecing together all the hacks, tricks, methods, and ideas discussed throughout this blog and all across Netdom and glueing them all together to show you how to have the most optimized, crazy fastest, and best website setup I can think of.
Tagged: Apache, Cache, compression, hosting, htaccess, optimization, Security, server | 5 Comments | Continue...
COMPUTER SECURITY TOOLBOX
List of mainly obscure security software geared more for the master pentester. These are mostly for unix, bsd, and mac and many are difficult to install and setup (require custom servers, inside access points, obscure libraries). Only programs that output data are included, so no actual exploits or anything. Most of these output extremely useful albeit extremely technical information.
About AskApache
Purpose and Goal of AskApache
To provide free access to knowledge and data with the goal of empowering people.. or more melodramatically: “Power to the People!”
Why the name AskApache? AskApache was chosen to show and pay respect to the contributors of the Apache Web Server. Literally it means to ask Apache when facing a problem, by searching the Open-Source, contacting a board/list, or browsing the documentation.
The Author
I work for a multimedia production / brand development & marketing company here in Indianapolis, the greatest city in the world! I started this blog in Dec., ‘06 to familiarize myself with WordPress as a blogging platform among other things for my job. I help expand/create a growing companies market-share online (and offline) by managing and building the brand and developing high-quality leads and loyal customers by building online funnels fed by SEO traffic and on/offline marketing campaigns. Other than the design and development costs for our minimum 12 month contract, we operate using a gain-share formula where we receive a percentage of the increased revenue that results from our services. This translates to fanatical attention to improving the bottom-line, and focus on long-term sustainable growth and overall success.
It’s important to me to note that unlike most systems set up like this, we are absolutely interested in creating customers/leads/whatever by providing real value for them. It’s much more difficult and takes a lot longer, but it is also self-sustaining as value attracts in an exponential manner. We are likely different than any model you’ve seen before in terms of lead-sales-marketing types.
My Background
I started on DOS, then Windows 2.11 (released 1989), and learned BASIC for my first language… then IBM PC assembly followed by Java, which I used as an excuse to stop learning assembly.. …
Automated Folder Backup Shell-Script
This simple unix shell script automatically creates backups of a specific folder at regular hourly, nightly, weekly, and monthly intervals. Instead of the usual method for copying directory trees using tar with fifo, pipes, rsync, or NFS methods this script uses cpio which is much much faster and has cool options like saving m/a/c times, symlinks, relative paths, and weird file names.
SEO Secrets of AskApache.com
Learn how in a year, with no previous blogging experience this blog was able to rank so high in search engines and achieve 15,000 unique visitors every day. Uses combination of tricks and tips from throughout AskApache.com for Search Engine Optimization.
Tagged: askapache, SEO, seo secrets | 5 Comments | Continue...
Mod_Security .htaccess tricks
Mod_Security rivals Mod_Rewrite in the amount of features it provides. I decided to go ahead and post what I learned about it today, even though its tough to give away such awesome htaccess and apache tricks.. Learn how to control spam once and for all, conditionally log/deny/allow/redirect requests based on IP, username, etc.. Mod_Security is so fine!
Tagged: Hacking, htaccess, Mod_Security, Security | 8 Comments | Continue...
Undetectable Sniffing On Ethernet
I have been in some tight spots where I had to sniff a password or two off the wire, or sniff some packets off the wire and based on the packets content perform some action… Accidentally, I stumbled on a method to sniff data while remaining undetected and invisible.
Tagged: Ethernet, Hacking, linux, nsa, Sniffing, Undetectable, wireshark | Continue...
.Htaccess rewrites, Mod_Rewrite Tricks and Tips
htaccess rewrite / Mod_Rewrite Tips and Tricks is as glamorous as it sounds! htaccess rewrite mod_rewrite is just possibly one of the most useful Apache modules and features. The ability to rewrite requests internally as well as externally is extremely powerful.
Tagged: htaccess, htaccess rewrite, mod_rewrite, Redirecting URLS, rewrite, Rewrite Tricks, rewritecond, rewriterule | 57 Comments | Continue...
Hacking VLAN switched networks
There isn’t much vlan info on the net in terms of specifics and I had to learn all about it because I needed to log in to a switch that was on a different vlan. With the help of the Ettercap developers NaGA and ALoR I figured it out.
Tagged: Hacking, VLAN | 1 Comment | Continue...
AskApache Password Protection, For WordPress
AskApache Password Protect adds some serious password protection to your WordPress Blog. Not only does it protect your wp-admin directory, but also your wp-includes, wp-content, plugins, etc. plugins as well. Imagine a HUGE brick wall protecting your frail .php scripts from the endless attacks of automated web robots and password-guessing exploit-serving scripts.
