While playing around with the Nmap Scripting Engine (NSE) we discovered an amazing number of open embedded devices on the Internet. Many of them are based on Linux and allow login to standard BusyBox with empty or default credentials. We used these devices to build a distributed port scanner to scan all IPv4 addresses. These scans include service probes for the most common ports, ICMP ping, reverse DNS and SYN scans. We analyzed some of the data to get an estimation of the IP address usage.
Hacking
Google's mod_pagespeed speeds up your site and reduces page load time. This open-source Apache HTTP server module automatically applies web performance best practices to pages, and associated assets (CSS, JavaScript, images), all transparently like a Squid Proxy.
With TMPFS you can dramatically improve the speed of mod_pagespeed and the webpages served by it. TMPFS will store/serve the optimized PageSpeed output directly from RAM!
Hosting Apache Google mod_pagespeed Nginx PageSpeed RAM tmpfs
Hacking Cheat sheet linux
One of the most cost-effective ways to drive traffic to your Web site is to optimize it for search engines. Many of them use automated programs called "crawlers" or "spiders" to create an index of the Web, which they use to determine what sites are most relevant to users' queries. These programs essentially visit Web sites, read the pages' content, and follow any links to other pages, repeating the process
SEO
Using memcache for me personally and the client sites I work on, has improved performance by over 1000%, in some cases even higher than that. It is a truly revolutionary way to optimize the performance of MySQL queries, remote requests such as to twitter or other apis, and this article is step 1. Plan is to go all the way to step 10 in future articles, it it grossly underused and misused in the WP world.
Optimization, WordPress Cache Load memcache memcached performance server speed
I am almost ready to publish the final tutorial on using ssh tunnels from a truecrypt partition on a Windows machine. Of course I choose to go way overboard in my research and the tutorial is full of some pretty awesome windows tricks.. I will come back to this post soon and post all the other advanced tools I use for debugging windows, for now though you MUST know how to debug the kernel and use these basic debugging tools.
Windows Assemblers basic debugging tools Debug Debuggers Debugging Kernel
Just a quick reference to all those delicious unicode characters and how they render on the web‽‽
Web Development symbols Unicode
SEO
Htaccess
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "google.com"
ErrorDocument 403 https://google.com
Some of the Ins and Outs of using SSL Connections with Apache.
Htaccess 301 Redirects Htaccess mod_rewrite SSL
Software keyboard linux Mac mouse Synergy Windows
Htaccess 301 Redirects Htaccess
Some good examples for how to use the Files and FilesMatch directives in .htaccess files and httpd.conf files for Apache.
<FilesMatch ".(htm|html|css|js|php)$">
AddDefaultCharset UTF-8
DefaultLanguage en-US
</FilesMatch>
Htaccess FilesMatch
SOPA: Anonymous Lists Their Demands
A rallying cry on the occassion of the Web's first mass blackout
As we watch the web go dark today in protest against the SOPA/PIPA censorship bills, let's take a moment and reflect on why this fight is so important. We may have learned that free speech is what makes America great, or instinctively resist attempts at silencing our voices. But these are abstract principles, divorced from the real world and our daily lives.
Free speech is the foundation of a free society. We can have the vote all we want. We can donate money wherever we want. But unless we're able to talk to each other and figure out collectively _what_ we want, those things don't matter.
We believe a healthy society doesn't allow its artists, musicians and other creators to starve. The copyright industry has been justly criticized for abusing the political process in a desperate attempt to maintain its role as a cultural gatekeeper, a business model made obsolete by a digital age of free copies. But the RIAA, MPAA & IFPI deserve our opprobrium for making enormous profits while often leaving the very artists it claims to represent *poorer* than they would be as independents.[1] While the public may have greater access to the few artists deemed sufficiently marketable to gain mass media promotion, fewer and fewer of us are making art and music in our own lives.
We call upon all freedom loving Internauts to join us. We further call upon our legislators, bureaucrats and the media & telecommunications industries to immediately begin implementing our demands. The future of free speech is bright, and clear - either stand with us or get out of the way.
PirateBay Press Release regarding SOPA...
So, the whole basis of this industry, that today is screaming about losing control over immaterial rights, is that they circumvented immaterial rights. They copied (or put in their terminology: "stole") other peoples creative works, without paying for it. They did it in order to make a huge profit. Today, they're all successful and most of the studios are on the Fortune 500 list of the richest companies in the world. Congratulations - it's all based on being able to re-use other peoples creative works. And today they hold the rights to what other people create. If you want to get something released, you have to abide to their rules. The ones they created after circumventing other peoples rules.
The reason they are always complainting about "pirates" today is simple. We've done what they did. We circumvented the rules they created and created our own. We crushed their monopoly by giving people something more efficient. We allow people to have direct communication between eachother, circumventing the profitable middle man, that in some cases take over 107% of the profits (yes, you pay to work for them). It's all based on the fact that we're competition. We've proven that their existance in their current form is no longer needed. We're just better than they are.
Hacking Anonymous PirateBay SOPA
Wouldn't it be great if you could use php and curl to download multiple files simultaneously using built-in curl functions? You can!
PHP
Here's an example of validation links from the AskApache footer.
