Security

Posts Tagged ‘Security’

Magic in the Terminal: Screen, Bash, and SSH

Tuesday, September 7th, 2010

Oh ya lets get it on! short but sweet

Tags: 500, admin, Apache, askapache, bash, CCZE, Forms, GET, Google, HowTo, Linux, Login, Nice, password, password protection, PHP, Port, Prompt, ram, Security, server, SetEnvIf, Shell, SPEED, SSH, SSI, stat, tmpfs
Posted in DreamHost, Featured, Google, Hacking, Htaccess, Linux Unix BSD, Security, Server Administration, Shell Scripting, Web Hosting, Webmaster, WiredTree, WordPress | No Comments »

PHP Session File Hacks

Thursday, June 24th, 2010

What they say about kung-fu is true..

It can be attained by anyone through hard work over time. You can become as good as the amount of work you put in. Here’s a short look at a basic technique that I use. Simply reverse engineering the source code and taking notes along the way…

static void php_session_send_cookie(TSRMLS_D)
  if (SG(headers_sent)) {
          if (output_start_filename) {
                  php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot send session cookie - headers already sent by (output started at %s:%d)",
                          output_start_filename, output_start_lineno);
          } else {
                  php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot send session cookie - headers already sent");
          }
          return;
  }
 
  /* URL encode session_name and id because they might be user supplied */
  e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL);

Tags: Cache, Cookies, Examples, GET, HTTP Headers, Nice, Perl, PHP, php.ini, Port, ram, Security, server, servers, Sessions, Shell, shell script, SSI, stat, umask, xargs
Posted in Apache, DreamHost, Featured, Hacking, Linux Unix BSD, PHP, Security, Server Administration, Shell Scripting, Web Hosting, Webmaster, WiredTree, WordPress | 2 Comments »

30x Faster WP-Super Cache Site Speed

Thursday, March 18th, 2010

NOT a typo.. 30x is measurable, well-documented, and easily tested. This is what open-source is about. I haven’t had time to post much the past year, I’m always working! So I wanted to make up for that by publishing an article on a topic that would blow your mind and be something that you could actually start using and really get some benefit out of it. This is one of those articles that the majority of web hosting companies would love to see in paperback, so they could burn it.

Tags: Advanced, Apache, askapache, Backups, Bandwidth, Boot, Cache, chmod, console, devshm, DreamHost, File System, filesystem, grep, Hard Drive, HowTo, HTTPS SSL, ionice, Linux, memory bandwidth, mysql, Private Server, ram, rsync, Scripts, Security, server, servers, Shell, shell script, SLRAM, SPEED, speed improvements, SSI, stat, SymLinks, tmpfs, trick, Vulnerability, Web Hosting, webhosts, WordPress, WP-Super Cache
Posted in Apache, Cache, DNS, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, PHP, Security, Server Administration, Shell Scripting, Web Design, Web Hosting, Web Tools, Webmaster, WiredTree, WordPress, WordPress Plugins | 7 Comments »

Advanced WordPress wp-config.php Tweaks

Wednesday, March 3rd, 2010

The bottom line for this article is that I want to make WordPress as fast, secure, and easy to install, run, and manage because I am using it more and more for client production sites, I will work for days in order to solve an issue so that I never have to spend time on that issue again. Time is money in this industry and that is ultimately (time) what there is to gain by tweaking WordPress.

Note: I spent no time on readability, this is primarily a read the code and figure it out article.. This is for advanced users looking for a reference or discussion and for those of you looking to advance. Feedback would be great if you make it that far..

Tags: 301 Redirect, admin, Advanced, Ajax, Anti-Spam, Apache, askapache, bash, bash_profile, Cache, caching, cheatsheet, chmod, Cookies, CSS, debugging, Elite, encryption, error log, Examples, feed, File Permissions, File System, filesystem, GET, grep, HowTo, Htaccess, HTTP Headers, HTTPS SSL, Javascript, Linux, Login, Logs, Mod_Rewrite, Mod_Rewrite cheatsheet, mysql, password, PHP, php.ini, phpinfo, Port, post, Rewrite Tricks, rewritecond, rewriterule, Security, server, Sessions, Shell, Socket, SPEED, SSH, SSI, stat, trick, umask, Username, Web Hosting, WordPress, wp-config.php
Posted in CSS, Cache, Featured, Hacking, Htaccess, Javascript, Linux Unix BSD, Mod_Rewrite, PHP, SEO, Security, Server Administration, Shell Scripting, Web Design, Web Hosting, Webmaster, WordPress, WordPress Plugins | 5 Comments »

