Archive for the ‘Security’ Category
hardening wordpress
Filed under: PHP, Security | Tags: PHP, security, web, wordpress
Leave a Comment I had positive feedback after posting my article about hardening Joomla!, so I will now focus on the blog-software wordpress.
Here are a couple of tips that you can use to make your wordpress a bit securer.
Change the default name of your administrator login (admin) and choose a strong password for all your accounts. It’s also a good idea to use different login- and author-names, wordpress has also a great user levels.
Read more »
playing with a backdoor
Filed under: Information, Injection, tools | Tags: backdoor, linux, netcat, ngrep, security, server
Leave a Comment I played last night with a backdoor shell that I found on the net and will show you how this works and how you can find traces if you are the system administrator.
I used 2 vm’s (virtual machines), both based on Debian/Linux one called “victim” it simulates the cracked server where the backdoor runs and the other box called “hacky” where the bad guy is sitting in front :)
The first step of the bad guy is to start a server that listens on some port (12345) on his box, a good program for this is netcat, the command could be something like: netcat -l -p 12345
Spam protection with Akismet
Filed under: PHP, spam, tools | Tags: akismet, antispam, PHP, security, spam
Leave a Comment Akismet, or Automattic Kismet, is a text spam filtering service created by Automattic, the corporation which employs most of the main developers of WordPress.
When a new comment is posted on your site, Akismet webs service catches the comment and tests whether a comment is valued as “spam” or “not spam”. Read more »
System call injection
Filed under: Injection, PHP, Security | Tags: escapeshellarg, escapeshellcmd, exec, Injection, PHP, shell, system
Comments (1) With the follow commands you can execute an external program on the system (server).
- shell_exec
- proc_open
- system
- exec
- passthru
- popen
- “ (back tick operator)
This form sends a domain name and prints the result back from the linux program whois.
Subversion a security risk?
Filed under: Information, Security | Tags: danger, Information, security, spy, subversion, svn
Comments (4) Subversion allows users to keep track of changes made to source code. It’s very handy and many developers use it everyday, like me.
Some websites have a svn checkout in their public web folder to make faster updates if code change.
Letting the cat out of the bag right now: If the webserver has directory listening on, it’s easy to spy parts of your website.
If you take a closer look to the structure of Subversion you will notice that Subversion creates on every folder a subfolder called “.svn” with some files.
A example is a webshop which uses Subversion on the web server.
The start site of the webshop
Keep sensitive data out of your web tree
Filed under: Information, PHP, Security | Tags: Information, PHP, security
Comments (2) A web server’s document structure resembles this:
/htdocs
/include
config.inc
index.php
If you store sensitive data like configuration files, everyone can point
the browser to http://example.com/include/config.inc and read it.
Cheating with obfuscation
Filed under: Injection, PHP, XSS | Tags: hex, hexcode, Injection, logfile, PHP, security, urldecode, XSS
Leave a Comment Sometimes I find strange lines in my webservers log, like this one:
“GET site.php?id=%3C%73%63%72%69%70%74
%3E%61%6C%65%72%74%28%32%33%29%3B%3C
%2F%73%63%72%69%70%74%3E HTTP/1.1″
Whats that? No it’s not the matrix it looks like someone tried to obfuscate something with Hex.
Let’s write 2 lines using urldecode() to check this string.
The danger of PHP_SELF
Filed under: PHP, XSS | Tags: cross site scripting, PHP, php_self, register_globals, security, XSS
Leave a Comment The $_SERVER['PHP_SELF'] or old syntax $PHP_SELF superglobal gives you the filename of the currently executing script, relative to the document root.
Often used in forms or in links.
Here you see a normal login form with the form container above.
