Category: Security
Simple CVE: CVE-2018-6389 protection
There’s a DoS problem with WordPress CMS and it won’t be fixed by it’s creators. I’ve decided to create a simple not intrusive solution for Apache hosted websites. Please click Continue reading for details.
How to find network device using it’s manufacturer name?
I’ve previously posted a note about finding Raspberry Pi without knowing it’s ip address. Well, basically it’s the same… Only you need to change MAC prefix to find other manufacturer. To wrap this is up, this is a command to find device by MAC prefix: sudo nmap -sP 192.168.100.0/24 | awk ‘/^Nmap/{ip=$NF}/00:D0:23/{print ip}’ And here […]
Fastest way to find if your WordPress has known vulnerabilities
There is a nice little tool known as WPScan (click read more to find how to install it).
How to scan your network for WannaCry vulnerability (SMBv1 MS17-010)?
This tutorial is for Linux systems, especially Debian derivatives.
Hunt for scammer
This is a brief history of scammer hunt that I’ve conducted today with my buddy from work.
How to obscure your WordPress version and troll the attacker a little…
One of my company’s WordPress installations has been hacked by Turkish hackers recently. After quick investigation I’ve found that script version was little bit old (not a very popular website, mea culpa, not updated very often). In case you didn’t know, WordPress is bundled with readme file by default. I’ve found that malicious scripts or […]
How to setup pushover alert on logon event in Windows
In this post I’ll show you how to configure Pushover with Windows server. In this specific case it will notify you when someone logs onto your machine.
Simpliest way to obfuscate e-mail address using jQuery
Here is a simpliest jQuery code to protect e-mail addresses on your website from spam bots. Just put this in a script tag into the head section: $(window).load(function() { // anti spam var r=’random-string’; $(‘.’+r).each(function() { var $this = $(this), value = new String($this.text()); value = value.replace(‘[‘+r+’]’, ‘@’); $this.replaceWith($(”).text(value).attr(‘href’, ‘mailto:’+value)); }); }); Now replace random-string with any […]
How to remove unwanted HTTP Response Headers in IIS 7.5
Hiding server software is one of ways to protect your services from hackers. It’s quite easy to obscure IIS identity. In few steps I’ll show you how to accomplish this task on WIMP stack.
PHP malicious code analysis no. 1
I found this piece of a PHP malware code on a compromised web server that I started to administer. It’s name was random character string eg. acbjxuu.php. There were about 20 more scripts of this kind. It’s rather very simple script for spaming purposes. For your understanding I’ve wrote what it’s doing in comments between code […]