Comment Posting Issue and Other Misc.

Posted 541 days ago - Debian, Development, Off-topic, Security, Wordpress · 1 Comment

Rapid7 Logo Unfortunately, if you've posted a comment to a Nullamatix.com post between July 24th and August 29th, they weren't submitted to the queue for approval. This was due to a php.ini setting modification in an effort to enhance security. My apologies if anyone wrote a novel during this time frame. The issue has been resolved and the comment submission form is now working as intended.

Continue reading Comment Posting Issue and Other Misc.

Howto: XCache in a Lighttpd Chroot on Debian

Posted 682 days ago - Debian, Development · 1 Comment

PHP Logo Whether you're pressed for resources on a virtual/dedicated server, or simply looking for ways to improve web application performance, XCache is guaranteed to produce the desired result. Within minutes of installing XCache: page load times were cut in half, PHP/MySQL RAM consumption was under control, and overall PHP rendering/output performance dramatically improved. In this post I'll go over the process of installing, configuring, and enabling XCache in a php5-cgi+Lighttpd chroot jail on a Debian Lenny web server.

Continue reading Howto: XCache in a Lighttpd Chroot on Debian

DWM on Wikipedia Marked For Deletion

Posted 727 days ago - Development, Off-topic · 1 Comment

Anselm, the "inventor of dwm" shared this information with the suckless mailing list yesterday. Apparently, Wikipedia has flagged the dwm (dynamic window manager from suckless.org) article for deletion. Anselm says he's neutral and shared his thoughts on the Wikipedia Page, but what does this say about Wikipedia? A community built on free and open source software that promotes a free and "open" encyclopedia is now purging FOSS pages? Why, because Microsoft.com doesn't have anything to say about dwm?

Continue reading DWM on Wikipedia Marked For Deletion

New Tool: IP Range to CIDR

Posted 766 days ago - Development · 2 Comments

IP Range to CIDR Screen Shot At least twice a week I find myself visiting ip2cidr.com, the IP to CIDR converter. Since the owner/author of the site hasn't release the source code, and I love a challenge, I developed my own version. The guys at the job find the tool useful, and after a few minor bug fixes, I've made the IP Range to CIDR tool available for use here at Nullamatix.com.

Continue reading New Tool: IP Range to CIDR

Hide WordPress Update Nag Without a Plugin

Posted 777 days ago - Development, Wordpress · Leave a Comment

For those who don't know, WordPress 2.9.1 was released a couple days ago. As a result, the "WordPress 2.9.1 is available! Please update now." nag is plastered at the top of the admin interface. Since installing yet another unnecessary WordPress plug-in for something so simple seems pointless, I came up with a quick and easy to implement WordPress hack. Don't even bother continuing unless you're comfortable editing a core WordPress file.

Continue reading Hide WordPress Update Nag Without a Plugin

WordPress Hacks Worth Implementing

Posted 788 days ago - Development, Wordpress · Leave a Comment

Combat Comment Spam

Most spammers aren't clever enough to populate the REFERER header. This code snippet is not only extremely easy to implement, but pretty effective, too. Open up your themes functions.php and drop in the following:

Continue reading WordPress Hacks Worth Implementing

New Tool: Daily [Mod] Security Reports

Posted 789 days ago - Development, Security · Leave a Comment

After the Lighttpd mod security post and the DDoS attack that followed, I began working on a script that parses the Lighttpd server-error.log and inserts matched records into MySQL. The result? Check it out here: security.nullamatix.com Daily Security Reports. With the abundance of ideas I have for the project, it's far from complete, but definitely worth a beta release. Plans for the future include, but aren't limited to:

Continue reading New Tool: Daily [Mod] Security Reports

529 Attacks in 9 Days: id1.txt, RFI, & More

Posted 804 days ago - Development, Security · 3 Comments

Long time Nullamatix readers know how much I love reviewing log files. Logs can provide detailed incite into not only the overall health of a system, but information one can use to mitigate the risks of automated attacks. In this post, I'll go over a couple ways to harden a PHP enabled web server and hopefully prevent: fx29id1.txt, id23.txt, id.txt, id1.txt, fxid.txt, one.txt, fx1.txt, and several other automated attacks from successfully exploiting common weaknesses.

Continue reading 529 Attacks in 9 Days: id1.txt, RFI, & More

3 Pages: 1 2 3 ยป