Messages - ChalkTrauma [ switch to compact view ]

Pages: [1] 2 3 4 5 6 ... 24next
1
General Software Discussion / Re: MeediOS: A promising HTPC frontend.
« on: September 28, 2010, 09:55 AM »
Just an FYI.. XBMC for XBOX is still alive and well over here: http://www.xbmc4xbox.org/  :Thmbsup:

Still love my modded XBOX...

2
Developer's Corner / Black box testing an OSS PHP CMS
« on: July 07, 2010, 10:05 AM »
This question is geared more towards the e107 CMS, but it really applies to all CMS solutions.

I recently developed a website for my wife for her photography.

A few days ago it was hacked by a botnet intrusion. I luckily caught it within hours.

http://php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/index.html

I pulled it down and nuked the install, and began the post-mortem of the logs. As I looked through all the logs I could see the site continuously being hammered by bots trying to find vulnerabilities. I was actually fortunate that the scripting was so focused on the specific task of turning the site into another botnet node to spread to other machines and send out spam that is did very little damage to any content. 

It was a sobering lesson in web security and what it is like out there in the wild. I highly recommend making sure you compress and save your website access logs and from time to time just skim through them looking at web activity, you can find other cool stuff like where people are coming from to download stuff from your site. I actually found some software reviews for some of my freeware I didn't know existed and found some people deep linking to images on my site that were simply pieces of the site navigation..

I guess for all the time I have been a user of the internet and web technologies I'm pretty naive..

So the next question is what to do with this information.

I know there are some simple steps I can take to lock down what php can do and change some of the CMS file names so the bots can't find them, because they seem to be using profiles to search for known exploits.

But beyond that I think I need to both increase my knowledge so I don't code up anything that lets the baddies in, but I can't know everything an OSS CMS is doing and while an automated solution can't catch everything it is a good place to start.

So I'm wondering if there is any OSS black box testing solution out there that people have used to at least test for the most obvious and common exploits?


3
General Software Discussion / Re: What to use to secure delete a HDD?
« on: June 01, 2010, 12:35 PM »
+1 for Darik's Boot and Nuke.

If you need the version for a bootable floppy get this:

http://sourceforge.net/projects/dban/files/dban/dban-1.0.7/dban-1.0.7_i386.exe/download

It will create the floppy for you..

Otherwise use the latest and greatest to make a bootable CD.


4
General Software Discussion / Re: Clipboard Managing-Which one?
« on: May 06, 2010, 02:38 PM »
Didn't see anyone mention CLCL yet ( http://www.nakka.com/soft/clcl/index_eng.html ).. been using it for years..  :Thmbsup:

5
General Software Discussion / Re: Redirect screen output to clipboard
« on: November 11, 2009, 10:11 PM »
Well guys and gals I know it has been a while, a few things came up and monopolized my time but I'm finally ready to realease my set of command line tools. So those you who are interested, head on over to the new thread in the "Other Programs" forum..

Pages: [1] 2 3 4 5 6 ... 24next
Go to full version