Gabriel Harper's Blog

Once in a while you might run into a suspicious IP address accessing your website. Maybe it’s doing something funny like probing for vulnerabilities, or just spamming the heck out of your server. Being a responsible webmaster, you decide to ban the IP address from your server completely – but how? Using Apache Web server it’s easy to ban a single IP address, ban multiple IP addresses or ban an entire IP range using the .htaccess file.

(more…)

Here’s a simple trick you can use to test DNS changes on a Windows PC. You can fake or override DNS lookups by manually entering an IP address for any domain name you want. Use it to see if yoursite.com looks OK on the new server or IP address before DNS makes it around to you.

(more…)

Linux sometimes dumps a huge file when a script crashes. These core files can build up and eat away valuable disk space. Some other methods of deleting core files will damage your server. Here are a few simple commands I use to find and delete these core dump files safely.

(more…)

A good friend recently provided me with some dead-simple instructions on how to use GPG in linux so we could share a few sensitive files. I have edited them slightly and with his permission I will share them with you.

(more…)

The latest Jelsoft security bulletin, dated this August 18th, 2008, has announced the discovery of a new XSS flaw related to JavaScript escaping. This flaw could allow unauthorized users to carry out unauthorized actions or obtain access to a user’s account. vBulletin patch releases 3.7.2 PL2 and 3.6.10 PL4 have been released to address the new XSS flaw, discovered by Federico Muttis.

(more…)

Jelsoft just announced a new patch level release for vBulletin 3.7.1 and 3.6.10. vBulletin 3.7.1 PL2 and 3.6.10 PL2 are intended to address the deeper issues behind the XSS flaw first noted in vBulletin 3.7.1 PL1 and 3.6.10 PL1. According to the Jelsoft release annoucement 3.7.1 PL2 and 3.6.10 PL2 fixes an XSS flaw affecting the URL redirection system in vBulletin.

(more…)

Jelsoft has just announced a security update for vBulletin forum software that resolves a cross-site scripting (XSS) error. These are patch level fixes for the existing vBulletin 3.7.1 and 3.6.10 versions that focus on the XSS flaw.

According to the Jelsoft announcement:

…it is difficult to exploit the XSS flaw, and the potential for exposure and damage is limited…

However, the implications of the flaw are not entirely clear in the announcement. Has anybody out there had problems with this cross-site scripting error?

cPanel just announced the release of cPanel 11.23 which focuses on some key issues with cPanel. According to cPanel’s blog announcement the cPanel 11.23 release focuses on memory usage, mail efficiency, backups and users. cPanel server admins are getting pretty excited about the performance increases in cPanel VPS optimized, and 11.23 addresses memory usage with VPS optimized and Tailwatch.

(more…)

More fun in the Webmaster world of updates. Jelsoft today announced vBulletin 3.6.10, including various backported bugfixes from 3.7.0 but primarily to fix a cross-site request forgery (CSRF) in vBulletin 3.6.9.

(more…)

I just read about the new version of Cpanel / WHM that is supposed to use much less memory on Virtual Private Servers (VPS). Aside from the obvious benefit of freeing up resources and improving performance and capacity, cPanel also points out the benefits of being more eco-friendly than standard cPanel releases. I’m not sure how efficiently cPanel VPS Optimized translates into less energy consumption, but I’ll just take their word for it. This is exciting news for me, because I run many domains hosted on multiple VPS with cPanel/WHM.

(more…)

It was just announced that the Horde webmail application has been updated to version 3.1.7 to address the arbitrary file inclusion vulnerability found recently. cPanel has also performed upgrades in the PHP application security model for Horde, PHPMyAdmin, and PHPPGAdmin. It is recommended that all cPanel users update immediately. You can update with WHM under “Upgrade to Latest Version” or check your version with command line:

(more…)

After upgrading to PHP 5.2.5 and Apache 2.6.9 using the new easyapache3 scripts (WHM > Software > Apache Update) I was still left without Zend Optimizer. WHM and easyapache3 installed Zend Optimizer (located in /usr/local/Zend/lib/Optimizer-3.3.0/) but after some mucking about I made the mistake of running /scripts/installzendopt – previously used to install Zend Optimizer with a step-by-step installer.

(more…)

Admins running cPanel w/ Horde should pay special attention to the security update released by cPanel. An arbitrary file inclusion vulnerability was discovered in the Horde webmail app and a patch is included in cPanel builds 11.18.2+ (11.19.2+ for EDGE).

(more…)