Hack WP-Cache for Maximum Speed
If you desire SPEED from your WordPress blog, the #1 speed improvement comes from using the WP-Cache Plugin. If you still desire SPEED after installing the Plugin, you can modify the WP-Cache Plugin code to make your blog even faster!
Update: AskApache Password Protect Plugin
WordPress plugin gives you control over HTTP Basic Authentication for your WordPress blog which among other things, stops most automated hacking attempts and exploits being attempted, cutting down on the number of requests, connections, and mysql queries for all WordPress blogs on the Internet.
Hacking WP Super Cache for Speed
A plugin built to generate static files from php+mysql for Apache to serve the way its supposed to be.. My dream. Conclusion: Needs some improvement, pretty sweet though.
SetEnvIf and SetEnvIfNoCase Examples
SetEnv, SetEnvIf, and SetEnvIfNoCase directives conditionally set environment variables accessible by scripts and apache based on HTTP Headers, Variables, and Request information.
Tagged: Examples, htaccess, mod_rewrite, mod_setenvif, SetEnv, SetEnvIf | 4 Comments | Continue...
PHP5 Custom Install Shell Script Example
Today I successfully learned how to compile and run multiple custom php installations for a DreamHost account, and to get it working I came upon a simple shell script that I made a couple changes to.
Referer Spoofing Using JavaScript
Even though at the moment I’m more into AJAX and simple behavioural unobtrusive javascript more than java, I still remember how excited I was back in 1995 when Sun released both beta and alpha Java versions to the public.. In fact I still have my Java 1.0 Unleashed book, which I’m looking at right now.
Want to know how to really hack?
An interesting post by a computer hacker explaining how to really hack.
Rigging the DreamHost Site of the Month Contest
Since I was disqualified and accused of cheating, which is absolutely false, I decided to go ahead and do the crime I have been punished for. That’s right, I’m going to show YOU how I could have rigged the DHSOTM contest to hopefully make the statement that I absolutely did not cheat and I absolutely want to be re-instated as the winner.
Install multiple OS Without Cds
I had a CD-RW drive but being a struggling computer security researcher I had no money for blank cd-recordables. What follows is how I managed to install various operating systems on my computer (1 hard drive) without having to burn to a CD the ISO and then boot from that.
Apache Variable Fun in htaccess
Server and Environment Variables are used by The Apache HTTP Server by provides a mechanism for storing information. This information can be used to control various operations such as logging or access control.
htaccess HTTPS / SSL Tips, Tricks, and Hacks
Apache has the best SSL/HTTPS support and can be controlled by the httpd.conf file or other HTTPD server configuration file. This htaccess tutorial has htaccess example code to make it easy to secure and use HTTPS and SSL with Apache.
Security with Apache htaccess Tutorial
Apache Security tips and tricks for securing Apache Web Servers using htaccess, httpd.conf, and other built-in techniques to thwart attackers. This really should be required reading for any Apache admin or user because these little tricks are so easy to do.
Tagged: Hacking, htaccess, mod_python, Security | 2 Comments | Continue...
Apache Authentication in htaccess
How to password-protect, Allow or Deny a visitor based on a condition. If you are having trouble getting htaccess-based password protection to work see: Troubleshooting htaccess Authentication: Getting it to work
Speed up your site with Caching and cache-control
Caching with .htaccess and Apache will take your website and your web skills to the next level. This is some technical and advanced methods condensed to simple htaccess code examples for you.
SEO Redirects without mod_rewrite
Web Professionals use mod_rewrite to issue 301 and 302 Redirects for Search Engines. Sometimes you may not have mod_rewrite.c or you want an alternative redirect method. Using mod_alias RedirectMatch you can use REGEX in Redirect commands!
Tagged: htaccess, ultimate htaccess | 11 Comments | Continue...
PHP htaccess tips and tricks
Htaccess php tips and tricks for the Apache HTTPD Web Server, mostly these tips show you how to run customized versions with customized php.ini files, I require custom php.ini files because they are so useful!
Manipulating HTTP Headers with htaccess
Apache .htaccess and httpd.conf have the power to send and manipulate HTTP Header Requests like sending P3P privacy headers, Content-Type: UTF-8, Content-Language, etc. The power is immense and you can do some really cool stuff with HTTP Headers!
htaccess Tricks for Webmasters
Some of my favorite htaccess examples from some of my favorite .htaccess tutorials. These cut-and-paste ready htaccess code snippets are very useful for website and server administrators.
Tagged: htaccess, htaccess tricks | 9 Comments | Continue...
htaccess rewrite, htaccess
Comprehensive .htaccess example file with advanced examples in 1 htaccess sample skeleton .htaccess file with the very best apache htaccess examples… Updated frequently based on detailed info from the Apache htaccess tutorial.
