The worst page in the universe
Some security related articles
Gravitational Teleport is a nice tool for centralizing and securing accesses to hosts and services on your infrastructure. In the following how-to I’ll explain how to: Install Teleport Community Edition server under Centos 7 Install Teleport CE client under Centos 7 Configure your first access user Configure an access limited user Some hints for better… Continue reading Install And Configure Teleport On Centos 7 / RHEL 7
Two days ago (on November 08 2018) nasty WP exploit has been identified inside the popular GDPR wordpress plugin , that leads to privilege escalation. The plugin has more than 100 000 active installations. All versions prior 1.4.3 (except 1.4.3) are vulnerable to the exploit. What is the actual vulnerability ? More information about… Continue reading WordPress WP GDPR Compliance Privilege Escalation Exploit
On october 19 2016, the Dirty Cow vulnerability went public (which is kernel privilege escalation vulnerability) . From what I have read and test, the exploit is working only on Centos 7/ RHEL7 / Cloudlinux 7 distros . I don’t know for other distros, because I’m not interested in them. How to protect yourself from… Continue reading Protect from CVE-2016-5195 (DirtyCow) on Centos 7/RHEL7/cPanel/CloudLinux
Recently bunch of SSL attacks pop out, some of which get lot of public attention: Heartbleed Beast attack Crime attack Freak attack Poodle …..and so on …. Disabling SSLv3 and SSLv2 and Excluding Weak Cipher-Suites If you want to protect your Nginx from the biggest part of these attacks, you can add the… Continue reading Nginx – Hardening SSL security by protecting from well-known attack vectors
If you decide to use ModSecurity ‘s support of Lua, here you can find some usefull tips to consider. Short story … At the time of writing this article, the current ModSecurity version is 2.9.0, which provides plenty of functionalities. However if you want to go deep into web application filtering or maybe you need to… Continue reading ModSecurity – Using Lua scripts with ModSecurity
Is your file upload extremely slow after activating ModSecurity or some rule ? If you happen to experience extremely slow file uploads after activating some ModSecurity rules, there is one thing you should definetely check. Recently I was trying to use the following directive: SecStreamInBodyInspection On in order to give me access to… Continue reading ModSecurity (WAF) – File upload is extremely slow
ModSecurity rule development … pitfalls ! Recently I’m more and more involved in development of web application firewall (waf) rules, for blocking diverse attack vectors and protecting web applications. In the course of rule writing, there were some little faults, which caused me to loose tens of hours for debugging, testing and deep duck into… Continue reading ModSecurity (WAF) – Pitfalls during security rule development
Using ModSecurity for filtering application level requests is great. Let suggest you have been successfully using ModSecurity for filtering, attack detection/prevention and all kind of weird stuff. Then you suddenly come to the moment, when you need to parse TEXT/XML request bodies….well here comes the HELL. In order to make anything clear I… Continue reading ModSecurity (WAF) 2.9.0 parsing and matching upon text/xml request bodies
Sooner or later, people decide that they need to parse response body in order to detect or prevent some malicious activity. Web application firewalls are useful for exactly the same goal. Whenever it comes to WAF, Mod security is the DIY tool for many people. It has nice integration for parsing response body, but there… Continue reading ModSecurity (WAF) – Parsing the response body or what you need to know about it
A lot of people start thinking about scanning the uploaded files in order to improve their site security. Giving the fact that Apache is the most used web server out there, one way to achieve such thing is by using the powerfull mod_security. Mod_Security has option, where you can tell it to scan certain… Continue reading Scan uploaded files with Apache + mod_security + scanner script