PortaPutty Auto-Reconnecting SSH Tunnels on an Encrypted TrueCrypt Portable USB Key w GPG

Tuesday, February 23rd, 2010

Ok I just came back up to write the intro.. I’m trying to keep it short to avoid getting bogged down by the coolness of each step. Here is what goes on. When I logon to my XP machine at work, I bring my usb key and plug it in first. On logging a window pops up first and it’s a password prompt to mount my encrypted drive leonardo. It also checks a keyfile that is located on my usb key, but all I do now is type in my password. That causes my encrypted folder to be accessible to me like a normal drive, and it autoruns a startup batch file.

The batch file causes Portable versions of Firefox (all my bookmarks, my settings) to load, and launches Portable Mozilla Thunderbird (IMAP makes this work well), which is my favorite program (great GPG features and open-source!). Also Some Adobe CS4 software is loaded from the hard drive, like DreamWeaver. In the background, a service we created executes a PortaPuttY plink command to create forwarded tunnels from various remote servers and accounts, all using key-based encryption. These tunnels are automatically reconnected if they are disconnected, meaning you can use a socks 5 if you want or even better!

Part 1 of 5

Tags: 401, Apache, askapache, ASP, Backups, Bandwidth, bash, bash_profile, Boot, compression, curl, Defrag, Email, encryption, filesystem, Firefox, Flash, GET, Google, GPG, Hard Drive, ionice, Linux, Login, Nice, PageDefrag, password, Performance, Pipelining, Plink, Port, post, Prompt, Putty, ram, rsync, Security, server, servers, Shell, SOCKS, SPEED, SSH, SSH Tunnels, SSI, stat, trick, TrueCrupt, tutorial, USB Drives
Posted in Apache, Cache, Featured, Hacking, Htaccess, Linux Unix BSD, Making Money, Security, Web Design, Web Hosting, Web Tools, Webmaster, WiredTree | 7 Comments »

Optimize a Website for Speed, Security, and Easy Management

Thursday, February 18th, 2010

Learn how to setup, configure, secure, optimize, and create a low-maintenance website the AskApache way. I’m piecing together all the hacks, tricks, methods, and ideas discussed throughout this blog and all across Netdom and glueing them all together to show you how to have the most optimized, crazy fastest, and best website setup I can think of.

Tags: 301 Redirect, admin, Advanced, Ajax, Apache, apache server, askapache, Backups, Bandwidth, bleeding edge, blog, Cache, Cache-Control, caching, ColdFusion, compression, CSS, Dig, DNS, errordocument, Etags, Examples, expires header, feed, File Permissions, Flash, GET, Hacking, hacks, Htaccess, htaccess files, Htpasswd, HTTP Error, HTTP Headers, HTTP Status Codes, HTTPS SSL, Javascript, Linux, Login, Logs, Mod_Rewrite, Optimization, optimizations, optimized website, password, password protection, PDF, Performance, PHP, php.ini, Port, post, ram, real deal, Redirect, Redirection, Rewrite Tricks, Robot, robots, robots.txt, Scripts, search and replace, Security, server, server config, servers, SPEED, SSI, stat, SymLinks, trial and error, trick, Web Development, Web Hosting, web server, WordPress, WordPress Plugins
Posted in Apache, Cache, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, PHP, SEO, Security, Shell Scripting, Web Design, Web Hosting, Webmaster, WordPress | 9 Comments »

HTTP Status Codes and .htaccess ErrorDocuments

Monday, January 4th, 2010

There are a total of 57 HTTP Status Codes recognized by the Apache Web Server. Wouldn’t you like to see what all those headers and their output, ErrorDocuments look like?

Tags: 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, askapache, authorization, Bandwidth, curl, Dig, error log, errordocument, Flash, Forms, GET, Google, Htaccess, HTTP Error, HTTP Headers, HTTP Status Codes, httpd, HTTPS SSL, If-Modified-Since, password, Perl, PHP, phpBB, Port, post, ram, Redirect, Redirection, Request Method, Security, SEO, server, servers, Sniffing, Source Code, SSI, stat, tutorial, Wget, Wireshark, WordPress
Posted in Apache, Apache Modules, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, PHP, Server Administration, Web Hosting, Webmaster, WiredTree | 22 Comments »

Firefox Add-ons for Web Developers

Sunday, October 18th, 2009

Advanced Web Development by AskApache is a Firefox Collection I created since I’m always trying new Addons out and using multiple computers and I wanted a quick and easy way to install my favorite’s and keep a running list. Firebug, YSlow, LastPass, and Web Developer are the only ones I always use regularly.