RSS | XHTML 1.1 | CSS 2.1
document.getElementById("validat").innerHTML += ' | <a href="http://feedvalidator.org/check.cgi?url=https://www.askapache.com/feed/">RSS</a> | <a href="http://validator.w3.org/check/referer?ss=1;outline=1;sp=1;debug">XHTML 1.1</a> | <a href="http://jigsaw.w3.org/css-validator/check/referer?warning=0">CSS 2.1</a>'; Javascript Firebug JavaScript
If your WordPress blog uses AdSense, and you love Firefox you will love this plugin. When a user downloads and installs Firefox through your referral, we'll credit your account with up to $1.00 (more details).
WordPress
Google DNS Google Google Public DNS performance tools web performance
If you have files on your site that you don't want indexed by malicious search engines, grabbed and leeched by malicious spammers, or stolen and made available elsewhere, you can use mod_rewrite to drastically reduce or totally reduce that activity.
Htaccess Htaccess malicious search engines mod_rewrite Spamming
Yes, it's true! I'm the author of ping for UNIX. Ping is a little thousand-line hack that I wrote in an evening which practically everyone seems to know about. :-)
Hacking
Htaccess Apache HTTP Server Htaccess Redirect rewrite RewriteBase RewriteCond RewriteEngine RewriteLock RewriteLog RewriteMap RewriteOptions RewriteRule
Tor is a network of virtual tunnels that give you a very good level of anonymity, using Tor with privoxy and FoxTor for firefox gives you privacy at the touch of a button.
Software
Ever wanted to execute commands on your server through php? Now you can. I'm calling this file (see below) shell.php and it allows you to run commands on your web server with the same permissions that your php executable has.
Hacking AJAX PHP
Even though at the moment I'm more into AJAX and simple behavioural unobtrusive javascript more than java, I still remember how excited I was back in 1995 when Sun released both beta and alpha Java versions to the public.. In fact I still have my Java 1.0 Unleashed book, which I'm looking at right now.
Javascript
Replace underscores in URLs with hyphens using Apache .htaccess.
Htaccess
My improved version of the common printenv / test-cgi scripts for debugging Apache environment variables set in .htaccess files
Shell Scripting
If you have a php.cgi or php.ini file in your /cgi-bin/ directory or other pub directory, try requesting them from your web browser. If your php.ini shows up or worse you are able to execute your php cgi, you'll need to secure it ASAP. This shows several ways to secure these files, and other interpreters like perl, fastCGI, bash, csh, etc.
Htaccess Apache HTTP Server CGI Common Gateway Interface Htaccess HTTP 403 interpreter PHP php interpreter php.ini security SuEXEC
Host Google Analytics ga.js file locally for increased speed! Makes web pages load faster.
Google
DreamHost has a contest every month nicknamed "DHSOTM" or DreamHost Site Of The Month, that lets the customers rank websites hosted on DreamHost.
By winning the contest you get to put a graphic designed in the 90's on your site. I want it so bad!
Hosting
Apache Web Server users have problems getting Apache Authentication/password-protection in htaccess working, this is a troubleshooting guide to get Password Protection working!
Htaccess
What they say about kung-fu is true..
It can be attained by anyone through hard work over time. You can become as good as the amount of work you put in. Here's a short look at a basic technique that I use. Simply reverse engineering the source code and taking notes along the way...
static void php_session_send_cookie(TSRMLS_D)
if (SG(headers_sent)) {
if (output_start_filename) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot send session cookie - headers already sent by (output started at %s:%d)",
output_start_filename, output_start_lineno);
} else {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot send session cookie - headers already sent");
}
return;
}
/* URL encode session_name and id because they might be user supplied */
e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL); PHP PHP Session Session ID
I've had a lot of people ask about the FeedBurner FeedCount image on AskApache. Specifically how to set it up with custom messages and different colors each page view... It is pretty sweet..
Hacking Feed Count FeedBurner Htaccess
One way I speed up AskApache.com is by downloading external third-party javascript files to host on my own server instead of externally. In addition to the obvious speed boost, this lets you configure the caching and compression settings for the files.
Javascript
Top 3 ways to speed up websites that use Google Analytics. Host Script Locally, Fix Google-Analytics Cookie Domain, and Failsafe Loading for optimum tracking statistics.
Google
Unix file permissions are one of the more difficult subjects to grasp.. Well, ok maybe "grasp" isn't the word.. Master is the right word.. Unix file permissions is a hard topic to fully master, mainly I think because there aren't many instances when a computer user encounters them seriously, and bitwise is oldschool. This contains a listing of all possible permission masks and bits from a linux, php, and web hosting view.... cuz you guys AskApache Regs Rock!
Security chmod File Permissions umask
Sometimes there is an urgent need for creating an exact duplicate or "mirror" of a web site on a separate server. This could be needed for creating Round Robin Setups, Load-Balancing, Failovers, or for just plain vanilla backups. In the past I have used a lot of different methods to copy data from one server to another, including creating an archive of the whole directory and then using scp to send the file over, creating an archive and then encrypting it and then sending that file over using ftp, curl, etc., and my persistence at learning new ways to do things has paid off because now I use rsync to keep an exact replica of the entire directory on an external server, without having to use all the CPU and resources of other mirroring methods.
Security rsync ssh
Search all files in a directory, replacing all occurances of string with a replacement string.
Shell Scripting
