Thursday, June 24th, 2010
I am almost ready to publish the final tutorial on using ssh tunnels from a truecrypt partition on a Windows machine. Of course I choose to go way overboard in my research and the tutorial is full of some pretty awesome windows tricks.. I will come back to this post soon and post all the other advanced tools I use for debugging windows, for now though you MUST know how to debug the kernel and use these basic debugging tools.
Tags: Advanced, ASP, Boot, console, debugging, HowTo, Logs, Networking, Performance, Port, Windows XP
Posted in Hacking, Security, Windows | No Comments »
Sunday, October 18th, 2009
Advanced Web Development by AskApache is a Firefox Collection I created since I’m always trying new Addons out and using multiple computers and I wanted a quick and easy way to install my favorite’s and keep a running list. Firebug, YSlow, LastPass, and Web Developer are the only ones I always use regularly.
I like the idea of the last.fm but it’s not as powerful as the site, which is awesome. Lately listening to Kings of Leon Radio…
Tags: 401, 403 Forbidden, 500, Accessibility, Advanced, Ajax, Apache, askapache, Backups, Cache, caching, CommandLine, console, Cookies, CSS, debugging, Dig, DNS, Email, encryption, feed, Firebug, Firefox, Flash, Forms, GET, Gmail, Google, HTTP Headers, HTTPS SSL, Javascript, Login, Networking, Nice, Pagerank, password, Performance, PHP, Port, post, ram, Scripts, Security, SEO, server, servers, SOCKS, Source Code, SPEED, SSH, SSH Tunnels, SSI, stat, tmpfs, trick, Username, Web Development, Wireshark, WordPress, YSlow
Posted in Cache, Firefox, Google, Hacking, Javascript, Making Money, Music, Review, SEO, Security, Web Design, Web Tools, Webmaster, Windows | 4 Comments »
Monday, July 20th, 2009
The proponents of this scheme have given it names such as “trusted computing” and “palladium”. We call it “treacherous computing”, because the effect is to make your computer obey companies instead of you. This was implemented in 2007 as part of Windows Vista; we expect Apple to do something similar. In this scheme, it is the manufacturer that keeps the secret code, but the FBI would have little trouble getting it.
Tags: admin, Apache, askapache, ASP, CSS, debugging, Dig, encryption, GET, HTTPS SSL, password, Perl, Port, ram, Security, SSI, stat
Posted in Featured, Hacking, Linux Unix BSD | 4 Comments »
Friday, April 10th, 2009
Sometimes there is an urgent need for creating an exact duplicate or “mirror” of a web site on a separate server. This could be needed for creating Round Robin Setups, Load-Balancing, Failovers, or for just plain vanilla backups. In the past I have used a lot of different methods to copy data from one server to another, including creating an archive of the whole directory and then using scp to send the file over, creating an archive and then encrypting it and then sending that file over using ftp, curl, etc., and my persistence at learning new ways to do things has paid off because now I use rsync to keep an exact replica of the entire directory on an external server, without having to use all the CPU and resources of other mirroring methods.
Tags: admin, Apache, askapache, Backups, Bandwidth, bash, chmod, compression, curl, debugging, DreamHost, Email, encryption, Forms, GET, Gmail, HostGator, HTTPS SSL, Linux, Login, Logs, password, PHP, Port, ram, Round Robin, rsync, Security, server, Shell, shell script, SPEED, SSH, SSH Tunnels, SSI, stat, WordPress
Posted in Apache, Featured, Linux Unix BSD, Security, Shell Scripting, Web Hosting | 2 Comments »
Sunday, April 5th, 2009
The story behind this plugin is sorta wack, but in a good way :). While doing tons of security research on permissions, authorization, access, etc.. for the Password Protection plugin (still being worked on), I needed to have unheard of debugging capabilities while working on the plugin on the various websites, webhosts, and test servers that I use to test in different environments. So I hacked together a bunch of php code that helped me debug, actually I pretty much went overkill and tried to get as much debugging info as programmatically possible, and it ended up being so much code that I took it out of my Password Protection code and made it its own plugin.