I like the idea of the last.fm but it’s not as powerful as the site, which is awesome. Lately listening to Kings of Leon Radio…

Tags: 401, 403 Forbidden, 500, Accessibility, Advanced, Ajax, Apache, askapache, Backups, Cache, caching, CommandLine, console, Cookies, CSS, debugging, Dig, DNS, Email, encryption, feed, Firebug, Firefox, Flash, Forms, GET, Gmail, Google, HTTP Headers, HTTPS SSL, Javascript, Login, Networking, Nice, Pagerank, password, Performance, PHP, Port, post, ram, Scripts, Security, SEO, server, servers, SOCKS, Source Code, SPEED, SSH, SSH Tunnels, SSI, stat, tmpfs, trick, Username, Web Development, Wireshark, WordPress, YSlow
Posted in Cache, Firefox, Google, Hacking, Javascript, Making Money, Music, Review, SEO, Security, Web Design, Web Tools, Webmaster, Windows | 4 Comments »

Optimizing Servers and Processes for Speed with ionice, nice, ulimit

Saturday, October 10th, 2009

To prepare for several upcoming articles on AskApache that are focused on optimizing Servers and Sites from a server admin level, here is an article to introduce the main tools that we will be using. These tools are used to optimize CPU time for each process using nice and renice, and other tools like ionice are used to optimize the Disk IO, or Disk speed / Disk traffic for each process. Then you can make sure your mysqld and httpd processes are always fast and prioritized.

Tags: 503, Advanced, Apache, askapache, Backups, Bandwidth, bash, Blocking, Boot, Bottleneck, caching, compression, CPU, CSS, curl, Disk IO, DNS, Examples, feed, fifo, GET, httpd, ionice, iostat, Javascript, Linux, mysql, Nice, Optimization, pagefile, Performance, Perl, PHP, Port, ram, Renice, Round Robin, rsync, Scripts, Security, server, servers, Shell, shell script, Shell Scripting, Socket, SPEED, SSH, SSI, stat, taskset, trick, Ulimit, Web Hosting, WordPress, wp-config.php
Posted in Apache, Cache, Featured, Linux Unix BSD, Review, Security, Server Administration, Shell Scripting, Web Hosting, Webmaster | 3 Comments »

Crazy Advanced Mod_Rewrite Debug Tutorial

Friday, September 11th, 2009

Note: Extremely ILL Content
Find the key to unlocking mod_rewrite and you WILL be sick.. sick with a diamond disease on your wrist!

Tags: 404 Not Found, admin, Advanced, Apache, askapache, Cache, cheatsheet, Cookies, Debug, debugging, Dig, errordocument, feed, FeedBurner, FeedCount, Firefox, GET, HowTo, Htaccess, htaccess rewrite, HTTP Headers, HTTP Status Codes, httpd, httpd.conf, HTTPS SSL, Linux, Mod_Rewrite, Mod_Security, Nice, Perl, PHP, Port, post, ram, Redirect, Redirection, Rewrite Tricks, rewritecond, rewriterule, Security, SEO, server, servers, SetEnvIf, SSI, stat, trick, tutorial
Posted in Apache, Apache Modules, Featured, Htaccess, Linux Unix BSD, Mod_Rewrite, Security, Server Administration, Web Hosting, Webmaster | 23 Comments »

An AskApache Plugin Upgrade to Rule them All

Wednesday, July 29th, 2009

So my blog as been rather quiet for almost a year now, and very few updates if any have been released for my Password Protection PLugin, my Google 404 Plugin, and definately not for my AskApache CrazyCache plugin, which I will be releasing last… So for all of you who’ve helped me out by sending me suggestions and notifying me of errors and sticking with it… Just wanted to say sorry about that, and thanks for all the great ideas.. Well, I’ve been sticking with it as well believe it our not. I manage to get free days once in a while, and then its time to jam.

