Using .htaccess to secure your /cgi-bin/ folder and php.cgi, php.ini files and other interpreters.
read more | digg story
29.1.08
Log all .htaccess/.htpasswd logins
Log and debug usernames and passwords used to login to a htaccess basic authorization protected website using php.
read more | digg story
read more | digg story
23.1.08
Locate weak web application password hashes
Search rainbow tables for a match to a md5 or sha1 password hash to locate weak web app passwords to improve security.
read more | digg story
read more | digg story
Cracking Hashes
Web Applications like phpBB, WordPress, almost all online apps with authorization capability store user passwords by creating an encrypted hash of your password. The hash is unique to the password so hashing the password in the future will result in the same hash every time.
16.1.08
156 Useful Run Commands
156 Useful Run Commands: "To Access…. Run Command
Accessibility Controls
access.cpl
Accessibility Wizard
accwiz
Add Hardware Wizard
hdwwiz.cpl
Add/Remove Programs
appwiz.cpl
Administrative Tools
control admintools
Adobe Acrobat (if installed)
acrobat
Adobe Designer (if installed)
acrodist
Adobe Distiller (if installed)
acrodist
Adobe ImageReady (if installed)
imageready
Adobe Photoshop (if installed)
photoshop
Automatic Updates
wuaucpl.cpl
Bluetooth Transfer Wizard
fsquirt
Calculator
calc
Certificate Manager
certmgr.msc
Character Map
charmap
Check Disk Utility
chkdsk
Clipboard Viewer
clipbrd
Command Prompt
cmd
Component Services
dcomcnfg
Computer Management
compmgmt.msc
Control Panel
control
Date and Time Properties
timedate.cpl
DDE Shares
ddeshare
Device Manager
devmgmt.msc
Direct X Control Panel (If Installed)*
directx.cpl
Direct X Troubleshooter"
Accessibility Controls
access.cpl
Accessibility Wizard
accwiz
Add Hardware Wizard
hdwwiz.cpl
Add/Remove Programs
appwiz.cpl
Administrative Tools
control admintools
Adobe Acrobat (if installed)
acrobat
Adobe Designer (if installed)
acrodist
Adobe Distiller (if installed)
acrodist
Adobe ImageReady (if installed)
imageready
Adobe Photoshop (if installed)
photoshop
Automatic Updates
wuaucpl.cpl
Bluetooth Transfer Wizard
fsquirt
Calculator
calc
Certificate Manager
certmgr.msc
Character Map
charmap
Check Disk Utility
chkdsk
Clipboard Viewer
clipbrd
Command Prompt
cmd
Component Services
dcomcnfg
Computer Management
compmgmt.msc
Control Panel
control
Date and Time Properties
timedate.cpl
DDE Shares
ddeshare
Device Manager
devmgmt.msc
Direct X Control Panel (If Installed)*
directx.cpl
Direct X Troubleshooter"
IP Abuse Detection for DreamHost
Scan your Apache logs on DreamHost to locate Abuse by IP addresses. Generates .htaccess file to block them.
read more | digg story
read more | digg story
10.1.08
Apache .htaccess Directives and Loaded Modules allowed on DreamHost Servers
Apache .htaccess Directives and Loaded Modules allowed on DreamHost Servers: "For those of you web insiders smart enough to be using DreamHost, here's a list of available modules and directives allowed. They should help you utilize all the incredible features available on the Apache 2 install. See the Directive Quick Reference for detailed .htaccess directive info, or Apache Module Reference for module information.