Tags: admin, Ajax, Apache, Apache Modules, askapache, authorization, Cache, chmod, Cookies, debugging, error log, fifo, File Permissions, GET, Htaccess, Login, Nice, password, password protection, PHP, php.ini, phpinfo, Port, post, ram, Rewrite Tricks, Security, server, servers, Socket, SSI, stat, umask, Username, WordPress, WordPress Development
Posted in WordPress, WordPress Plugins | 1 Comment »
Saturday, January 10th, 2009
Skip this – still under edit
I discovered these tips and tricks mostly while working as a network security penetration specialist hired to find security holes in web hosting environments. Shared hosting is the most common and cheapest form of web-hosting where multiple customers are placed on a single machine and “share” the resources (CPU/RAM/SPACE). The machines are configured to basically ONLY do HTTP and FTP. No shells or any interactive logins, no ssh, just FTP access. That is when I started examining htaccess files in great detail and learned about the incredible untapped power of htaccess. For 99% of the worlds best Apache admins, they don’t use .htaccess much, if AT ALL. It’s much easier, safer, and faster to configure Apache using the httpd.conf file instead. However, this file is almost never readable on shared-hosts, and I’ve never seen it writable. So the only avenue left for those on shared-hosting was and is the .htaccess file, and holy freaking fiber-optics.. it’s almost as powerful as httpd.conf itself!
Most all .htaccess code works in the httpd.conf file, but not all httpd.conf code works in .htaccess files, around 50%. So all the best Apache admins and programmers never used .htaccess files. There was no incentive for those with access to httpd.conf to use htaccess, and the gap grew. It’s common to see “computer gurus” on forums and mailing lists rail against all uses and users of .htaccess files, smugly announcing the well known problems with .htaccess files compared with httpd.conf – I wonder if these “gurus” know the history of the htaccess file, like it’s use in the earliest versions of the HTTP Server- NCSA’s HTTPd, which BTW, became known as Apache HTTP. So you could easily say that htaccess files predates Apache itself.
Once I discovered what .htaccess files could do towards helping me enumerate and exploit security vulnerabilities even on big shared-hosts I focused all my research into .htaccess files, meaning I was reading the venerable Apache HTTP Source code 24/7! I compiled every released version of the Apache Web Server, ever, even NCSA’s, and focused on enumerating the most powerful htaccess directives. Good times! Because my focus was on protocol/file/network vulnerabilites instead of web dev I built up a nice toolbox of htaccess tricks to do unusual things. When I switched over to webdev in 2005 I started using htaccess for websites, not research. I documented most of my favorites and rewrote the htaccess guide for webdevelopers. After some great encouragement on various forums and nets I decided to start a blog to share my work with everyone, AskApache.com was registered, I published my guide, and it was quickly plagiarized and scraped all over the net. Information is freedom, and freedom is information, so this blog has the least restrictive copyright for you. Feel free to modify, copy, republish, sell, or use anything on this site ;)
Tags: .htaccess examples, 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, Apache Htaccess, apache ssl, askapache, ASP, authorization, Backups, Bandwidth, bash, Blocking, Boot, Cache, Cache-Control, caching, cheatsheet, chmod, code snippets, compression, Cookies, CSS, debugging, DreamHost, Email, error log, errordocument, Etags, Examples, experiments, feed, FeedBurner, File System, FilesMatch, filesystem, Firefox, Flash, Forms, GET, Google, Hacking, hotlinking, HowTo, Htaccess, htaccess files, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Error, HTTP Headers, HTTP-EQUIV, httpd, httpd.conf, HTTPS SSL, hyper text transfer protocol, If-Modified-Since, Javascript, Last-Modified, Linux, Login, Logs, mad skills, mod_include, mod_python, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, mysql, Nice, nsa, password, password protection, PDF, Performance, Perl, PHP, php.ini, phpinfo, Port, post, Powweb, Prompt, Python, ram, Redirect, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Sample .htaccess, Scripts, Security, SEO, seo secrets, server, server config, servers, SetEnvIf, Shell, Socket, Source Code, SPEED, SSH, SSI, stat, SymLinks, trick, tutorial, ultimate htaccess, Username, Web Hosting, WordPress
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Google, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Web Design, Web Hosting, Web Tools, Webmaster, WordPress | 71 Comments »
Wednesday, October 1st, 2008
One way I speed up AskApache.com is by downloading external third-party javascript files to host on my own server instead of externally. In addition to the obvious speed boost, this lets you configure the caching and compression settings for the files.