Tags: 401, 404 Not Found, admin, Advanced, Apache, askapache, AskApache Google 404, AskApache Password Protection, ASP, authorization, bash, Cache, Cache-Control, chmod, compression, Cookies, debugging, Dig, Email, errordocument, Etags, Examples, FilesMatch, Fsockopen, GET, Google, Htaccess, htaccess files, htaccess tricks, HTTP Headers, httpd, HTTPS SSL, Javascript, Last-Modified, Logs, mod_include, Mod_Rewrite, Mod_Setenvif, Networking, Nice, password, password protection, Perl, PHP, Port, post, Python, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Scripts, Security, SEO, server, server config, servers, SetEnvIf, Shell, Socket, Source Code, SSH, SSI, stat, trick, Username, Web Hosting, Wireshark, WordPress, WordPress Plugins, WordPress Security
Posted in Apache, Apache Modules, Cache, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, PHP, Security, Web Hosting, Web Tools, Webmaster, Windows, WordPress, WordPress Plugins | 1 Comment »

The Right to Read

Monday, July 20th, 2009

The proponents of this scheme have given it names such as “trusted computing” and “palladium”. We call it “treacherous computing”, because the effect is to make your computer obey companies instead of you. This was implemented in 2007 as part of Windows Vista; we expect Apple to do something similar. In this scheme, it is the manufacturer that keeps the secret code, but the FBI would have little trouble getting it.

Tags: admin, Apache, askapache, ASP, CSS, debugging, Dig, encryption, GET, HTTPS SSL, password, Perl, Port, ram, Security, SSI, stat
Posted in Featured, Hacking, Linux Unix BSD | 4 Comments »

Make Windows XP Blazingly Fast

Saturday, June 27th, 2009

Here is the basic process that I use to speed up Windows. A lot of good tips and tricks I’ve picked up over the past 15+ years of crashing and burning Windows that can transform your PC to be much faster than its ever been. The process focuses on freeing up RAM/Memory, freeing up your CPU/Processor, and optimizing your Hard Drive for a permanent solution.

Make sure to check out the free software I recommend at the end, installing them after this optimization process will keep your machine fast for a long time.

Tags: 301 Redirect, 500, Advanced, Apache, askapache, ASP, Backups, Boot, Bottleneck, Cache, console, Defrag, File System, Forms, GET, Hard Drive, Linux, Login, Logs, Nice, Optimization, pagefile, Performance, PHP, Port, ram, Security, SPEED, SSI, trick, Windows XP, Windows XP Optimization
Posted in Featured, Windows | 14 Comments »

PHP and AJAX shell console

Saturday, June 13th, 2009

Ever wanted to execute commands on your server through php? Now you can. I’m calling this file (see below) shell.php and it allows you to run commands on your web server with the same permissions that your php executable has.

Tags: 302 Redirect, 403 Forbidden, Ajax, Apache, Apache Htaccess, askapache, Backups, bash, chmod, console, errordocument, Flash, GET, Hacking, Htaccess, htaccess tutorial, HTTP-EQUIV, Javascript, Linux, Login, Mod_Rewrite, password, PHP, Port, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Scripts, Security, server, Shell, shell console, shell script, Shell Scripting, SSI, stat, tutorial
Posted in Ajax, DreamHost, Featured, Hacking, Htaccess, Javascript, Linux Unix BSD, Mod_Rewrite, PHP, Security, Server Administration, Shell Scripting, Web Hosting, Web Tools, Webmaster | 15 Comments »

Student under Criminal Investigation for Allegedly Sending Email

Friday, April 17th, 2009

What is most surprising is how easy the police and authorities were able to break the law and flip the bird to the U.S. Constitution. A lot of people worry about government groups like the NSA having illegal access to data, but I don’t mind that.. I don’t care about the Chinese Government doing similar activity that much either.. The thing that I DO care about is this could happen to anyone.. It’s happened to me before but never to this extent with the courts.. This is NOT cool. The police used inapplicable criminal laws as a basis for a…

Tags: Apache, askapache, Backups, Dig, EFF, Email, GET, Linux, nsa, PDF, Plink, Prompt, ram, Security, SSI, stat
Posted in Hacking, Review, Security | No Comments »

DNS Round Robin Configuration using Rsync over SSH

Tuesday, April 14th, 2009

The goal is to add the HostGator server to be an exact mirror of the static.askapache.com domain, then to add that server as a 2nd A record to my DNS zone. That way half the visitors to the size will be taking up resources and bandwidth on the HostGator server instead of mine.

Round Robin A records in DNS are intended to evenly distribute queries between each host of the same name. Using some tricks straight out of a hackers toolbox we can verify if the distribution is taking place. (It is.)

