quick-and-dirty PAM with LUA, mod_magnet and lighttpd -or- how to breach system security

Posted by: admin  :  Category: Programming, RegExp, Security, Shells

Be warned: This example serves as an illustration on how to *NOT* do it.
It’s just one of my examples I teach to apprentices at the office when it comes to learning scrips, and how important data input validation (or the absence of the same) is.
It’s also a good illustration on how attackers may break into systems to steal data or make them part of a botnet.

The given situation depicts a lighttpd server, which exposes a directory which must be protected via LDAP-managed accounts, so there is an immediate need for PAM. However, lighttpd lacks a PAM implementation. Period. There’s a very ugly and highly insecure way however …

Read more…

Obfuscated PHP code in WordPress Themes or PHP scripts may be a security hole!

Posted by: admin  :  Category: PHP, Programming, Security

Gosh, some things really shouldn’t be done!
One thing for example is that stupid attitude to “scramble” PHP code by nesting it a zillion times using eval(), gz_deflate(), base64_encode() and str_rot13.
You find this in some “freely” available PHP scripts and some WordPress Themes as well. Actually nobody seems to care, that this may be well worth considering as a huge security hole!
Read more…

De-Scrambler for obfuscated PHP code

Posted by: admin  :  Category: PHP, Programming, Scripting, Security

Thinking about security risks of obfuscated PHP code found in some freely available PHP scripts and WordPress themes, I wrote a quick’n’dirty De-Scrambler.
Read more…

Protecting A Dialin Infrastructure From Spammers

Posted by: admin  :  Category: Security

Back in 2002, the guys at init7 have developped a concept to protect anonymous dial-in from being abused by spammers.

The original concept as outlined here consists basically of three combined efforts:

#1 Redirect SMTP Connections to a SMTP proxy on the core router

#2 Enforce rate limits on the SMTP proxy

#3 Temporary reject source IP which have exceeded their limits

Inspired by the basic concept I started to implement it at our site.
Read more…