- Web Server
- Control Panels
- Site Map/RSS Feeds
How To Harden PHP5 With Suhosin On Mandriva 2007 Spring
This tutorial shows how to harden PHP5 with Suhosin on a Mandriva 2007 Spring server. From the Suhosin project page: "Suhosin is an advanced protection system for PHP installations that was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against buffer overflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections."
How to Avoid Being Blacklisted
A blacklist usually refers to a list of e-mail or IP addresses known to send spam e-mails or some other type of unsolicited messages. Such lists are currently used by mail servers for filtering incoming e-mails and blocking the ones listed, in order to improve mail security and integrity. The blacklist is also the opposite of what is called a whitelist.
Installing ModSecurity2 On Debian Etch
This article shows how to install and configure ModSecurity (version 2) for use with Apache2 on a Debian Etch system. ModSecurity is an Apache module that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc.
TrueCrypt Tutorial: Truly Portable Data Encryption
is a free software that encrypts data “on-the-fly”. Right now the newest version released is version 4.3. You can create an encrypted hard drive, a separate partition or a directory with TrueCrypt. It doesn’t simply encrypt the content of files, but their names and the names of the directories they are in as well. Moreover there is no way to check the size of the encrypted directory/HDD/partition. TrueCrypt is available for Windows and Linux.
How to secure an SSL VPN with one-time passcodes and mutual authentication
SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC. Unfortunately, that was before the dangers of public WiFi networks and tougher regulatory requirements came into being. Thanks to WiFi, many attacks that were difficult are now quite simple. In particular, a man-in-the-middle attack can intercept SSL-encrypted traffic, rendering SSL-based VPNs useless - even if it's protected by a typical one-time password system. The man-in-the-middle can easily feed the one-time password into the SSL-based VPN within the alloted time.
Entering A Safe Mirror When Logging In With Unionfs And Chroot
When reading a 'hint' on the website of LinuxFromScratch I discovered the special capabilities of unionfs, specially in combination with chroot. Later I read a HowTo on a wikiwebsite of Gentoo, about entering a chrooted homedirectory when using a special script as shell. Combining these two brings me to using a chrooted environment, which you enter when logging in as a special user. This environment is a exact copy (mirror) of the system you're working on. Because you're in safe copy of the real system, you can do whatever you like, it will never change the system, everything stays inside the cache (the readwrite branch).
Introduction to Antispam Practices
Competitive Antispam products, proper legislation, efforts towards a better user education, it has all been tried in order to stop spam. However, unsolicited emails keep consuming the space and time of all email users. Moreover, spam messages can be the cause of serious virus and spyware outbreaks, while others “phish” for sensitive information like bank accounts and passwords.
Introducing Remo - An Easy Way to Secure an Insecure Online Application with ModSecurity
Say you have a nasty application on your Apache webserver that has been installed by some jerks from the marketing department and you can neither remove nor patch it. Maybe it is a time problem, a lack of know-how, a lack of source-code, or possibly even political reasons. Consequently you need to protect it without touching it. There is ModSecurity, but they say this is only for experts. A straightforward alternative is Remo, a graphical rule editor for ModSecurity that comes with a whitelist approach. It has all you need to lock down the application.
Virtual Users And Domains With Postfix, Courier And MySQL (Debian Etch)
This document describes how to install a mail server based on Postfix that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses.
How To Block Spam Before It Enters The Server (Postfix)
The last few weeks have seen a dramatic increase in spam (once again). Estimates say that spam makes now up for 80 - 90% of all emails, and many mail servers have difficulties in managing the additional load caused by the latest spam, and spam filters such as SpamAssassin do not recognize large parts of that spam as they did before. Fortunately, we can block a big amount of that spam at the MTA level, for example by using blacklists, running tests on the sender and recipient domains, etc. An additional benefit of doing this is that it lowers the load on the mail servers because the (resource-hungry) spamfilters have to look at less emails.