Wordpress (Japanese SEO) hack extracting and executing code from uploaded ZIP file

Published on August 26th 2022 - Listed in Security Wordpress PHP Hacks - comments

Postfix rejects all incoming e-mails with message: blocked using zen.spamhaus.org; Error: open resolver

Published on August 4th 2022 - last updated on August 11th 2022 - Listed in Mail Internet Security Linux - comments

Error: OID not increasing when parsing SNMP output of Checkpoint VSX

Published on July 15th 2022 - Listed in Linux Security Monitoring - comments

Cloudflare: How to show a maintenance page but continue traffic to origin server from whitelisted IPs

Published on July 14th 2022 - Listed in Cloud Security Internet - comments

Cloudflare managed WAF rule blocks Confluence page edit close request (doeditpage.action)

Published on June 22nd 2022 - Listed in Atlassian Security Internet Cloud - comments

How to detect and fix (mitigate) SSL/TLS renegotiation DOS vulnerability in Postfix

Published on June 20th 2022 - Listed in Mail Internet Security SSL TLS Linux - comments

check_http and OpenSSL 1.1.1 - an evil combo due to backward incompatibility with older OpenSSL versions?

Published on March 17th 2022 - last updated on March 23rd 2022 - Listed in TLS SSL Security Monitoring Linux - comments

How to add secure cookie flag on Jira (or any Apache Tomcat) server

Published on March 9th 2022 - Listed in Atlassian Tomcat Security TLS SSL - comments

Handling validity check failed and empty client certificate chain errors in Elasticsearch

Published on March 1st 2022 - last updated on March 7th 2022 - Listed in Elasticsearch ELK Monitoring TLS SSL Security - comments

Technical analysis of Wordpress hack with PHP script lock360.php as running process (reading PHP code from memory)

Published on February 22nd 2022 - last updated on June 30th 2022 - Listed in PHP Security Linux Hacks Wordpress - comments

New vulnerability exploits lead to mass hack attacks on multiple Wordpress installations

Published on February 18th 2022 - last updated on February 22nd 2022 - Listed in Security Wordpress Internet Hacks - comments

Interface name change in SNMP output after Checkpoint upgrade (R80.30 to R81.10) leads to monitoring issues

Published on January 21st 2022 - Listed in Monitoring Security Network - comments

How to enable missing secure cookie attribute in Roundcube webmail

Published on January 19th 2022 - Listed in Roundcube Cloud Mail Security - comments

SNMP v3 authentication with SHA1 protocol not working after Checkpoint Gaia upgrade to R81.XX

Published on January 18th 2022 - last updated on May 2nd 2022 - Listed in Monitoring Security Network - comments

How to remove a (alternative) domain from a Lets Encrypt (SAN) certificate using certbot

Published on January 17th 2022 - Listed in Security TLS Internet - comments

Using Nginx and LUA script to mitigate against Log4Shell (CVE-2021-44228) vulnerability attacks

Published on December 12th 2021 - last updated on December 15th 2021 - Listed in Nginx Security Internet - comments

Monitoring plugin check_smart 6.12.1 released: Security fix, NVMe perfdata fix, Erase_Fail_Count_Total

Published on December 10th 2021 - last updated on December 10th 2021 - Listed in Hardware Monitoring Security - comments

How to use AWS command line (CLI) with Google Authenticator as virtual MFA device

Published on November 22nd 2021 - Listed in AWS Security Linux Cloud - comments

Lets Encrypt Root CA expiry (server certificate verification failed): Make sure to remove DST Root CA X3!

Published on October 7th 2021 - Listed in Internet TLS Security SSL Linux - comments

Nginx reverse proxy error: SSL alert number 40 while SSL handshaking to upstream server (SSL server name)

Published on August 30th 2021 - Listed in Nginx Security TLS - comments

How to secure the Plesk Panel with a Lets Encrypt certificate (and solve port 8443 problem)

Published on August 24th 2021 - Listed in Internet TLS Security Cloud SSL - comments

Nginx reverse proxy error: SSL alert number 47 while SSL handshaking to upstream

Published on July 14th 2021 - Listed in Nginx Security TLS - comments

APT repository changes its Suite value from stable to oldstable: This must be accepted explicitly before updates for this repository can be applied

