Tag Archives: Security

Vulnerabalities SMTP helo without athentication

18 Oct

I would like to highlight a case study where recently I learned that most of mailserver especially based on exim have no SMTP verification for the HELO/EHLO request on the default port (25) by default. Case: A spammer can simply telnet to the target mailserver of certain domain and sending email as a valid user […]


27 Feb

StartSSL offering free SSL for public. However, the limitation is now by wildcard and subdomain only. For single domain name SSL, we have to purchase for it. But, I believe that’s better than nothing. At least it can be use for academic research or for Student final year project.  

Malware hunting tips (Linux based server)

17 Sep

Sometimes, in a very rare case, your website might be infected or injected with a bad code@malware. If such case happen to you, (It happened to me few times since I’m very lazy to update myown blog cms patches,update and etc. haha) here is some tools that I can suggest to “hunt” for bad code. […]

Joomla!! Vulnerability Scanning with Joomscan

19 Jun

WARNING!!! This should be use for academical purpose only. It is Sunday, suddenly I feel sooo boring (even tough a lot of thing I can do eg: Sleep ). I would like to share how to check for possible┬ávulnerabalities for your Joomla!! based website, using one of tools that listed in OWASP project. The project […]

Web Owner, Security and ….

23 Feb

Recently all over Malaysia, there are hundreds attacked web page reported. Especially after Malaysia vs Indonesia in a footbal match (I forgot what’s the match name). In my experience (which not yet well experienced) . SQL injection and template hacking is the most common way that attacker “Hack” the website. Most of user will have┬ámisconception […]

Advanced Intrusion Detection Environment – AIDE

24 Jan

Recently, I tried to install Open Source version of tripwire. Tested successfully on several fresh install OS – CentOS and Fedora. However, during deployment many things happen, it failed to initialize database, utilized mountain scale of CPU load and etc. I think to search something else than tripwire, and found AIDE. A tripwire replacement. I […]

File Integrity Check with tripwire.

18 Jan

I’ve been assign by manager to monitor changes using tripwire. Here is some of the Main Point I would like to share. This version of tripwire that I’m using is a open Source Version which you can get it from here :http://sourceforge.net/projects/tripwire/. To install it, I just refer to here : http://www.thegeekstuff.com/2008/12/tripwire-tutorial-linux-host-based-intrusion-detection-system/#more-277 Summary : To […]