Tagged: security


Detecting and blocking click fraud on asp.net sites

Google policies dictate prevention of click fraud falls on the shoulders of the site owner and bans AdSense accounts for invalid clicks with practically no chance of getting that account back in good standing. Here’s how to detect and prevent invalid clicks on your sites AdSense advertisements.


Installing an Intrusion Detection System (IDS) and Reporting Interface

An intrusion detection system (IDS) can perform log analysis, check file integrity, monitor policy changes, and keep an eye out for rootkit installations and alert you when a threat is first suspected. The IDS that I chose for my host was OSSES HIDS, an open source host-based Intrusion Detection System offered by Trend Micro. Here’s how I installed OSSEC on my hosted Linux VPS and Splunk on a local Windows machine to monitor.


Gaining Shell Access via Local File Inclusion Vulnerabilities

My firewall caught some odd injection attempts which lead to research on the intent of the hackers. Turns out it was an attempt to gain Shell access via Local File Inclusion vulnerabilities and injection of malicious code in proc/self/environ. Research lead to the following step-by-step instructions on what was being attempted (listed below).

WordPress .htaccess Tips and Tricks 0

WordPress .htaccess Tips and Tricks

.htaccess files (or “distributed configuration files”) provide a way to make configuration changes on your Wordpress site on a per-directory basis. A .htaccess file, containing one or more configuration directives, is placed in a particular document directory on your Wordpress site, and the directives apply to that directory, and all subdirectories thereof. Using directives in .htaccess, you can block spam, secure your website, and control other website actions.


Hardening WordPress Security

Wordpress out of the box is fairly secure but there are still some pretty big holes. In addition, hosting environments and installation requirements often introduce gaping security holes in the Wordpress framework. Below are a few best practices to help secure your Wordpress framework.

Passwordless logins in Unix 0

Passwordless logins in Unix

Connecting via SSH, requires a user provide his identity to the remote machine using one of several methods. One method lets you access the remote system without entering a password at each login. Normally, when you log in to a system, you authenticate by entering your password for that system. Your password goes, as it is typed, to the remote system, which authenticates it against the /etc/passwd or /etc/shadow file. By contrast, SSH allow a “password-less” authentication method based on public-key cryptography.

Security and Hacking Notes 0

Security and Hacking Notes

Encryption and Authentication DESCRIPTION Privacy protection using DES (symmetric algorithm) involves the use of two secret keys. Each party must share their secret key with others. This makes this sort of encryption difficult to...