Tags: 500, 503, admin, Apache, askapache, ASP, Bandwidth, Cache, caching, CNAME, CSS, Dig, DNS, DreamHost, experiments, GET, HostGator, HowTo, Htaccess, HTTPS SSL, Javascript, Linux, Logs, Networking, Nice, PHP, Port, Powweb, Prompt, PS1, Round Robin, rsync, Security, server, servers, Shell, SPEED, SSH, SSI, stat, trick, Web Hosting
Posted in Ajax, Apache, Apache Modules, Cache, Featured, Linux Unix BSD, Web Hosting | 5 Comments »

Mirroring an Entire Site using Rsync over SSH

Friday, April 10th, 2009

Sometimes there is an urgent need for creating an exact duplicate or “mirror” of a web site on a separate server. This could be needed for creating Round Robin Setups, Load-Balancing, Failovers, or for just plain vanilla backups. In the past I have used a lot of different methods to copy data from one server to another, including creating an archive of the whole directory and then using scp to send the file over, creating an archive and then encrypting it and then sending that file over using ftp, curl, etc., and my persistence at learning new ways to do things has paid off because now I use rsync to keep an exact replica of the entire directory on an external server, without having to use all the CPU and resources of other mirroring methods.

Tags: admin, Apache, askapache, Backups, Bandwidth, bash, chmod, compression, curl, debugging, DreamHost, Email, encryption, Forms, GET, Gmail, HostGator, HTTPS SSL, Linux, Login, Logs, password, PHP, Port, ram, Round Robin, rsync, Security, server, Shell, shell script, SPEED, SSH, SSH Tunnels, SSI, stat, WordPress
Posted in Apache, Featured, Linux Unix BSD, Security, Shell Scripting, Web Hosting | 2 Comments »

AskApache Debug Viewer Plugin for WordPress

Sunday, April 5th, 2009

The story behind this plugin is sorta wack, but in a good way :). While doing tons of security research on permissions, authorization, access, etc.. for the Password Protection plugin (still being worked on), I needed to have unheard of debugging capabilities while working on the plugin on the various websites, webhosts, and test servers that I use to test in different environments. So I hacked together a bunch of php code that helped me debug, actually I pretty much went overkill and tried to get as much debugging info as programmatically possible, and it ended up being so much code that I took it out of my Password Protection code and made it its own plugin.

Tags: admin, Ajax, Apache, Apache Modules, askapache, authorization, Cache, chmod, Cookies, debugging, error log, fifo, File Permissions, GET, Htaccess, Login, Nice, password, password protection, PHP, php.ini, phpinfo, Port, post, ram, Rewrite Tricks, Security, server, servers, Socket, SSI, stat, umask, Username, WordPress, WordPress Development
Posted in WordPress, WordPress Plugins | 1 Comment »

Advanced Htaccess Demo/Example using Cookies, Headers, Rewrites

Tuesday, March 31st, 2009

Whoa pretty sweet huh? Bet you’ve never seen that before! As I explain the htaccess code that achieves this, keep in mind this is merely one simple application for this code. It’s much more advanced than your basic htaccess trick, notice how this htaccess acts like a php script, very unusual.. I really wanted to share this trick after I created it for one of my clients because this is the tip of the iceberg. Another use would be to display an alternate style sheet depending on a users theme preference. The coolest thing about this example IMHO is that it uses multiple advanced .htaccess ideas in order for it to work, most htaccess code on the net is very singular. This code uses mod_headers to set the Content-Disposition header for forcing a download and uses mod_rewrite to do the rest.

Tags: Advanced, Apache, askapache, cheatsheet, Cookies, Dig, Examples, experiments, Forms, GET, Htaccess, htaccess rewrite, htaccess tutorial, HTTP Headers, Javascript, Mod_Rewrite, nsa, PDF, Performance, PHP, Port, ram, Rewrite Tricks, rewritecond, rewriterule, Security, server, SSI, trick, tutorial
Posted in Apache, Featured, Htaccess, Javascript, Mod_Rewrite, PHP | 7 Comments »

Htaccess SEO Trends by Google

Sunday, March 29th, 2009

htaccess vs. httpd.conf

Tags: Apache, askapache, GET, Google, Htaccess, httpd, httpd.conf, Mod_Rewrite, Mod_Security, Perl, PHP, ram, Rewrite Tricks, Security, SEO, server, servers, stat
Posted in Apache, Google, Htaccess, PHP, SEO | 1 Comment »