Typically Apache’s RewriteRule sets from mod_rewrite go in .htaccess files, but sometimes you have a good reason to put them in your general server config instead: your httpd.conf or apache2.conf file (or a file you Include from one of those). If you’ve done this before, you’ve probably been surprised that it didn’t work quite the […]

So, the bad guys got your FTP password… And perhaps this wasn’t the first time. Often you’ll see this same issue on multiple accounts before you start to see the trend. So, how do you protect yourself? First of all, does he really know the password? The simplest way to check to see if the […]

At TL Tech we spend a lot of time tracking down hackers. What we find often illustrates important lessons in what not to do in web security. In this example, a user was a victim of a previous attack caused by a vulnerable PHP extension that has since been removed. The site owner evicted the […]

Do sites on your server have one of those “Tell A Friend” forms where visitors can instruct your server to send out email on their behalf? And do you find your server consistently on spam blacklists? Well, now you know why.

If someone knows your email address, then they they know where to to go to check your email. Though you didn’t realize it at the time, now you just gave them the password. Whoops.