mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit)

Posted by soapy | Linux Tutorials | Wednesday 15 October 2008 2:09 pm

Step-by-step installation illustration
Here is a 15 minute procedure to setup an SSL-aware Apache test-only webserver under /usr/local/apache/ (for the complete detailed installation step-by-step list please read the INSTALL file):
Fetch and extract the distributions of Apache, mod_ssl and OpenSSL
(more…)

Useful commands for the Linux command line

Posted by soapy | Linux Tutorials | Wednesday 15 October 2008 1:10 pm

This short guide shows some important commands for your daily work on the Linux command line.
arch
Outputs the processor architecture.

$ arch

i686
cat
Outputs the contents of a file.
(more…)

Create Users And Change Passwords With A Bash Script

Posted by soapy | Linux Tutorials | Wednesday 15 October 2008 1:07 pm

These two scripts are very important for the system admin who regularly works with mail servers and somehow forgets to backup his system username and password! Let’s say somehow we lost the usernames and passwords of the mail server. In this case the admin has to manually create all the users and then change the passwords for all the users. Tedious job. Let’s make our life easier.
(more…)

Secure Your Apache With mod_security

Posted by soapy | Linux Tutorials | Wednesday 15 October 2008 1:02 pm

This article shows how to install and configure mod_security. mod_security is an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc.
(more…)

Security Testing your Apache Configuration with Nikto

Posted by soapy | Linux Tutorials | Wednesday 15 October 2008 12:15 pm

Introduction

By now you’ve got the perfect setup for your new Ubuntu 6.0.6 (Dapper Drake) box. You may have even followed the excellent Intrusion Detection and Prevention with BASE and Snort tutorial. And as an added precaution you installed DenyHosts to prevent hack attempts via ssh. But now that you’ve got your new LAMP server on the internet, how can you tell that your new web server is secure? You test it, of course!
(more…)

Secure Websites Using SSL And Certificates

Posted by soapy | Linux Tutorials | Wednesday 15 October 2008 12:08 pm

This how-to will guide you through the entire process of setting up a secure website using SSL and digital certificates. This guide assumes that you have already a fully functional (and configured) server running Apache, BIND, and OpenSSL. Just as a side note, this guide was written based on a Fedora Core 6 distribution, but should be the same for most other distros out there.

Introduction
(more…)

How To Block Spammers/Hackers With Apache2’s mod_spamhaus (Debian Etch)

Posted by soapy | Linux Tutorials | Wednesday 15 October 2008 11:58 am

mod_spamhaus is an Apache module that uses DNSBL in order to block spam relay via web forms, preventing URL injection, block http DDoS attacks from bots and generally protecting your web service denying access to a known bad IP address.

1. Installation
(more…)