Available Modules on DreamHosts Apache 2 Servers
mod_access
Provides access control based on client hostname, IP address, or other characteristics of the client request.
mod_actions
This module provides for executing CGI scripts based on media type or request method.
mod_alias
Provides for mapping different parts of the host filesystem in the document tree and for URL redirection
mod_asis
Sends files that contain their own HTTP headers
mod_auth
User authentication using text files
mod_auth_anon
Allows 'anonymous' user access to authenticated areas
mod_auth_dbm
Provides for user authentication using DBM files
mod_auth_digest
User authentication using MD5 Digest Authentication.
mod_auth_mysql
MySQL-based authentication module with VirtualHost support (you need only one database for all VirtualHosts), now with SSL Support for the Connection to the MySQL-Server
mod_auth_svn
This module grabs the v"
Available Modules on DreamHosts Apache 2 Servers
mod_access
Provides access control based on client hostname, IP address, or other characteristics of the client request.
mod_actions
This module provides for executing CGI scripts based on media type or request method.
mod_alias
Provides for mapping different parts of the host filesystem in the document tree and for URL redirection
mod_asis
Sends files that contain their own HTTP headers
mod_auth
User authentication using text files
mod_auth_anon
Allows 'anonymous' user access to authenticated areas
mod_auth_dbm
Provides for user authentication using DBM files
mod_auth_digest
User authentication using MD5 Digest Authentication.
mod_auth_mysql
MySQL-based authentication module with VirtualHost support (you need only one database for all VirtualHosts), now with SSL Support for the Connection to the MySQL-Server
mod_auth_svn
This module grabs the v"
9.1.08
Vote for the Search Blogs Awards of 2007
Vote for the Search Blogs Awards of 2007: "Nominees for Best Search Blogs of 2007
Best SEO Blog of 2007
* SEOmoz Blog
* Sebastian’s Pamphlets
* Search Engine Roundtable
* Graywolf’s Wolf-Howl
* Tropical SEO
* PageTrafficBlog
* SugarRae
* SEO Scoop
* Search Rank Blog
* SEO by the SEA
* Search Marketing Gurus
* SEO Book"
Best SEO Blog of 2007
* SEOmoz Blog
* Sebastian’s Pamphlets
* Search Engine Roundtable
* Graywolf’s Wolf-Howl
* Tropical SEO
* PageTrafficBlog
* SugarRae
* SEO Scoop
* Search Rank Blog
* SEO by the SEA
* Search Marketing Gurus
* SEO Book"
Custom Google Search Engine for Apache HTTPD Server
Apache CSE Custom Google Search Engine 
Looking for mod_rewrite answers?, a .htaccess file sample, or anything related to the Apache HTTPD Web Server, then use googles free Apache HTTPD Search , which is a Custom Search Engine courtesy of Google.
Want to Contribute?
You can volunteer to contribute links and labels to this CSE.
Bridging XHTML, XML and RDF with GRDDL
Bridging XHTML, XML and RDF with GRDDL: "While SGML and XML languages have had for a long time the possibility to describe syntactic constraints of their vocabularies using DTD and other schema languages, no specific mechanism exists to allow for the mapping between these syntactic constraints and their semantic implications.
GRDDL, a technology in development in W3C, allows to incorporate semantics from XML vocabularies and XHTML conventions into the Semantic Web by re-using existing extensibility hooks of the Web. This paper explains the basic principles of its mechanisms, and explore how it can be applied for various communities.
Table of Contents
Introduction
Bridging semantics across markup languages
GRDDL mechanisms
Specifying a Transformation For a Family of Documents
Specifying a Transformation For an Individual Document
Scenarios of applications
GRDDL status and future development
Specification
Implementations
Test Suite
Conclusion
Bibliography
Changelog
Introduction
Re-using the same same technologies for sharing documents on the Web to share information and data that can be processed directly by computers is an idea as old as the Web itself.
The Semantic Web, built on the Resource Description Framework (RDF), is the point of reference for sharing computer-processable information on the Web. Howeve"
GRDDL, a technology in development in W3C, allows to incorporate semantics from XML vocabularies and XHTML conventions into the Semantic Web by re-using existing extensibility hooks of the Web. This paper explains the basic principles of its mechanisms, and explore how it can be applied for various communities.
