In Apache HTTPD server normally when you have no index or default page in a directory, a visitor may be served with a full list of files in that the directory.在Apache的httpd服務器通常當您有沒有索引或默認頁在一個目錄，訪問者可送達的完整清單，檔案在該目錄中。 This could pose a serious security risk.這可能構成嚴重的安全風險。 It also exposes your files to the world at large, allowing them to be indexed by search engines and at the least pose privacy risk.它也暴露了您的檔案，以世界上的大，使他們能夠建立索引的搜索引擎，並在至少構成隱私的風險。 There are well known Google hacks which exploit this feature.有著名的Google黑客攻擊，其中利用此功能。 To stop default directory listing, add this to the htaccess file.停止默認的目錄列表，添加此向htaccess的文件。

Read more (137 words) » 閱讀更多（ 137字） »

On running ./configure in dansguardian (web content filter for Linux), I got the following error - configure: error: pcre-config not found!對運行。 / configure在dansguardian （ Web內容過濾器為Linux ） ，我得到以下錯誤-配置： 錯誤： p cre-配置沒有發現！
configure: WARNING: Cache variable ac_cv_prog_PCRE contains a newline. . 配置：警告：快取記憶體變ac_cv_prog_pcre包含一個換行符。 The solution, as usual, is simple:該解決方案，一如以往，很簡單：
Read more (49 words) » 閱讀更多（ 49字） »

Every major & minor version of WordPress (1.5, 2.0, 2.1…) comes with teething problems which are then fixed in patch releases.每一個主要＆次要版本WordPress的（ 1.5 ， 2.0 ， 2.1 … … ）來與暫時性的問題是，然後固定在修補程序發布。 Will WordPress 2.5 release finally break the curse?將在WordPress 2.5發布終於打破詛咒？ Maybe not…也許不是…

Read more (400 words) » 閱讀更多（ 400字） »

Suhosin is an advanced protection system for PHP installations. suhosin是一種先進的保障制度，對於PHP設施。 It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.這是旨在保護服務器和用戶從已知和未知的漏洞，在PHP的應用和PHP核心。 Suhosin comes in two independent parts, that can be used separately or in combination. suhosin來在兩個獨立的部分，可以分開使用或在組合。 The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.第一部分是一個很小的修補程序對PHP核心，即實行少數低級別的保護，對bufferoverflows或格式字符串漏洞和第二部分是一個功能強大的PHP擴展執行的所有其他保護。

Read more (141 words) » 閱讀更多（ 141字） »

You never worry about your site security until after your site has been hacked for the first time.你永遠不擔心您的網站的安全，直至您的網站之後，已被砍死，為第一次。 It is always a moment of truth, when you first realize how vulnerable you (your site & your data) truly are.它始終是一時刻，真理，當您第一次實現多麼的脆弱，你（您的網站與您的數據） ，真正是。 You have probably dozens of scripts running on your server ranging from weblog software, comment form, maybe a CMS like Mambo or Joomla, not to mention your home-grown scripts.您有可能幾十腳本運行在您的服務器上，從博客軟件，評論的形式，可能是細胞質雄性不育像曼波或joomla ，更遑論你的土生土長的腳本。 Have you ever had them audited?您有沒有遇到過他們審計？ Do you always keep updating them whenever a new release is available?你總是不斷更新他們每當一個新版本是可用的？ Do you run all your applications and scripts in chroot jail?你運行您所有的應用程序和腳本在chroot監獄？ Do you regularly check for rootkits?你是否定期檢查的rootkit ？ The answer to most of the above is probably no.答案上述大部分可能是沒有。 The truth is that any of them can lead to your site and data being compromised.事實真相是，他們任何可導致您的網站和數據受到損害。 In this context an intrusion detection system can provide you early warning when something goes wrong so you can fight it.在這方面的入侵檢測系統可以為您提供早期預警，當一些錯在哪裡，讓您可以撲滅它。 Let’s look at Samhain, a popular intrusion detection system.讓我們看看samhain ，流行的入侵檢測系統。

Read more (283 words) » 閱讀更多（ 283字） »

This WordPress blog was hacked for few hours on 24th December (nice Christmas present!) from Russia.這WordPress所博客被侵，為幾個小時，就12月24日（尼斯的聖誕禮物！ ）來自俄羅斯。 The hacker exploited several WordPress vulnerabilities in administrative scripts to gain full access to the website (as permitted to apache user), including the ability to upload & run scripts, delete any file owned by apache user, view the file and directories etc. This is a full disclosure on the how the site was hacked and how I detected and removed the hack along with few comments on the state of WordPress security.黑客利用數的WordPress的弱點行政腳本要獲得完全訪問網站（如允許Apache用戶） ，包括能力上載＆運行腳本，刪除任何文件所擁有的Apache用戶，查看文件和目錄等，這是一，充分披露就如何網站被侵，和我如何檢測並刪除該哈克隨著一些意見，對國家的WordPress的安全。 I added a WordPress plugin and made modifications to prevent any such hacking attempts in future using WordPress.我已將1 wordpress插件和作出修改，以防止任何這類黑客企圖在未來使用的WordPress 。 This is a must read for WordPress bloggers.這是一個必須讀的WordPress博客。

