If you’re on a shared hosting server, you should be extremely careful to apply the correct permissions to your configuration files. Failure to do so, can leave them open to viewing by other users on the server. It’s then a trivial matter for the user to connect to the database server and modify posts. steal customer data and so on.

Continue reading Are your config files secure?…

Keep-Dead DoS

I spent some time reading through the HTTP protocol, for another project. After playing around, I discovered that even with very limited bandwidth, you can perform an effective denial of service(DoS) attack against a web server.

Back in the day, when botnets were a rarity and bandwidth came at a premium, most DoS attacks relied on tying up services (e.g Apache) with fake requests. It didn’t take long for software makers to adapt to these attacks and come up with effective filters.

Continue reading Keep-Alive DoS Script…