Archive / Web Security

RSS feed for this section

read the latest news and articles regarding the internet security field in order to keep you up to date to this forever changing environment

Import public certificate and private key to Windows

We have our private key file named private.key and server certificate received from your certificate authority named here ServerCertificate.cer Step 1: for windows we need to generate the pfx file so with openSSL:

Step 2: open the new file … Continue reading

List incoming live requests

In order to list all incoming requests to get a hang of what’s happening with your server in real time you can use the command bellow. Make sure you have enabled mod_security audit. Because I use whm/cpanel this was possible … Continue reading

Some DOS/DDOS protection

Bellow I describe how to avoid some denial of service attacks TCP syn flood attacks This kind of attack assumes that an attacker is sending syn packets to the server but not any ACK packets, because of this breaking the … Continue reading

Generate unbreakable passwords from php

This is a short post to share my favorite way of generating strong passwords in php. The advantage over other functions you’ll find over the internet is that it makes sure it uses all the character sets also making sure … Continue reading

fix for an iframe injection attack

more and more people, including some of my clients get attack by various versions of iframe injections. One of them, includes injecting a php file inside the host. after that, by various means, in all the htaccess files it’s injected … Continue reading