General Informations Online Notebook

http://www.hackingloops.com/2012/09/hacking-websites-using-directory-traversal-attacks.html https://www.owasp.org/index.php/Top_10_2007-Malicious_File_Execution

Original article: http://onearth-syokhabis.blogspot.com/2011/08/how-to-install-modrewrite-to-linux.html?showComment=1360645631881#c3387048594454805636 Error Document 403 "Pencerobohan.. pencerobohan telah dikesan!" RewriteEngine On RewriteCond %{REQUEST_METHOD} (GET|POST) [NC] RewriteCond %{HTTP_USER_AGENT}^.*(nessus|havij|libwww|perl|python|nikto|acunetix|morfeu|w3af).* [NC,OR] RewriteCond %{QUERY_STRING}.*(union|select|cast|char|convert|declare|delete|drop|exec|insert|meta|script|hex|unhex|concat|set|truncate|update|).* [NC] RewriteRule (.*) - [F,L]

grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'

    Disable modsec on certain ip address via .htaccess   SetEnvIfNoCase Remote_Addr ^202\.202\.202\.202$ MODSEC_ENABLE=Off     SetEnvIfNoCase Request_URI ^/images/upload\.php$ MODSEC_ENABLE=Off

Finding web backdoor shells (1) grep -RPn "(system|phpinfo|pcntl_exec|python_eval|base64_decode|gzip|mkdir|fopen|fclose|read file|passthru)" (2) Install GIT and download git clone ssh://git@github.com:Neohapsis/NeoPI.git (see the documentation) (3) grep -RPl --include=*.{php,txt,asp} "(passthru|shell_exec|system|phpinfo|base64_decode|chmod|mkdir|fopen|fclose|readfile) *\(" /var/www/ (4) grep -RPnDskip "(passthru|shell_exec|system|phpinfo|base64_decode|chmod|mkdir|fopen|fclose|readfile) *\(" public_html/ Other Useful Links

if (/^From: .*@conal\.com/) {         log "conal.com disable SPAM filtering"     to "$HOME/$DEFAULT" } if (/^From: .*@atl\.com/) {         log "atl.com disable SPAM filtering"     to "$HOME/$DEFAULT" }}

Option FollowSymLinks not allowed here Virtualmin: To fix change FollowSymlinks to SymLinksIfOwnerMatch