Category: webserver

  • Build a botnet – without infecting end-users

    The idea is not new: get a lot of users to view a given webpage, to DDoS the webserver / backend (depending where the bottlenecks are). If I recall correctly, some student asked the visitors of his website to continuously refresh the page of his university and got charged for it. As many have remarked…

  • Installing the webhoneypot on OpenWrt

    This is a raw tutorial for installing webhoneypot on a router running OpenWrt. The used version is Kamikaze 8.09 (this can be important because commands change between version). The tutorial is not 100% complete and I will update it in the future when I learn new information. An other assumption I make is that you…

  • New years resolution for webmasters

    Graham Cluley gives some advice on the Sophos blog on how to secure your website. Unfortunately he can’t resist touting the companies horn, rather than suggesting a much more effective solution for this scenario: whitelisting. First of all, files on a webserver need to change very rarely. Executables almost never and it is useful to…

  • How to make sure that your webserver isn’t blocket by the ISP?

    First of all, if it says in your contract that you can’t run servers, doing so may result in your connection being cut, so do this on your own risk! Second of all, I don’t advocate running websites on a home machine. Get a VPS! All this said, if you do run a webserver on…

  • Hack the Gibson – Episode #62 – sort of

    How to have your cake and eat it too? Sorry for the lack of posts recently, but I’m just swamped at work and I also have to buy books from time to time. However I can say that I have several javascript and perl goodies prepared and soon I’ll post them The recent show was…

  • Things you (probably) didn’t know about your webserver

    Today’s webservers are incredibly complex beasts. I don’t know how many of the people operating Apache have read the full specifications. I sure didn’t. So it should come as no surprise that there are hidden features in our servers (and some of them turned on by default), which can weaken our defenses. There are two…