Tags: Advanced, Analytics, Apache, askapache, bash, Cache, caching, compression, curl, debugging, DNS, Google, Google Analytics, Htaccess, Javascript, Mod_Rewrite, Nice, Pipelining, Port, Renice, Rewrite Tricks, Scripts, server, servers, Shell, shell script, Shell Scripting, SPEED, SSI, umask, Web Hosting
Posted in Apache, Cache, Javascript, Linux Unix BSD, Shell Scripting, Web Hosting | 5 Comments »
Friday, September 26th, 2008
List of mainly obscure security software geared more for the master pentester. These are mostly for unix, bsd, and mac and many are difficult to install and setup (require custom servers, inside access points, obscure libraries). Only programs that output data are included, so no actual exploits or anything. Most of these output extremely useful albeit extremely technical information.
Tags: admin, Advanced, Apache, askapache, ASP, Bandwidth, Boot, Cache, CommandLine, console, Cookies, debugging, Dig, DNS, Email, encryption, Ethernet, feed, File Permissions, filesystem, Forms, GET, Google, Hacking, HTTPS SSL, Linux, Login, Logs, Networking, Nice, nsa, password, PDF, Performance, Perl, PHP, Port, post, Prompt, Putty, ram, Redirect, Scanners, Scripts, Security, server, servers, Sessions, Shell, shell script, Sniffing, Socket, SOCKS, Source Code, SPEED, SSH, SSH Tunnels, SSI, stat, Vulnerability, Vulnerability Scanners, Windows XP, Wireshark
Posted in Security | 3 Comments »
Saturday, August 9th, 2008
Scrolls the latest log entries for multiple log files to the current screen or to any other monitor or TTY in color using syntax highlighting, making debugging easier and saving a lot of time for multi-monitor workstations.
Tags: Apache, askapache, bash, CCZE, debugging, Elite, error log, Examples, fifo, GET, Htaccess, htaccess files, httpd, Linux, Logs, Mod_Security, Nice, Perl, PHP, php.ini, post, ram, Redirect, Redirection, Renice, Security, server, Shell, Shell History, shell script, SPEED, SSH, SSI, stat, SymLinks, trick, Web Hosting
Posted in Apache, DreamHost, Featured, Hacking, Linux Unix BSD, PHP, Security, Server Administration, Shell Scripting, Web Hosting, Web Tools, Webmaster | 4 Comments »
Monday, August 4th, 2008
Enter your DOMAIN_ROOT and the location of your wp-config.php or config.php, and this script finds all the mysql settings by parsing the phpbb or wordpress config file, then creates GPG encrypted backups, and saves your settings for future automation.
Tags: Apache, askapache, Backups, bash, debugging, encryption, GET, GPG, grep, Linux, mysql, Nice, password, PHP, phpBB, Renice, Security, Shell, shell script, umask, WordPress, wp-config.php
Posted in DreamHost, Featured, Linux Unix BSD, Security, Server Administration, Shell Scripting, Web Hosting, Webmaster, WordPress, phpBB | 3 Comments »
Wednesday, July 2nd, 2008
PHP’s fsockopen function lets you open an Internet or Unix domain socket connection for connecting to a resource, and is one of the most powerful functions available in the php language.
