Hacking

FREE THOUGHT · FREE SOFTWARE · FREE WORLD

Posts Tagged ‘Hacking’

PHP and AJAX shell console

Saturday, June 13th, 2009

PHP AJAX shell console Ever wanted to execute commands on your server through php? Now you can. I’m calling this file (see below) shell.php and it allows you to run commands on your web server with the same permissions that your php executable has.

Tags: , , , , , , , , , , , ,
Posted in Ajax, DreamHost, Featured, Hacking, Javascript, Linux Unix BSD, PHP, Security, Server Administration, Shell Scripting, Web Hosting, Web Tools, Webmaster, htaccess, mod_rewrite | 13 Comments »

Ultimate Htaccess Tutorial for .htaccess files

Saturday, January 10th, 2009

.htaccess tutorial and htaccess sampleThis is not an introduction to .htaccessThis is the evolution of .htaccess… The BEST, the ORIGINAL, the NEWEST, and the most HIGHEST, FLYEST .htaccess tricks I can find.

Originally known as the “Ultimate .htaccess Guide”, its changed over the years by adding new .htaccess tricks and .htaccess examples to it.. I also add my favorite .htaccess links, the best .htaccess articles on AskApache, the coolest .htaccess experiments, the Web’s best .htaccess hacks, and update this article on the regular.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Google, Hacking, Linux Unix BSD, SEO, Security, Web Design, Web Hosting, Web Tools, Webmaster, WordPress, htaccess, mod_rewrite | 55 Comments »

Advanced .htaccess Tricks for Securing Sites

Friday, December 19th, 2008

This is all new, experimental, and very very cool. It literally uses .htaccess techniques to create several virtual “locked gates” that require a specific key to unlock, in a specific order that cannot be bypassed. It uses whitelisting .htaccess tricks to specify exactly what is allowed, instead of trying to specify everything that isn’t allowed. Also, by setting specific cookies/tokens after successfully passing through a gate, we can then require the exact cookie/token from the previous gate, which stops an attacker from skipping or bypassing gates.

Tags: , , , , , ,
Posted in Apache, Featured, Hacking, Security, htaccess, mod_rewrite | 6 Comments »

.htaccess Plugin Blocks Spam, Hackers, and Password Protects Blog

Saturday, November 22nd, 2008

.htaccess security plugin 2

Well what can I say, other than this is sooo DOPE! Here is a list of the modules this plugin (version 4.7 unreleased) will automatically detect. I compiled the list myself using every module included with any default Apache installation for ALL the versions listed below, 1.3 to 2.2+

Want to know something else I’m including in this plugin? For each and every module that is detected, this plugin can then detect ALL of the modules .htaccess Directives! For instance, RewriteRule, AccessFileName, AddHandler, etc.. are each a directive belonging to a module that is allowed to be used from within .htaccess files.

Talk about sick.. these tricks have the diamond disease!

Tags: , , , ,
Posted in Apache, Cache, Featured, Hacking, PHP, SEO, Security, WordPress, WordPress Plugins, htaccess | 33 Comments »

Chmod, Umask, Stat, Fileperms, and File Permissions

Wednesday, November 19th, 2008

that fire.. chmod, umask, and file permission heatUnix file permissions are one of the more difficult subjects to grasp.. Well, ok maybe “grasp” isn’t the word.. Master is the right word.. Unix file permissions is a hard topic to fully master, mainly I think because there aren’t many instances when a computer user encounters them. I’ve done a lot of research on it the past couple weeks… and now here’s everything I’ve learned so far.. cuz you guys AskApache Regs Rock!

Tags: , , , , , ,
Posted in Apache, Featured, Hacking, Linux Unix BSD, PHP, Security, Server Administration, Shell Scripting, Web Hosting, Webmaster | 5 Comments »

Fsockopen Power Plays

Wednesday, July 2nd, 2008

PHP’s fsockopen function lets you open an Internet or Unix domain socket connection for connecting to a resource, and is one of the most powerful functions available in the php language.

Tags: , , , , , , , , ,
Posted in Cache, Featured, Hacking, Linux Unix BSD, PHP, Security, Webmaster | 3 Comments »

Mod_Security .htaccess tricks

Wednesday, April 23rd, 2008

Mod_Security rivals Mod_Rewrite in the amount of features it provides. I decided to go ahead and post what I learned about it today, even though its tough to give away such awesome htaccess and apache tricks.. Learn how to control spam once and for all, conditionally log/deny/allow/redirect requests based on IP, username, etc.. Mod_Security is so fine!