Sending POST form data with php CURL
CURL Guide for sending POST data form request with PHP and CURL
Tagged: curl, form, htaccess, PHP, post | 17 Comments | Continue...
Fight Blog Spam with Apache
Fighting Blog Spam with Apache htaccess and other methods.
Port Redirector
can you please suggest me any tiny and good port redirector
for linux and unix like oses ?
so that when I connect to the box to a given port it redirects my connection
to another box and port that I can chose ?
thanx a lot
Arp Packet Hacking
Part deux of Want to know how to really hack?
Question: can i arp poison a MAC which is not in my LAN or Network?
What about double-encapsulation? Like embedding the arp within something else..
I’d study the wire capture for awhile and use tools like isic and hping3 to see what types of rules are in place…
Then you can always try random weird protocols like a different vlan header on the packet or something… ettercapNG would allow this to work with some mods.
Maybe you should try accessing the switch/router that is inbetween the lans… that is what I would try first… determine device type and version, research the heck outta it, and see what you come up with… default password maybe? Then you could setup a 2-way mirroring situation on the switch or router.
Anothr little trick I’ve had to do is configure a dhcp or bootp server on a nix box and then turn off and on the power of the building to reboot the device. Usually for the first few seconds of the reboot it will allow things to happen which usually don’t. But if you configure the dhcp or bootp correctly, your in. Like maybe for the first 5 minutes after a reboot, access to a builtin webserver for remote configuration will be running. If so you can then learn the type and version, then find ways to breach with this info.
No switch or router can stop you.. infinite ways to attack this..
If you have unix flavor try messing around with the following programs.. arp, route, ifconfig, vconfig, arping, rarp.
If arp doesn’t go through youcould try and imitate the gateway that is allowed to send arp, and then try again.
arping might be especially useful to you.
#sends an arp reply to dest_ip from source_ip from interface eth0
$ arping -A -I…
My Picks
- THE Mod_Rewrite Cheatsheet
- AskApache .bash_profile
- Elite Log Viewing
- THE Ultimate Htaccess
- Intense Windows Speed
- DNS: Round Robin Speed
- Fsockopen: Nuts
- Rsync and SSH
The love of liberty is the love of others; the love of power is the love of ourselves.
-- William Hazlitt
Someone's Reading
Most Popular 100
- HTTP Status Codes and .htaccess ErrorDocuments
- .Htaccess rewrites, Mod_Rewrite Tricks and Tips
- AskApache Password Protection, For WordPress
Newest Posts
- 30x Faster WP-Super Cache and Site Speed with TMPFS
- Tips and Tricks for a BASH Power Prompt
- PortaPutty Auto-Reconnecting SSH Tunnels on an Encrypted TrueCrypt Portable USB Key w GPG
I'm Reading
- Go Null YourSelf
- AntiLimit
- BackTrack
- newestindustry.org
- Metasploit
- DoxPara Research
- Honeynet Project
- phpied
- MIT World
Tech Topics
- WordPress Plugins
- Google + SEO
- .htaccess Tips and Tricks
- Apache HTTPD
- Computer Security Articles
- Search Engine Experiments
- PHP Programming
- Linux / Unix / BSD
- Shell Scripting
- CSS, DOM, XHTML
- Advanced Shell-Scripting
htaccess Guide
- htaccess tricks for Webmasters
- HTTP Header control with htaccess
- PHP on Apache tips and tricks
- SEO Redirects without mod_rewrite
- mod_rewrite examples, tips, and tricks
- HTTP Caching and Site Speedups
- Authentication on Apache
- htaccess Security Tricks and Tips
- SSL tips and examples
- Variable Fun (mod_env) Section
- .htaccess Security with MOD_SECURITY
- SetEnvIf and SetEnvIfNoCase Examples
Website Speed Tips Series
- Turn On Compression
- Add Future Expires Header
- Add Cache-Control Headers
- Turn Off ETags
- Remove Last-Modified Header
- Use Multiple SubDomains
Donate
Please consider donating to support active development of the free software and articles here.
Good Causes
The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect. Tim Berners-Lee
It's very simple - you read the protocol and write the code. -Bill Joy
HTML | DCMI | GRDDL | XOXO | XDMP | XFN | DOM | XML | XHTML 1.1 Strict | CSS 2.1 | W3C | TLDP | WAI | DISA | ICSI | GIAC | SANS RR | GHOST | DEFCON | NIST | DHS CYBER | NIST | Phrack | GDB | IEEE | GIT | GNU LIBC
↑ TOPExcept where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. HTTPD based on NCSA HTTPd