Friday, December 4, 2020
# Enable rewrite engine
RewriteEngine On
# Block suspicious request methods
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ — [F,L]
# Block WP timthumb hack
RewriteCond %{REQUEST_URI} (timthumb.php|phpthumb.php|thumb.php|thumbs.php) [NC]
RewriteRule . — [S=1]
# Block suspicious user agents and requests
RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|>|’|”|)|(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{THE_REQUEST} ? HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} /* HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
# Block MySQL injections, RFI, base64, etc.
RewriteCond %{QUERY_STRING} [a-zA-Z0–9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0–9_]=(..//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0–9_]=/([a-z0–9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} =PHP[0–9a-f]{8}-[0–9a-f]{4}-[0–9a-f]{4}-[0–9a-f]{4}-[0–9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (../|..) [OR]
RewriteCond %{QUERY_STRING} ftp: [NC,OR]
RewriteCond %{QUERY_STRING} http: [NC,OR]
RewriteCond %{QUERY_STRING} https: [NC,OR]
RewriteCond %{QUERY_STRING} =|w| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*iframe.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*([^)]*) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0–9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} <em>REQUEST(=|[|%[0–9A-Z]{0,2}) [OR]
RewriteCond %{QUERY</em>STRING} ^.*([|]|(|)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (./|../|…/)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127.0.0.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^(]*( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|’|”|)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ — [F,L]
.htaccess Code to Block SQL Injection Attacks in QUERY_STRING
##### Redirect If QUERY_STRING Has SQL Injection To Honeypot -- START
#QUERY_STRING contains everything in the URL after the "?" ex.) mydomain.com/test.php?test=test
#Excluded the commands like, version, update, insert, and set because they are common words and have caused false positives
RewriteCond %{QUERY_STRING} !^$
RewriteCond %{REQUEST_URI} !honeypot.php/
RewriteCond %{QUERY_STRING} union [NC,OR]
RewriteCond %{QUERY_STRING} select [NC,OR]
RewriteCond %{QUERY_STRING} cast [NC,OR]
RewriteCond %{QUERY_STRING} declare [NC,OR]
RewriteCond %{QUERY_STRING} drop [NC,OR]
RewriteCond %{QUERY_STRING} md5 [NC,OR]
RewriteCond %{QUERY_STRING} benchmark [NC,OR]
RewriteCond %{QUERY_STRING} table [NC,OR]
RewriteCond %{QUERY_STRING} column [NC,OR]
RewriteCond %{QUERY_STRING} distinct [NC,OR]
RewriteCond %{QUERY_STRING} substr [NC,OR]
RewriteCond %{QUERY_STRING} concat [NC,OR]
RewriteCond %{QUERY_STRING} schema [NC,OR]
RewriteCond %{QUERY_STRING} hex [NC,OR]
RewriteCond %{QUERY_STRING} truncate [NC,OR]
RewriteCond %{QUERY_STRING} convert [NC,OR]
RewriteCond %{QUERY_STRING} exec [NC,OR]
RewriteCond %{QUERY_STRING} passthru [NC,OR]
RewriteCond %{QUERY_STRING} system [NC,OR]
RewriteCond %{QUERY_STRING} popen [NC,OR]
RewriteCond %{QUERY_STRING} proc [NC,OR]
RewriteCond %{QUERY_STRING} load [NC,OR]
RewriteCond %{QUERY_STRING} between [NC,OR]
RewriteCond %{QUERY_STRING} null [NC,OR]
RewriteCond %{QUERY_STRING} delay [NC,OR]
RewriteCond %{QUERY_STRING} char [NC,OR]
RewriteCond %{QUERY_STRING} sleep [NC,OR]
RewriteCond %{ QUERY_STRING } schema [NC,OR]
RewriteCond %{QUERY_STRING} unhex [NC]
RewriteRule ^(.*)$ /honeypot.php/ [NC,L]
##### Redirect If QUERY_STRING Has SQL Injection To Honeypot -- END
[Read more…]
Step 1: Enable mod_rewrite
sudo a2enmod rewrite
You must restart Apache once you make any change to its configuration. To do this, type the command below on a terminal window:
sudo systemctl restart apache2
Your server is now ready to accept rewrite rules.
Step 2: Setup your server to accept .htaccess files
By default, Apache does not allow the use of ‘.htaccess’ file so you will need to edit the configuration of each website’s virtual host file by adding the following code:
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
[Read more…]
Friday, November 13, 2020
Step 1: Install certbot-auto tool
wget https://dl.eff.org/certbot-auto
chmod +x certbot-auto
Move the script to directory in your PATH.
sudo mv certbot-auto /usr/local/bin
Confirm it working.
sudo certbot-auto --version
Step 2: Stop Zimbra Proxy Service
We need to stop the jetty or nginx service services before we can configure it to use Let’s Encrypt SSL certificate.
$ sudo su - zimbra -c "zmproxyctl stop"
Stopping proxy...done.
$ sudo su - zimbra -c "zmmailboxdctl stop"
Stopping mailboxd...done.
