• Login
  • Stats
  • Tools
  • Whois
  • Email Whois
  • Fingerprint
  • Logout
  • Contact
  • Lost Password
WebTracker.one
 
Login
Site Stats
Tools
Whois
Email Whois
Fingerprint
Logout
Contact
Lost Password
Please enable JavaScript to view this site.

InfoSec Weblog

ModSecurity

ModSecurity is a web application firewall. I'll say up front that caution must be exercised with ModSecurity. Many of the OWASP rules interfere with scripts and break websites. Unless you use it sparingly and judiciously, you're better off without it. (Note: Instead of ModSecurity, the Fail2Ban (cont'd)

* posted by Robert on Sun, Jul 17, 2022

Sysctl.conf for Security and Performance

The /etc/sysctl.conf file is a configuration file that is used to modify kernel parameters in the Linux operating system. See SSLHOW for an explanation.

The sysctl.conf file can be configured to protect (cont'd)

* posted by Robert on Sun, Jul 17, 2022

Anti-Spoofing Controls for Email

Anti-spoofing tools are designed to help prevent a spammer/hacker from sending spoofed email, disguised as coming from your website.

Sender Policy Framework (SPF) is a DNS text entry that shows the list of servers allowed to send mail for a (cont'd)

* posted by Robert on Thu, Jul 14, 2022

Reverse IP Lookup

Some websites have a dedicated IP address, while others share a server and even an IP address with many other sites. There is a facility called a reverse IP lookup that allows you to discover this information.

One such service is (cont'd)

* posted by Robert on Thu, Jul 14, 2022

Scan Any Website for Viruses

VIRUSTOTAL has an excellent tool designed to Analyze suspicious files, domains, IPs and URLs to detect malware and other breaches, automatically share them with the security community.

(cont'd)

* posted by Robert on Tue, Jul 12, 2022

Test Your SSL Configuration

Qualys Labs provides an excellent service for testing your website's SSL configuration. The testing tool is found at https://www.ssllabs.com/ssltest/.

The testing results for WebTracker.one shows the following (cont'd)

* posted by Robert on Mon, Jul 11, 2022

HTTP Response Headers

HTTP response headers can protect your website against attack. Here are the response headers that I consider to be the most important.

The Strict-Transport-Security HTTP response header lets a website tell browsers that it should only be (cont'd)

* posted by Robert on Sun, Jul 10, 2022

Fail2Ban - Stop Resource Theft

In a previous article, I spoke about using Fail2Ban to ban the IPs of bots abusing your site. In that case, they were generating errors that show in /var/log/apache2/error.log. But what about bots using your resources, and not generating (cont'd)

* posted by Robert on Sat, Jul 09, 2022

Login Protection

You already have a username and password for login.php or php-enabled login.html. What else can you do? You can limit the login script to your IP address. Anyone logging in from an IP address other than yours will get a dead page. Simply add this line of code to your PHP (cont'd)

* posted by Robert on Sun, Jul 03, 2022

Protect Your Website with Fail2Ban

Hackers are always pounding away at the door of your website attempting to break in. A weak password here. Misconfigured code there. An unpatched system, whatever they can find, they will use to force their way in. They may want your site to blast out spam email or to mine crypto (cont'd)

* posted by Robert on Sun, Jul 03, 2022

  1  2


Site built and hosted by RJdesign.one