Category: "Security"

Version Hiding for Server and Application Security

One of the easiest ways to make a server or application more secure it to reduce the publicly accessible information. The above link describes how the versions can be suppressed in the HTTP headers to make it more difficult for people to identify th… more »

md5('just_a_test')

With sincere thanks to the associated URL, this is .htaccess code that can be used with b2evolution to deny access to requestors who include http: or ftp: on the query string. This is slightly different than the other post - it seems to be working. [L,… more »

curl

This is the second half of the prior post - how to find out what version of PHP are running on your server. Use curl with the -I (uppercase i) option, followed by the domain name to get the HTTP headers. There are many options you can use with curl, an… more »

Great SSL Explanation

This is a great explanation of how to do SSL certificates. http://dertompson.com/index.php/2007/02/10/requiring-a-client-certificate/ more »

Cleaning after a hack

Here are some tips for cleaning up after your site/server has been hacked. Look at the files that don't belong - find a common pattern. Most have one. Use grep -rl pattern * to find all the affected files. If you pipe the output to a file, you ca… more »