Tag Archives: Security

Vulnerabalities SMTP helo without athentication

18 Oct

I would like to highlight a case study where recently I learned that most of mailserver especially based on exim have no SMTP verification for the HELO/EHLO request on the default port (25) by default. Case: A spammer can simply telnet to the target mailserver of certain domain and sending email as a valid user […]

FREE SSL by StartSSL

27 Feb

StartSSL offering free SSL for public. However, the limitation is now by wildcard and subdomain only. For single domain name SSL, we have to purchase for it. But, I believe that’s better than nothing. At least it can be use for academic research or for Student final year project.  

Malware hunting tips (Linux based server)

17 Sep

Sometimes, in a very rare case, your website might be infected or injected with a bad code@malware. If such case happen to you, (It happened to me few times since I’m very lazy to update myown blog cms patches,update and etc. haha) here is some tools that I can suggest to “hunt” for bad code. […]

Joomla!! Vulnerability Scanning with Joomscan

19 Jun

WARNING!!! This should be use for academical purpose only. It is Sunday, suddenly I feel sooo boring (even tough a lot of thing I can do eg: Sleep ). I would like to share how to check for possible┬ávulnerabalities for your Joomla!! based website, using one of tools that listed in OWASP project. The project […]

Web Owner, Security and ….

23 Feb

Recently all over Malaysia, there are hundreds attacked web page reported. Especially after Malaysia vs Indonesia in a footbal match (I forgot what’s the match name). In my experience (which not yet well experienced) . SQL injection and template hacking is the most common way that attacker “Hack” the website. Most of user will have┬ámisconception […]

Advanced Intrusion Detection Environment – AIDE

24 Jan

Recently, I tried to install Open Source version of tripwire. Tested successfully on several fresh install OS – CentOS and Fedora. However, during deployment many things happen, it failed to initialize database, utilized mountain scale of CPU load and etc. I think to search something else than tripwire, and found AIDE. A tripwire replacement. I […]

File Integrity Check with tripwire.

18 Jan

I’ve been assign by manager to monitor changes using tripwire. Here is some of the Main Point I would like to share. This version of tripwire that I’m using is a open Source Version which you can get it from here :http://sourceforge.net/projects/tripwire/. To install it, I just refer to here : http://www.thegeekstuff.com/2008/12/tripwire-tutorial-linux-host-based-intrusion-detection-system/#more-277 Summary : To […]