Categories

A sample text widget

Etiam pulvinar consectetur dolor sed malesuada. Ut convallis euismod dolor nec pretium. Nunc ut tristique massa.

Nam sodales mi vitae dolor ullamcorper et vulputate enim accumsan. Morbi orci magna, tincidunt vitae molestie nec, molestie at mi. Nulla nulla lorem, suscipit in posuere in, interdum non magna.

Web Development

Apache file permissions and ownership – A security issue

Good post? Please, share it...
Pin It

A Joomla developer asked on a forum: “I have a joomla site which is using linux hosting. when i am going to install a module, it is showing an error…

A Joomla developer asked on a forum: “I have a joomla site which is using linux hosting. when i am going to install a module, it is showing an error “* JFolder::create: Could not create directory* Unable to create destination”.”

Someone had suggested that this developer should change the file permissions temporarily to 777 (read/write for everyone), in order to get over this obstacle. I told him that “You should not set anything on the site to 777. Absolutely ALL directories should be 755 and files 644 (except a couple of crucial files in the root, which should be 444, for safety). Temporarily setting directories to 777 is a ‘worst case scenario’ solution and should only ever be used in serious emergencies. Permanently doing this is a total no-no! If the /temp, /administrator/modules and /modules directories are set to 755 and the log file path is correct, then the problem

Click the title, above, to continue reading […]

Web Development

Another web-site hack, anatomized – Epilogue

Good post? Please, share it...
Pin It

I hold up my hands and say that I was wrong, in the conclusion I came to at the end of my last blog. I hadn’t detected the presence of…

I hold up my hands and say that I was wrong, in the conclusion I came to at the end of my last blog. I hadn’t detected the presence of the strange strings, added to the URLs of menu links. I had merely detected a symptom.

In fact the problem was that pretty much every SEF-related file on the site had been hacked. The SEF code was merely reading the request-headers and extracting a piece of the URL requested, to add to the menu links. So, whenever a request was made to an obsolete, non-existing page, the request was hijacked and part of the URL requested was inserted into the menu link. Fiendishly ingenious!

Needless to say, once I had traced the problem, I was able to clean it out and eliminate it, finally fixing the site. I also put in some additional security measures and gave instructions on how

Click the title, above, to continue reading […]

Web Development

Another web-site hack, anatomised

Good post? Please, share it...
Pin It

Recently, I came across a newspaper web-site, in the UK, which had been hacked. The owner reported that there was a security problem. The moment I visited the site, I was immediately warned by my security tools that the site had been blocked from delivering an evil payload to my machine. This is how I fixed the problem.

Click the title, above, to continue reading […]

Web Development

Anatomy of a web-site hack

Good post? Please, share it...
Pin It

I recently found myself with a huge amount of investigative work, to find out all I could, about a customer of mine’s hacked web-site. Of course, I didn’t exclude myself…

I recently found myself with a huge amount of investigative work, to find out all I could, about a customer of mine’s hacked web-site.

Of course, I didn’t exclude myself as a possible cause of the problem. Neither did I exclude my client, her assistant, a rogue employee of the hosting service or a remote third party. In order to make sure that the site was safe, I just had to investigate, as well as take all other necessary security measures.

It all began with a mail from the client, on 8th January, that the hosting service had ‘detected unusual FTP activity’ from a named FTP account and that they had deleted the account. I told the client that I never heard of that account and that this was, in fact, suspicious, as the hosting service had suggested. The client informed me “ok I am on it…”, so I left

Click the title, above, to continue reading […]

Ray's personal life

Networking insanity

Good post? Please, share it...
Pin It

To follow up a bit on my last blog, this is a much more serious subject. A friend of mine got cyber-scammed a few weeks ago, because a friend of…

To follow up a bit on my last blog, this is a much more serious subject.

A friend of mine got cyber-scammed a few weeks ago, because a friend of hers had compromised his account details and a scammer used them to email her to send money. She did – TWICE! and lost a total of the kind of money that most Europeans and Americans, work very hard for many weeks for.

Recently, a renowned computer expert of her acquaintance advised her to get a Gmail account, rather than use the secure account that her excellent ISP gave her. This is not in addition to that, but instead of that!

Having done that, yesterday, she mailed me and, without any reason, included her entire Google ID details, inclusive password!

So, I naturally mailed to warn her emphatically to change the password, because e-mails are public NOT private. Anything I can

Click the title, above, to continue reading […]