Published on July 6th 2021 - last updated on April 22nd 2022 - Listed in Linux Security - comments

How to solve apt error server certificate verification failed

Published on June 4th 2021 - last updated on October 7th 2021 - Listed in Linux TLS Security - comments

Monitoring plugin check_smart 6.9.1 released: Security fix in pseudo-device path

Published on April 8th 2021 - last updated on October 15th 2021 - Listed in Monitoring Hardware Security - comments

After upgrading Linux Mint (Ubuntu), attachments in KeePass 2 do not open anymore: Access denied

Published on March 15th 2021 - Listed in Linux Security - comments

Protect your Wordpress blog from brute force login attacks

Published on February 1st 2021 - last updated on February 2nd 2021 - Listed in Wordpress Security Hacks - comments

Lets Encrypt certbot unable to issue certificate, missing command line (Please choose an account)

Published on January 6th 2021 - Listed in TLS SSL Security Linux - comments

Fixing Perl script using LWP unable to connect to TLS 1.2 URL; failing with sslv3 alert handshake failure

Published on November 2nd 2020 - Listed in Perl Coding Security TLS - comments

Monitoring expiration dates of all ssl/tls certificates in the chain (intermediate and root ca)

Published on June 10th 2020 - Listed in SSL TLS Linux Monitoring Internet Security - comments

Running Harbor registry (Docker repository) behind reverse proxy and solve docker push errors

Published on May 5th 2020 - Listed in Docker Kubernetes Containers Security - comments

How to detect Ghostcat AJP vulnerability (CVE-2020-1938) in Apache Tomcat

Published on April 2nd 2020 - Listed in Security Tomcat Linux Apache - comments

Using ELK to collect Nginx logs and show TLS version and ciphers used by HTTP clients

Published on March 27th 2020 - last updated on September 30th 2020 - Listed in ELK Filebeat Nginx Internet TLS Security - comments

How the X-Cache HTTP header information (HIT, MISS) was abused for targeted attacks on our systems

Published on March 13th 2020 - Listed in Security Internet Varnish Hacks - comments

Windows 10 and Server 2016 clients block access to (Samba) shares with public guest account: Technical analysis and workaround for event 31017

Published on July 22nd 2019 - Listed in Windows Linux Security Samba - comments

Local users becoming root using su without password authentication due to wrong PAM config

Published on July 4th 2019 - Listed in Linux Security - comments

How we successfully deflected a layer 7 DDOS attack with Nginx and GeoIP

Published on June 27th 2019 - Listed in Nginx Internet Security - comments

Debian Wheezy LXC container not running on Stretch host with Kernel 4.18 bpo anymore (a vsyscall story)

Published on May 13th 2019 - last updated on July 2nd 2021 - Listed in Linux LXC Security Containers - comments

Letsencrypt certificate renewal behind http proxy fails with unexpected error: bad handshake

Published on March 18th 2019 - Listed in SSL TLS Security Internet OSSEC - comments

How to manually clean up Zoneminder events (and respect archived events)

Published on December 14th 2018 - last updated on October 17th 2020 - Listed in Zoneminder Surveillance Linux Security - comments

Ignore systemd log warning Failed to reset devices.list: Operation not permitted in OSSEC

Published on July 31st 2018 - Listed in Linux LXC OSSEC Security Systemd - comments

Firmware-Upgrade of a Dahua IPC-HFW1320S network camera

Published on April 18th 2017 - Listed in Hardware Security Network - comments

Allow SSH access based on GeoIP country

Published on November 3rd 2016 - last updated on November 13th 2019 - Listed in Linux Security - comments

Move an iptables firewall rule up the chain before a reject rule

Published on February 4th 2016 - last updated on May 7th 2021 - Listed in Linux Security Network - comments

fatal: Access denied for user by PAM account configuration

Published on July 29th 2015 - Listed in Linux Security - comments

Using Nagios check_smtp -S without SSLv3 (sslv3 alert handshake failure)

Published on October 21st 2014 - Listed in Nagios Monitoring Security Internet Mail - comments

Network Intrusion Detection System with Suricata on Debian Wheezy

Published on October 8th 2014 - Listed in Security Linux Network - comments

Joomla CMS hacks by using vulnerability in com_fabrik

Published on January 26th 2012 - Listed in Internet PHP Hacks Security - comments