Security exploits


If you need to install the excellent mod_geoip2 extension for Apache2 then it can be done fairly painlessly. First off, we need to make sure that we have gcc installed:

  If you don’t have it then you could ‘yum install gcc’, but I prefer to install all development tools because they include gcc … READ MORE

Install mod_GeoIP2 on Apache2 in CentOS 7

Her’s a list of useful country codes that we can use in many rule-based filtering situations on servers. AD Andorra AE United Arab Emirates AF Afghanistan AG Antigua and Barbuda AI Anguilla AL Albania AM Armenia AN Netherlands Antilles AO Angola AQ Antarctica AR Argentina AS American Samoa AT Austria AU Australia AW Aruba AZ … READ MORE

Country codes for mod_security, CSF and htaccess

In this series of articles I am trying to help server admins and owners of VPS or Dedicated servers to find viruses or malware on their servers. Part of the diagnosis of your system is to see what emails are being sent out and from which accounts. Since spammers like to use compromised servers, I … READ MORE

Find what emails are being sent from a Linux server

I am certainly impressed by the way that Tresorit seems to be handling security and also the openness of their company about methods they use and reject. Their recent blog post shows that they are really trying to excel in the online backup industry by pushing current protocols beyond the standard ‘accepted’ limits. When we … READ MORE

Tresorit pushes security above and beyond

The popular image resizing library TimThumb, used in many a good WordPress theme has had a major exploit carried out against versions of its code. The TimThumb code vulnerability allows third parties to execute PHP code in the TimThumb cache directory after uploading it themselves. As many people are aware, running malicious PHP code can … READ MORE

Tim Thumb exploit – vulnerability found in popular script

Websites are plagued with bad bots and often come grinding to a halt without the aid of a bot blocking tool. Here, I’ll review the latest kid on the block, Spyder Spanker. First off, Spyder Spanker is a WordPress plugin, so if you don’t have a WordPress powered site then you’re out of luck. If … READ MORE

Bot blocking tool Spyder Spanker review

Heads up to anyone using Woo Themes, there’s a vulnerability in the “shortcode preview generator” within the Woo Framework. This needs patching asap. http://www.woothemes.com/2012/04/framework-shortcode-exploit-has-been-fixed/ Credit to Woo, they have handled the release of their security update well, despite being in the throes of a DDOS attack themselves. Expect to see the bots coming looking for … READ MORE

Woo Themes security risk

Minecraft, the multiplayer, block-destroying game has had a serious DOS attack. Although as yet unproven, it is believed to be the work of the hacker group ‘Anonymous’.  The servers did go down but are currently back up and running. Another group, LulzSec, have been finger-pointed too and they are now taking ‘site hacking requests’!  Their … READ MORE

Minecraft suffering DOS attacks from hackers