Table of Contents
Introduction
Bridging semantics across markup languages
GRDDL mechanisms
Specifying a Transformation For a Family of Documents
Specifying a Transformation For an Individual Document
Scenarios of applications
GRDDL status and future development
Specification
Implementations
Test Suite
Conclusion
Bibliography
Changelog
Introduction
Re-using the same same technologies for sharing documents on the Web to share information and data that can be processed directly by computers is an idea as old as the Web itself.
The Semantic Web, built on the Resource Description Framework (RDF), is the point of reference for sharing computer-processable information on the Web. Howeve"
8.1.08
PHP CURL Code Grabs Feed Subscribers from Google Reader
PHP curl example utilizing cookies, POST, and SSL options to login to Google Reader and fetch the number of subscribers for a particular feed url
read more | digg story
read more | digg story
dblog » curl keeps connections alive
dblog » curl keeps connections alive: "curl keeps connections alive
Just in the last few days we modified curl to enable the SO_KEEPALIVE option on connections it creates. It basically means that curl will now detect connections that are idle after a certain amount of time, even if that time is something around two hours by default and that’s what most systems will have it set to.cURL
The main problem that caused us to finally enable this (you can still disable this by using –no-keep-alive) is when people do (long-lasting) FTP transfers and they use a NAT, firewall or router that detects and removes what it considers are idle connections. An FTP transfer is using two connections, but the control one where the commands are sent over is completely quiet while the actual data transfer is in progress so when the transfer is done, the control connection has been nuked by the router/NAT. Of course curl survives this as good as possible, but it can’t do proper error-checking etc in this situation.
Funnily, there’s no really good fix for the FTP situation since the two hours SO_KEEPALIVE timeout will many times be too long to help (although most modern systems allows you to change the timeout or a system or application level), but the other “obvious” fix is to send a “NOOP” command on the control channel every once"
Just in the last few days we modified curl to enable the SO_KEEPALIVE option on connections it creates. It basically means that curl will now detect connections that are idle after a certain amount of time, even if that time is something around two hours by default and that’s what most systems will have it set to.cURL
The main problem that caused us to finally enable this (you can still disable this by using –no-keep-alive) is when people do (long-lasting) FTP transfers and they use a NAT, firewall or router that detects and removes what it considers are idle connections. An FTP transfer is using two connections, but the control one where the commands are sent over is completely quiet while the actual data transfer is in progress so when the transfer is done, the control connection has been nuked by the router/NAT. Of course curl survives this as good as possible, but it can’t do proper error-checking etc in this situation.
Funnily, there’s no really good fix for the FTP situation since the two hours SO_KEEPALIVE timeout will many times be too long to help (although most modern systems allows you to change the timeout or a system or application level), but the other “obvious” fix is to send a “NOOP” command on the control channel every once"
Internet Architecture Board - IAB Documents
Internet Architecture Board - IAB Documents: "A brief primer on DNS wildcards
The DNS 'wildcard' mechanism has been part of the DNS protocol since the original specifications were written twenty years ago, but the capabilities and limitations of wildcards are sufficiently tricky that discussions of both the protocol details of precisely how wildcards should be implemented and the operational details of how wildcards should or should not be used continue to the present day. This section attempts to explain the essential details of how wildcards work, but readers should refer to the DNS specifications ([RFC 1034] et sequentia) for the full details.
In essence, DNS wildcards are rules which enable an authoritative name server to synthesize DNS resource records on the fly. The basic mechanism is quite simple, the complexity is in the details and implications.
The most basic and by far the most common operation in the DNS protocols is a simple query for all resource records matching a given query name, query class, and query type. Assuming (for simplicity) that all the software and networks involved are working correctly, such a query will produce one of three possible results:
success
If the system finds a match for all three parameters, it returns the matching set of resource records;
no"
The DNS 'wildcard' mechanism has been part of the DNS protocol since the original specifications were written twenty years ago, but the capabilities and limitations of wildcards are sufficiently tricky that discussions of both the protocol details of precisely how wildcards should be implemented and the operational details of how wildcards should or should not be used continue to the present day. This section attempts to explain the essential details of how wildcards work, but readers should refer to the DNS specifications ([RFC 1034] et sequentia) for the full details.
