Category to discuss web site and server security.
You have seen the following in your Apache or your web server's logs for your websites: xx.xx.xx.xx - - [xx/xx/xxxx:18:56:22 +0300] "GET /w00tw00t.at.ISC.SANS.test0:) HTTP/1.1" 400 166 "-" "-" xx.xx.xx.xx -…
There could be many reasons behind web site security breaches. However it is good practice to follow some security guidelines to keep your website more secure. Following are the few…
Recently, phpBB 3.0.7 was released by phpbb.com. They discovered a new security vulnerability in phpBB 3.0.7 version which was not noticed during testing. Following is the original announcement: ------------------------------------------------------------------ We…
Recently I faced problem with one of the websites in which there were many links added automatically in the index page. The FTP password was reset many times but it…
ModSecurity is an open source web application firewall. This helps to prevent attacks on websites, SQL injection, command execution via browser etc. However, this may break some application installed in…
You might have seen many web sites marked as "Reported Attack Site!" by Google with following message: "This web site at XXXXX.com has been reported as an attack site and…
Recently, there were multiple security hyperVM discovered in hyperVM and Lxadmin/Kloxo and they had instructed to upgrade hyperVM/Kloxo systems to the latest version as soon as possible. If you have…
Recently, you might have noticed that every Google search results were showing the message "This site may harm your computer". This was happened on Jan 31, 2009 between 6:30 a.m.…
Recently Some Defense Department computer networks have been infected with a virus / worm in Pentagon US. Fox news reported that the virus has continued to spread rapidly through military…
Now a days, it is not an easy job to develop and secure web site. Each and every day, you will find a new way to attack on the web…