Archive for February, 2009

Things Move On.

by: WanderingTechy February 22, 2009

Sometimes things move on and technology tramples on you. It’s not that technology doesn’t care, by its very nature it can’t. In some situations the use of technology is so positive that the consequences are not even considered.
This picture sums it all up for me unfortunately.

This one image represents a whole rant [...]

How to RickRoll WordPress Spammers

by: WanderingTechy February 12, 2009

Fed up of a Persistant spammer, This is how to RickRoll Persistant WordPress Spammers.

phpList exploit and ModSecurity Rule

by: WanderingTechy February 9, 2009

In case you weren’t aware phpBB.com was breached using an exploit in phpList. Here is a quick and very dirty rule to protect your servers while you get phpList updated.
SecRule ARGS_NAMES “ConfigFile” “deny,log,auditlog,redirect:http://127.0.0.1″
Anyone passing the Argument ConfigFile via the URL needs shooting >.<
Please note the fix that phpList have released fixes this problem but [...]

Kaspersky WebSite Database Breached.

by: WanderingTechy February 9, 2009

http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/
I am only surmising from the limited information I can see here that ModSecurity would have protected them? Comments on this one welcome…
Rule 959001 does seem to cover the “SelECT” part of the URL in the screen shots but when I try a random url with this string in it on my website [...]

We’ve had Bushisms now we have Brownisms

by: WanderingTechy February 8, 2009

I am sure we all have our favorite Bushisms and favorite video clips where Bush pulled a Boner. El Gordo does seem to want to keep up with him now though. With Bush giving us classic lines such as “The problem with the French is that they have no word for Entrepeneur” you [...]

BBC iPlayer and KService.exe looked like a Worm

by: WanderingTechy February 8, 2009

I noticed the activity light on my router at home going crazy last night. I initially thought it was Thunderbird checking all my Imap accounts but after 5 minutes it was still going.

Validate uk postcodes in php

by: WanderingTechy February 5, 2009

Nominet requires that the uk postcode be in a valid format, this is a routine I wrote many years ago but still works today.
Code after the break

Header images and titles

by: WanderingTechy February 5, 2009

As you can see by looking at the top of this page I am no graphics artist or photography expert. At the risk of being very cheeky, If anyone can offer an image to replace the above one I would be incredibly grateful and will of course provide full credit and a link [...]

Mod Security Application Specific Rules

by: WanderingTechy February 4, 2009

Ofer Shezaf at xiom.com has created a list of Application Specific Rules for ModSecurity. He is actively looking for these rules so it should be updated quite regularly I think.
Ofer Shezaf was one of the Team that brought us ModSecurity in the first place although he is no longer there. You can still [...]

ModSecurity and PHPMyAdmin

by: WanderingTechy February 2, 2009

Too many ModSecurity rules trip up PHPMyAdmin so I decided to find another way to protect it. I personally use the .htaccess password protection and then disable ModSecurity totally for this directory. It is also advisable to use a totally unique directory name so that it can’t be guessed.