Category Archives: Security

peek the source – Another troubleshooting method for open source software

Today I read a security article on the nginx fastcgi PATH_INFO (Chinese version on 80sec). I currently maintain several sites with nginx+php-fpm, so I decide to do some test and see if my configuration is in danger. However, when I … Continue reading

Posted in Security, Web | Tagged , , , , | Leave a comment

php security: disable functions

Case Study: Some small hosting company provides web hosting service to its clients. The machine runing web server also acts as an email server, which function very well. Then one day, one of its client wrote some php scripts, which … Continue reading

Posted in Email, Security, System Administration, Web | Tagged , , , | Leave a comment

fraud email alert – IRS Notification

Recently, I have identified some fraud email which have the words “IRS Notification” in subject. Subject: IRS Notification of Your Fiscal Activity xxxxxx X-PHP-Script: intalcare.com/css/lib/a.php for 66.36.229.146 Date: Tue, 15 Feb 2011 10:14:18 -0600 From: Internal Revenue Service Message-ID: X-Priority: … Continue reading

Posted in Security, System Administration | Tagged , | Leave a comment

Been hacked,Wow!!!

以前,在还没接触计算机及网络的时候,从一些新闻,电影片段中,知道黑客这一神秘角色,那时便对他们总有一种莫名的崇拜:他们有着精湛的技术,可以在广袤的网络中自由飞翔;他们身怀绝技而又坚持正义,维护公众利益。多酷啊,像是古代的侠客! 后来,知道还有骇客/怪客(cracker),以及脚本小子(script kiddies)那样的角色。于是觉得,原来计算机的世界也和现实世界一样,武艺超群的,可能是警察,也可能是杀手。拿枪的人,可能是个孩子,却也能要你的命。 之前有个朋友问我,被人黑掉(been hacked)是什么效果?我说不知,没被人黑过,不过我倒想见识下被人黑是什么感觉。今天终于如愿以偿了(^_^) 。 有个客户说他们基于Zen Cart 的一个网店管理员无法登录了,让帮忙重置下密码。我进入Zen Cart的管理员界面,发现那里已经有一个Resend password的功能,可以通过email地址取回密码,我就暗笑。然而客户回复说,填写email了还是没用,而且确定他们的email绝对没错,也一直没有修改过。嗯,那样的话,只能进入DB看看了。在DB中,找到admin表,列出里面的管理员账号,与客户核对,客户一看,不好,那些账号之前都没有的,而他们自己一直用的账号却不见了。难道……?看起来情况不妙。 我继续在DB里面检视,发现还有个admin_activity_log表,不由得赞叹, Zen Cart设计者为我想得真周到!把里面的数据反复浏览,发现有些异常的记录: access_date |admin_id|page_accessed |page_parameters | ip_address ************************************************************************************* ‘2010-05-21 15:24:43’| 0| ‘password_forgotten.php ‘| ‘action=execute&’| ‘118.97.15.19’ ‘2010-05-21 15:25:23’| 0| ‘login.php ‘ | ” | ‘118.97.15.19’ ‘2010-05-21 15:25:51’| 0| ‘login.php … Continue reading

Posted in Security, WEB Application | Tagged , , , | 1 Comment