php - Sysadmins of the North

Increase in SQL injection attacks

Since a week or so, I notice a huge increase in SQL injection attacks on various websites. Anyone else seeing the same SQL injection attacks lately? This increased SQL injection activity - on various web sites and databases - has the following characteristics:

Published on Thursday, 7 August 2014

MySQL sleep() attacks

MySQL sleep() command injection attacks: how not validating your PHP user input can lead to Denial of Service (DoS) attacks against websites and back-end database servers. Simply by putting "AND sleep(3)" in the address bar... Here is how to put a MySQL server to sleep, happy SQL injection!

Published on Tuesday, 5 August 2014

Magento maintenance script for IIS

Important Magento maintenance, now for IIS too: optimize the speed and performance of your Magento ecommerce webshop by carrying out important maintenance. Remove old MySQL database log files and Magento cache data on a regular basis.

Published on Friday, 25 July 2014

Huge increase in WordPress xmlrpc.php POST requests

WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites... Secure WordPress xmlprc.php interface and reduce service disruption.

Published on Monday, 7 July 2014

How to: Test MySQL database connectivity in ASP.NET, PHP, ASP

Whenever you need a MySQL connectivity test from a website or server, it's handy to have various test scripts nearby. Whether it is because you are setting up a new website or you have just installed a new server and are running your tests.

Published on Monday, 26 May 2014

How to hide the .php file extension with IIS URL Rewrite Module

Sometimes it's important to remove (or hide) the file extension of scripts you use. Security by obscurity might be that reason, if you don't want others to know what script language you are using for your website, or for static site hosts.

Published on Friday, 23 May 2014

How to clean up Contact Form 7 temporary captcha files on IIS web servers

Contact Form 7 (CF7) is a WordPress plugin that provides a simple but flexible contact form. On IIS, Contact Form 7 captcha has one HUGE disadvantage: temporary captcha files placed in wp-content/uploads/wpcf7_captcha, are not automatically removed. The files are made read only. Here is how to remove Contact Form 7 temporary captcha files on IIS...

Published on Monday, 28 April 2014

Validate MIME types with PHP Fileinfo

How to check the file type in PHP and secure file uploads: it is important to validate MIME types in PHP. Especially of files uploaded through an upload form to your website.

Published on Sunday, 27 April 2014

Set or remove the read-only attribute assigned to files with PHP chmod

Chmod.php, change file attributes with PHP to make files read only or normally accessible on Windows IIS servers. Sometimes you need chmod to make files read only on your website, or make them normally accessible in case they already are read only. For instance Drupal's settings.php configuration file, or WordPress Contact Form 7 temporary captcha files, are examples of read-only files.

Published on Sunday, 27 April 2014

WordPress plugin "In Over Your Archives" Call-time pass-by-reference fix for PHP 5.4

Here is how to fix PHP "Call-time pass-by-reference has been removed in ..." errors in PHP and WordPress.

Published on Wednesday, 23 April 2014

Newer

Older

windows-server (96) iis (80) powershell (76) php (54) wordpress (45) mysql (36) windows (34) performance (28) linux (23) web.config (23) Website (22) htaccess (20) aspnet (19) url-rewrite-module (19) sql-server (18) bash (18) optimization (18) ssl (17) plugin (13) windows-10 (12) devops (11) monitoring (11) security (10) gnu-linux (10) appcmd (10) wsl (9) smtp (9) wincache (9) wmi (8) zabbix (8) windows-update (8) opcache (8) openssh (7) database (7) dism (7) iis-60 (7) sysops (6) wsus (6) apache (6) hyper-v (6) virtualization (6) spam (6) functions-php (6) classic-asp (6) ddos (6) password (5) email (5) active-directory (5) joomla (5) command-line (5) application-pool (5) blacklist (5) t-sql (4) wql (4) https (4) group-policy (4) backup (4) connector-net (4) debug (4) logparser (4) network-adapter (4) dns (4) query_cache (4) ghost (4) iisnode (4) node-js (4) vbscript (3) umbraco (3) windows-firewall (3) brute-force (3) ftp (3) postfix (3) forensics (3) benchmark (3) xss (3) disk-cleanup (3) disk-space (3) sql-injection (3) openssl (2) net-core (2) visual-studio (2) windows-defender (2) rdp (2) connector-odbc (2) c (2) mysqldump (2) xml-rpc (2) smb (2) cross-site-scripting (2) innodb (2) httpbl (2) centos (2) magento (2) denial-of-service (2) deployment (2) windows-deployment-services (2) mysqli (2) open-xchange (2) waf (2) web-application-firewall (2) windows-11 (1) ipv6 (1) networking (1) sqlce (1) tinymce (1) Prianha-CMS (1) kvm (1) http-3 (1) quic (1) wmsvc (1) database-mirroring (1) service-principal-names (1) spn (1) jetpack (1) api (1) kms (1) elasticsearch (1) red-hat (1) varnish-cache (1) dhcp (1) jquery (1)