Read more (2226 words) » 閱讀更多資訊（ 2226字） »

SSH is aptly termed as poor man’s VPN. SSH的是恰當地稱之為欠佳男子的VPN 。 You can use it to either forward local host host name and port to a remote server running ssh daemon.你可以使用它來無論是前進本地主機主機名和端口到一台遠程服務器運行的SSH守護程序。 You can also use it to forward remote server’s port to a local host and port.您也可以使用它來推動遠程服務器的端口到本地主機和端口。

Read more (224 words) » 閱讀更多（ 224字） »

DROP (Don’t Route Or Peer) is an advisory “drop all traffic” list from Spamhaus, consisting of stolen ‘zombie’ netblocks and netblocks controlled entirely by professional spammers.下降（不航線或同儕）是一個諮詢“下拉，所有車輛”名單由SpamHaus說，構成被盜'殭屍' netblocks和netblocks控制完全由專業垃圾郵件發送者。 DROP is a tiny sub-set of the SBL advisory designed for use by firewalls and routing equipment.下降是一個微小的子集的sbl諮詢設計使用的防火牆和路由設備。 It can also be implemented in iptable rules as explained below.它也可以實施在iptable規則，下面加以說明。

Read more (292 words) » 閱讀更多（ 292字） »

I used to receive around 5,000-7,000 spams daily on angsuman [at] taragana [dot] com email which is publicly available on the internet.我曾經收到約5000-7000垃圾郵件，每天就由Angsuman [在]採購Taragana [斑點]最好的電子郵件是在互聯網上公佈。 It was consuming too many productive hours daily to fight spam.這是消費太多，生產小時，每日打擊垃圾郵件。 I我 decided to fight back決定反擊 . 。 To reduce the spams I first made changes to my postfix configuration with the aim to stop most spams upfront.以減少垃圾郵件首先，我做了更改我的postfix配置，目的是阻止大部分垃圾郵件的前期。 With 6 simple changes to my postfix configuration my spams dropped from 5,000 - 7,000 to a manageable 5-20 spams daily, often less.與6月進行簡單的更改我的postfix配置我的垃圾郵件下降，從5000 -7 000易於管理的5月2 0日每日垃圾郵件，往往較少。 Let’s look at these 6 simple postfix changes in details to drastically reduce your spam count too.讓我們看看在這6個簡單的postfix的變化，細節大幅度減少，您的垃圾郵件計數。 I am consistently getting over 99% spam reduction after implementing these changes.我始終得到了99 ％以上的垃圾郵件減少後，實施這些變化。

The changes proved to be safe and without false positives .的變化，證明是安全和無假陽性 。 In several weeks of manual browsing through the log file, I couldn’t spot a single false positive (a case where legitimate mail is rejected).在幾個星期的手冊，翻閱日誌文件，我不能當場一個單一的假陽性（一的情況下，合法郵件被拒絕） 。

Note: This changes do not involve (nor do they conflict with) spamassasin or clamav, which I might add later.注意：此變化，不涉及（也沒有衝突）或spamassasin的ClamAV ，我可以補充。
Read more (823 words) » 閱讀更多（ 823字） »

OpenSSL is a free, popular, robust, high quality, open source (Apache License) toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. OpenSSL的是一個自由的，受歡迎的，穩健的，高品質，開放原始碼（ Apache的授權）工具包，實施安全套接字層（ SSL v2/v3 ）和傳輸層安全（ TLS V1導聯）協議，以及作為一個全面的強度一般用途的密碼學圖書館。 It is available on multiple platforms (Linux, BSD & Windows).它是可利用的多個平台上（ Linux的， BSD的與Windows ） 。 In short it means that you can use OpenSSL to easily create certificate signing request (csr file) for your server to request certificate from certification authority like Verisign, Thawte etc. You can also use OpenSSL to create self-signed certificate to use on your Apache web server, Dovecot and other SSL enabled services.在短期內這意味著您可以使用OpenSSL的輕鬆地創建的證書簽名請求（ CSR檔案）為您的服務器的要求，證書由認證機構一樣，包括VeriSign ， Thawte等，您也可以使用OpenSSL的，以創建自簽發證書上使用你的Apache Web伺服器， dovecot和其他的SSL啟用服務。 Let’s look at how we can easily create a CSR using SSL and also how we can create a self-signed certificate using OpenSSL.讓我們看看我們如何能夠很容易地創建一個CSR的使用SSL ，也是我們如何可以創建一個自簽名證書使用OpenSSL的。

Read more (502 words) » 閱讀更多（ 502字） »