Tags: 500, Advanced, Apache, askapache, AskApache Crazy Cache, ASP, Bandwidth, Blocking, Cache, Cookies, CSS, curl, debugging, DNS, Examples, feed, File System, Forms, Fsockopen, GET, Google, Hacking, Htaccess, HTTP Headers, httpd, HTTPS SSL, Linux, Login, Networking, PDF, Performance, PHP, Pipelining, Port, post, ram, server, servers, Snoopy, Socket, SPEED, SSI, stat, trick, WordPress
Posted in Cache, Featured, Hacking, Linux Unix BSD, PHP, Security, Webmaster | 4 Comments »
Wednesday, April 23rd, 2008
Mod_Security rivals Mod_Rewrite in the amount of features it provides. I decided to go ahead and post what I learned about it today, even though its tough to give away such awesome htaccess and apache tricks.. Learn how to control spam once and for all, conditionally log/deny/allow/redirect requests based on IP, username, etc.. Mod_Security is so fine!
Tags: 301 Redirect, 401, 403 Forbidden, 500, 503, admin, Ajax, Apache, apache ssl, askapache, authorization, Bandwidth, Cache, Cache-Control, caching, Cookies, debugging, DreamHost, Email, error log, errordocument, Examples, FilesMatch, GET, Hacking, Htaccess, htaccess files, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, HTTP Status Codes, httpd, httpd.conf, HTTPS SSL, Login, Logs, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, nsa, password, password protection, Perl, PHP, Port, post, Prompt, ram, Redirect, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Scanners, Security, SEO, server, servers, SetEnvIf, Shell, SPEED, SSI, stat, trick, tutorial, Username, WordPress
Posted in Apache, Apache Modules, DreamHost, Featured, Htaccess, Security, Web Hosting, Webmaster | 8 Comments »
Saturday, April 19th, 2008
Search all files in a directory, replacing all occurances of string with a replacement string.
Tags: Apache, askapache, bash, debugging, GET, grep, Htaccess, Linux, Nice, Prompt, Renice, search and replace, Shell, shell script, stat, umask, xargs
Posted in Featured, Linux Unix BSD, Shell Scripting, Web Hosting | 8 Comments »
Monday, April 14th, 2008
I have been in some tight spots where I had to sniff a password or two off the wire, or sniff some packets off the wire and based on the packets content perform some action… Accidentally, I stumbled on a method to sniff data while remaining undetected and invisible.
Tags: admin, Apache, askapache, authorization, Boot, debugging, Ethernet, Examples, Forms, GET, grep, Hacking, HowTo, Linux, nsa, password, PHP, Plink, Port, Prompt, ram, Security, server, Shell, shell script, Sniffing, SPEED, SSI, stat, Undetectable, Username, VLAN, Wireshark
Posted in Featured, Hacking, Linux Unix BSD, Security | No Comments »
Sunday, March 16th, 2008
Scan Apache logs for IP address that are probably evil, then generates an .htaccess file to DENY them all.
Tags: 403 Forbidden, Apache, askapache, bash, Blocking, debugging, DNS, DreamHost, error log, grep, Htaccess, htaccess files, ip abuse, Logs, Nice, Port, server, servers, Shell, shell script, SSI
Posted in Apache, DreamHost, Security, Shell Scripting | 5 Comments »
So my blog as been rather quiet for almost a year now, and very few updates if any have been released for my Password Protection PLugin, my Google 404 Plugin, and definately not for my AskApache CrazyCache plugin, which I will be releasing last… So for all of you who’ve helped me out by sending me suggestions and notifying me of errors and sticking with it… Just wanted to say sorry about that, and thanks for all the great ideas.. Well, I’ve been sticking with it as well believe it our not. I manage to get free days once in a while, and then its time to jam.
The story behind this plugin is sorta wack, but in a good way :). While doing tons of security research on permissions, authorization, access, etc.. for the Password Protection plugin (still being worked on), I needed to have unheard of debugging capabilities while working on the plugin on the various websites, webhosts, and test servers that I use to test in different environments. So I hacked together a bunch of php code that helped me debug, actually I pretty much went overkill and tried to get as much debugging info as programmatically possible, and it ended up being so much code that I took it out of my Password Protection code and made it its own plugin.
