PHP web security, application securize

Sometimes we manage PHP applications to our surprise have been hacked, have replaced the home page, added code in the header of the page, malicious code inserted between the application files (for example sending email spam), etc. ..

Leave some pictures:

 

ataque 405 email sender ataque islamic ghosts team Ataque merdeka

This type of attack is most likely suffer if our application is relatively popular, WordPress, Joomla, Drupal, etc …

The safety improvement plan includes the processes:

We go step by step:

Continue reading

Install different java versions, using them simultaneously in Linux

This may seem trivial, but I have seen many people do not know how to take a single machine, several Java application servers running on different versions of Java

To start for safety as recommended, it is that for every application server we have running, the facility owner is a different user, the same user is running the application server.

In short, for each user you can configure your runtime environment by default, so you do not need to touch anything in the application servers to indicate that Java should use.

Take the example that we want to run Tomcat 8 with Java 8 and Tomcat 6 with Java 6.

 

Continue reading

JBoss Apache ssl, securize communication channel between JBoss and Apache with SSL

Recently a client has requested a securized installation around the information circuit, that is:

todo sslApache is usually configured with SSL and internal communication between Apache and JBoss is done with the AJP protocol, as follows:

no todo sslThe AJP protocol has the advantage over http, which is a binary instead of text communication, this reduces the bandwidth needed to transmit the same information (it is estimated that the bandwidth required is reduced by 25%).

Continue reading

Apache SSL client certificate, configuring Apache to allow access only SSL certificate installed on client

Let’s configure Apache (on an Ubuntu 12) to allow access to clients with an installed SSL certificate personnel, first we have to create some structures to later work with revocation lists.

The first is to have openssl installed:

ubuntu@ip-10-112-31-82:~$ sudo aptitude install openssl

We will create a directory structure that conforms to the expected paths for the configuration file openssl.cnf:

Source   
ubuntu@ip-10-112-31-82:~$ mkdir -p /vol/apache2_certs
ubuntu@ip-10-112-31-82:~$ cd /vol/apache2_certs/
ubuntu@ip-10-112-31-82:/vol/apache2_certs$ sudo cp /etc/ssl/openssl.cnf .

The openssl.cnf file defines a directory structure to work among other things with lists of denial of certificates, will edit and modify the line:

Continue reading

Apache LDAP authentication

The most basic authentication can be configured on a Apache is access by file, but in this post we will see how to configure Apache to authenticate users against an LDAP.

The advantages are obvious, we can use a centralized authentication LDAP directory, either to validate us in applications or to access the web services of the company.

For the examples we have used a Ubuntu 12.04 and Apache 2.2, the first thing we have to do is install the necessary Apache modules and activate them:

Source   
sudo aptitude install libapache2-mod-ldap-userdir
sudo a2enmod authnz_ldap

Continue reading

JBoss 7 installation domain (several servers on the same machine)

Although I have considerable experience in application servers (WebLogic and Apache Tomcat above), this is the first entry I’ll do about it.

JBoss version 7 can say that is impressive (http://www.jboss.org/jbossas) regarding version 6. Everything is much more organized and allows the creation of domains and server groups where deploy / maintain applications centrally.

In this case we will have to install a domain JBoss 7 prepared for high availability and replication session (later configure a balancer to test this).

The official documentation on:

Continue reading

JBoss 7 domain expand (new server machine outside the controller)

This post is the continuation of JBoss installation domain.

On the basis of the previous article, we will expand the domain to a new server on another machine increasing service availabilities.

The new machine will be called clu02 (IP 192.168.128.221), it will connect to clu01 (Domain Controller (DC) IP 192.168.128.220) and the final structure will be:

Steps to follow:

Continue reading