Tags: , , ,
Posted in Apache, Apache Modules, DreamHost, Featured, Security, Web Hosting, Webmaster, htaccess | 7 Comments »

Undetectable Sniffing On Ethernet

Monday, April 14th, 2008

Invisible Undetected Sniffing on an Ethernet NetworkI have been in some tight spots where I had to sniff a password or two off the wire, or sniff some packets off the wire and based on the packets content perform some action… Accidentally, I stumbled on a method to sniff data while remaining undetected and invisible.

Tags: , , ,
Posted in Featured, Hacking, Security | No Comments »

Hacking VLAN switched networks

Monday, March 31st, 2008

Bypassing VLAN security on networked switchesThere isn’t much vlan info on the net in terms of specifics and I had to learn all about it because I needed to log in to a switch that was on a different vlan. With the help of the Ettercap developers NaGA and ALoR I figured it out.

Tags: ,
Posted in Featured, Hacking, Security | 1 Comment »

Security with Apache htaccess Tutorial

Tuesday, April 10th, 2007

Apache Security tips and tricks for securing Apache Web Servers using htaccess, httpd.conf, and other built-in techniques to thwart attackers. This really should be required reading for any Apache admin or user because these little tricks are so easy to do.

Tags: , , ,
Posted in Apache, DreamHost, Security, htaccess | 2 Comments »

Vulnerability Scanners Review

Saturday, December 30th, 2006

A few months back I did some intense testing of all the best vulnerability scanners out there.. I had a couple unix boxes hooked up, as well as some windows machines, and figured I could add clients to a “once-a-week” scanning contract. So naturally, I wanted to use the scanner that was the best for my purpose.

You might be looking for the article: Top 5 best Vulnerability Port scanners
I tested the following (trying to only list automated vulnerability scanners):

ISS Internet Security Systems
SSS Shadow Security Scanner
Retina eEye
Nessus
GFI Languard Network Security Scanner
Qualys www.qualys.com
Nstealth Security Scanner www.nstalker.com
Nikto
Whisker
Infiltrator infiltration-systems.com
Nscan

I was looking at 3 main areas while evaluating the scanners.

Comprehensiveness of the testing: including how many options are allowed for different scanning, IDS evasion, and types of scans. Also in this category is the availability for the latest exploits and a custom exploit option to allow me to plug in custom exploits.
Quality of the program: included in this category is availability of updates, speed of various variables, efficiency, “smartness” or “AI” of the program while scanning/reporting, security- (does running this version of this vuln scanner leave me vulnerable?), scheduling capabilities, alert and message capabilities, quaility of exploits, reactions to “false positives”, and overall feature and capabilities.
Reporting Capabilities: How easy is it to create a report? The quality and design of the report. The comprehensiveness and personalization of the reports..

My findings

All of these programs can be tested for free, either through an evaluation or trial. I believe that the availability of these programs on the net (cracked versions) represents the conspiracy to aid script-kiddies everywhere so that these companies will then profit after an intrusion (or even a loud scan).
Any of these programs are not to be used for cracking… Nothing serious at least.. using these programs is akin to knocking on every window of a …

Tags: ,
Posted in Featured, Security | 28 Comments »


Related Articles
Good Causes
Newest Posts
Random
Tech Topics

htaccess Guide

Website Speed Tips Series
  1. Turn On Compression
  2. Add Future Expires Header
  3. Add Cache-Control Headers
  4. Turn Off ETags
  5. Remove Last-Modified Header
  6. Use Multiple SubDomains

Donate

Please consider donating to support active development of the free software and articles here.
Donate!

The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect. Tim Berners-Lee


It's very simple - you read the protocol and write the code. -Bill Joy

HTML | DCMI | GRDDL | XOXO | XDMP | XFN | DOM | XML | XHTML 1.1 Strict | CSS 2.1 | W3C | TLDP | WAI | DISA | ICSI | GIAC | SANS RR | GHOST | DEFCON | NIST | DHS CYBER | NIST

↑ TOPExcept where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. HTTPD based on NCSA HTTPd

Site Map | Contact Webmaster | Email AskApache | Glossary | License and Disclaimer | Terms of Service