In essence, DNS wildcards are rules which enable an authoritative name server to synthesize DNS resource records on the fly. The basic mechanism is quite simple, the complexity is in the details and implications.
The most basic and by far the most common operation in the DNS protocols is a simple query for all resource records matching a given query name, query class, and query type. Assuming (for simplicity) that all the software and networks involved are working correctly, such a query will produce one of three possible results:
success
If the system finds a match for all three parameters, it returns the matching set of resource records;
no"
What are regular expressions?
What are regular expressions?: "What are regular expressions?
Posix regular expressions are used to match or capture portions of a field using wildcards and metacharacters. They are often used for text manipulation tasks. Most of the filters included in Google Analytics use these expressions to match the data and perform an action when a match is achieved. For instance, an exclude filter is designed to exclude the hit if the regular expression in the filter matches the data contained in the field specified by the filter.
Regular expressions are text strings that contain characters, numbers, and wildcards. A list of common wildcards is contained in the table below. Note that these wildcard characters can be used literally by escaping them with a backslash '\'. For example, when entering www.google.com, escape the periods with a backslash: www\.google\.com
Wildcard Meaning
. match any single character
* match zero or more of the previous items
+ match one or more of the previous items
? match zero or one of the previous items
() remember contents of parenthesis as item
[] match one item in this list
- create a range in a list
| or
^ match to the beginning of the field
$ match to the end of"
Posix regular expressions are used to match or capture portions of a field using wildcards and metacharacters. They are often used for text manipulation tasks. Most of the filters included in Google Analytics use these expressions to match the data and perform an action when a match is achieved. For instance, an exclude filter is designed to exclude the hit if the regular expression in the filter matches the data contained in the field specified by the filter.
Regular expressions are text strings that contain characters, numbers, and wildcards. A list of common wildcards is contained in the table below. Note that these wildcard characters can be used literally by escaping them with a backslash '\'. For example, when entering www.google.com, escape the periods with a backslash: www\.google\.com
Wildcard Meaning
. match any single character
* match zero or more of the previous items
+ match one or more of the previous items
? match zero or one of the previous items
() remember contents of parenthesis as item
[] match one item in this list
- create a range in a list
| or
^ match to the beginning of the field
$ match to the end of"
7.1.08
The Granilus Blog: Using Apache for SSL & GZip Compression Offloading
The Granilus Blog: Using Apache for SSL & GZip Compression Offloading: "Step 4: Enable Compression
Again, in conf/httpd.conf, uncomment the following lines:
LoadModule deflate_module modules/mod_deflate.so
Then, add the following lines to the end of your conf/httpd.conf file:
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
DeflateFilterNote Input instream
DeflateFilterNote Output outstream
DeflateFilterNote Ratio ratio
LogFormat ''%r' %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
CustomLog logs/deflate.log deflate
These configurations will enable compression for HTML, CSS, and JavaScript files, and will also log the compression ratios in a deflate.log file. This helps ensure that compression is working, and you can disable these logs if you no longer need them."
Again, in conf/httpd.conf, uncomment the following lines:
LoadModule deflate_module modules/mod_deflate.so
Then, add the following lines to the end of your conf/httpd.conf file:
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
DeflateFilterNote Input instream
DeflateFilterNote Output outstream
DeflateFilterNote Ratio ratio
LogFormat ''%r' %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
CustomLog logs/deflate.log deflate
These configurations will enable compression for HTML, CSS, and JavaScript files, and will also log the compression ratios in a deflate.log file. This helps ensure that compression is working, and you can disable these logs if you no longer need them."
Improved printenv and test-cgi script
CGI for debugging Server (Apache) environment variables set (in .htaccess files)
read more | digg story
read more | digg story
Subscribe to:
Posts (Atom)