May 7, 2017
· 2 minute read
linuxhow to
For those of us running our own mail server,
If you see a sequence of log entries similar to the following:
May 6 13:34:59 vps postfix/submission/smtpd[1294]: connect from unknown[1.2.3.4] ... May 6 13:35:08 vps postfix/submission/smtpd[1294]: NOQUEUE: filter: RCPT from unknown[1.2.3.4]: <unknown-user@your-domain.com>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<unknown-user@your-domain.com> to=<remote-user@example.com> proto=ESMTP helo=<your-domain.com> May 6 13:35:08 vps postfix/submission/smtpd[1294]: 6FE52C0FDA: client=unknown[1.2.3.4], sasl_method=PLAIN, sasl_username=valid-user@your-domain.com Then it is very likely your users credentials are being fraudulently used to send emails from your server.
Read On →
Apr 10, 2017
· 1 minute read
windowspowershell
For the Windows users amongst us there is a simple way of testing if a port is open on a remote server.
If the port isn’t open this test will return a simple diagnostic telling you why.
Start Powershell on your PC and execute these commands :
# Create a TCP client object PS> $tcp = New-Object System.Net.Sockets.TcpClient # Try to connect to the specified port on the server PS> $tcp.
Read On →
Sep 22, 2016
· 2 minute read
linux
There are many arguments for using a hosting provider, among the most obvious:
* Your server is (you hope) updated and patched regularly.
* The software running on the server is (you hope) updated regularly.
You may also opt for a specialist hosting provider, one that hosts your chosen application.
Similar arguments apply, why do it yourself when someone else will do it for you?
I’ll tell you why we look after our own servers.
Read On →
Sep 17, 2016
· 1 minute read
web
We support a Wordpress site for an organisation that recently passed it’s regular PCI compliance scan.
Part of that scan is to check if a Wordpress site allows user enumeration, it should not.
To check your own site, the test for Wordpress user enumeration is relatively straightforward:
If your site allows it then this test will list the top 5 author usernames:
# Enumerate Wordpress users $ for i in {1.
Read On →
Sep 15, 2016
· 2 minute read
databasemysql
Development environments Self contained development environments.
Laragon Windows only but very comprehensive.
Everything you need for website development in one portable stack, i.e. the installation folder can be moved at will.
Kalabox Similar idea to Laragon, everything you need for development in a single install.
Cross platform and more heavyweight than Laragon, based on Virtualbox and Docker containers.
MySQL Bit of a problem this a.m.
Added a user (me) to a local mysql install, subsequent attempt to grant all privileges failed, e.
Read On →