MySQL sleep() command injection attacks: how not validating your PHP user input can lead to Denial of Service (DoS) attacks against websites and back-end database servers. Simply by putting "AND sleep(3)" in the address bar... Here is how to put a MySQL server to sleep, happy SQL injection!
Read more...
Published on Tuesday, 5 August 2014
Learn how to override wp-mail() and send secure email using authenticated SMTP and StartTLS from WordPress.
Published on Tuesday, 29 July 2014
Important Magento maintenance, now for IIS too: optimize the speed and performance of your Magento ecommerce webshop by carrying out important maintenance. Remove old MySQL database log files and Magento cache data on a regular basis.
Read more...
Published on Friday, 25 July 2014
Website DDoS protection with mod_evasive. Mod_evasive is a module for Apache and Windows Server IIS (using Helicon Ape). It provides protection and evasive action in the event of an HTTP DoS-, DDoS or brute force attack. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denies an IP address access to a website if it's requesting the same page more than 10 times a second. This is configurable.
Read more...
Published on Thursday, 24 July 2014
WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites... Secure WordPress xmlprc.php interface and reduce service disruption.
Read more...
Published on Monday, 7 July 2014
Windows Server IIS loves to tell the world that a website runs on IIS. It does so with the `Server:` header in the HTTP response, as shown below. In this post I'll show you how to remove HTTP response headers in Windows Server IIS. You don't want to give hackers too much information about your servers, right?.
Published on Sunday, 6 July 2014
When a Windows Communications Foundation (WCF) web service returns a 404 Not Found error, after installing the HTTP-Activation feature in IIS, you might need to add an extra Handler to your IIS configuration.
Published on Monday, 30 June 2014
Learn how to speed-up Joomla performance on Windows Server IIS using these 8 simple, but important, tips. Add caching, gzip compression, set your sessions & optimize MySQL database functions.
Published on Sunday, 29 June 2014
Why MySQL indices are so important? Here at Vevida, we like to help our customers as much as possible. Even with optimizing a MySQL database when they don't ask for it, or when a customer doesn't know performance can be improved. For example by adding an index because we spotted a slow query in our slow-query log.
Published on Saturday, 21 June 2014
Ghost Publishing platform uses Nodemailer to send e-mails with Node.js. It can send e-mail using SMTP, sendmail or Amazon SES and is Unicode friendly. As you know, more and more web hosting providers require SMTP authentication (often abbreviated as SMTP AUTH) and a TLS encrypted connection to send email. Here you'll find some script examples to Send secure SMTP email from your website.
Read more...
Published on Thursday, 19 June 2014
In the earlier days of MySQL, the default storage engine for your database tables was "MyISAM". InnoDB is the engine to use now, and MyISAM is no longer actively developed. Therefore all MySQL optimizations are for InnoDB, and it's recommended to switch from MyISAM to this InnoDB storage engine for your MySQL database tables. Follow this tutorial on how to convert from MyISAM to InnoDB.
Published on Thursday, 19 June 2014
I wanted migrate from WordPress to Ghost, but failed. Here's the write up.
Published on Monday, 16 June 2014
From time to time you need to flush MySQL's query_cache to prevent fragmentation of free query cache memory space. In this post, you'll learn how to flush the MySQL query cache unattended / automatic through a Linux cronjob and manually on the MySQL shell.
Published on Sunday, 15 June 2014
How to delete all MAILER-DAEMON emails from your Postfix queue, when it matches a sender or recipient email address condition. In Postfix, there are various similar commands to delete messages from the Postfix mail queue, based on the Message-ID and/or email address for example...
Published on Wednesday, 4 June 2014
Learn how to install WebSocket Protocol support in Windows Server IIS 8.0 using PowerShell's Install-WindowsFeature.
Published on Tuesday, 27 May 2014