Recent Entries
- Recovering from a Broken Partition Table
- RewriteRule in htaccess vs httpd.conf
- Running PHP through mod_fcgid
- How They Got Your Password
- Installing mod_reqtimeout on cPanel
- Following the Hacker — passwords
- Using Nginx as a reverse-proxy
- Dead-simple templates in PHP
- Tell-a-friend SPAM
- PHP mail via SMTP
View by topic -- Security
This listing shows articles relating to this single topic, making it easier to find all the articles that deal with a given subject.
How They Got Your Password
So, the bad guys got your FTP password… And perhaps this wasn’t the first time. Often you’ll see this same issue on multiple accounts before you start to see the trend. So, how do you protect yourself? First of all, does he really know the password? The simplest way to check to see if the […]
Following the Hacker — passwords
At TL Tech we spend a lot of time tracking down hackers. What we find often illustrates important lessons in what not to do in web security. In this example, a user was a victim of a previous attack caused by a vulnerable PHP extension that has since been removed. The site owner evicted the […]
Dead-simple templates in PHP
Often what you’re really looking for is just a simple master template inclusion system. Allow me to introduce an alternative. It’s simple, it’s intuitive, and it’s easier to work with than whatever mess you narrowly avoided making.
Tell-a-friend SPAM
Do sites on your server have one of those “Tell A Friend” forms where visitors can instruct your server to send out email on their behalf? And do you find your server consistently on spam blacklists? Well, now you know why.
Force SSL with .htaccess
Here’s a generic .htaccess excerpt that you can use to redirect users to the SSL-enabled version of the page they requested. Just drop it into any directory you want to enforce security on, and you’re done (no modification necessary).
Referrer Checking with .htaccess
Referrer checking is a mechanism to restrict the way web resources are used. You can cut-and-paste this code into any domain without having to change anything about it.
Protecting Your Email Account
If someone knows your email address, then they they know where to to go to check your email. Though you didn’t realize it at the time, now you just gave them the password. Whoops.