Step 3: Obtain Let’s Encrypt SSL Certificate
Once the Zimbra proxy and mailboxd services are stopped we can proceed to request for Let’s Encrypt in auto mode. Make sure you pass all the hostnames used by your Mail Server.
# export EMAIL="[email protected]"
# certbot-auto certonly --standalone
-d mail.computingforgeeks.com
--preferred-challenges http
--agree-tos
-n
-m $EMAIL
--keep-until-expiring
You can find all your files under /etc/letsencrypt/live/$domain
$ ls -lh /etc/letsencrypt/live/mail.computingforgeeks.com
total 4.0K
lrwxrwxrwx. 1 root root 50 Jul 5 23:42 cert.pem -> ../../archive/mail.computingforgeeks.com/cert1.pem
lrwxrwxrwx. 1 root root 51 Jul 5 23:42 chain.pem -> ../../archive/mail.computingforgeeks.com/chain1.pem
lrwxrwxrwx. 1 root root 55 Jul 5 23:42 fullchain.pem -> ../../archive/mail.computingforgeeks.com/fullchain1.pem
lrwxrwxrwx. 1 root root 53 Jul 5 23:42 privkey.pem -> ../../archive/mail.computingforgeeks.com/privkey1.pem
-rw-r--r--. 1 root root 692 Jul 5 23:42 README
[Read more…]
Monday, August 24, 2020
CloneFileInfo [Delphi]
function CloneFileInfoA(sSource: String; sDestin: String): Bool;
var
dwRes: DWORD;
dwFile: DWORD;
dwSize: DWORD;
dwLangID: DWORD;
dwSrcSize: DWORD;
dwDestSize: DWORD;
bSrcData: TBytes;
bDestData: TBytes;
ptrBuffer: Pointer;
begin
Result := True;
dwRes:= 0;
dwLangID := 0;
dwSrcSize := 0;
dwDestSize := 0;
dwSrcSize := GetFileVersionInfoSize(PChar(sSource), dwFile);
if dwSrcSize = 0 then
begin
Result := False;
Exit;
end;
SetLength(bSrcData, dwSrcSize);
GetFileVersionInfo(PChar(sSource), dwFile, dwSrcSize, @bSrcData[0]);
dwDestSize := GetFileVersionInfoSize(PChar(sSource), dwFile);
if dwDestSize = 0 then
begin
Result := False;
Exit;
end;
SetLength(bDestData, dwDestSize);
GetFileVersionInfo(PChar(sDestin), dwFile, dwDestSize, @bDestData[0]);
VerQueryValue(@bDestData[0], PChar('VarFileInfoTranslation'), ptrBuffer, dwSize);
dwRes := BeginUpdateResource(PChar(sDestin), False);
CopyMemory(@dwLangID, ptrBuffer, 2);
UpdateResource(dwRes, RT_VERSION, PChar(VS_VERSION_INFO), dwLangID, @bSrcData[0], dwSrcSize);
EndUpdateResource(dwRes, False);
end;
Tuesday, July 21, 2020
Declare API
Private Declare Function InternetGetConnectedState Lib "wininet" (ByRef dwflags As Long, _
ByVal dwReserved As Long) As Long
Private Const CONNECT_LAN As Long = &H2
Private Const CONNECT_MODEM As Long = &H1
Private Const CONNECT_PROXY As Long = &H4
Private Const CONNECT_OFFLINE As Long = &H20
Private Const CONNECT_CONFIGURED As Long = &H40
Function:
Public Function IsWebConnected(Optional ByRef ConnType As String) As Boolean
Dim dwflags As Long
Dim WebTest As Boolean
ConnType = ""
WebTest = InternetGetConnectedState(dwflags, 0&)
Select Case WebTest
Case dwflags And CONNECT_LAN: ConnType = "LAN"
Case dwflags And CONNECT_MODEM: ConnType = "Modem"
Case dwflags And CONNECT_PROXY: ConnType = "Proxy"
Case dwflags And CONNECT_OFFLINE: ConnType = "Offline"
Case dwflags And CONNECT_CONFIGURED: ConnType = "Configured"
Case dwflags And CONNECT_RAS: ConnType = "Remote"
End Select
IsWebConnected = WebTest
End Function
Private Sub Command1_Click()
Dim msg As String
If IsWebConnected(msg) Then
msg = "You are connected to the Internet via: " & msg
Else
msg = "You are not connected to the Internet."
End If
MsgBox msg, vbOKOnly, "Internet Connection Status"
End Sub
[Read more…]
Tuesday, July 14, 2020
ເປັນຕົວຢ່າງການນຳໃຊ້ CreateObject ໃນ Go
Namespace/Package Name: github.com/go-ole/com
func Example_msxml_rssreader() {
com.CoInitialize()
defer com.CoUninitialize()
var unknown *iunknown.Unknown
var xmlhttp *Dispatch
err := com.CreateObject("Microsoft.XMLHTTP", &unknown)
unknown.QueryInterface(com.IDispatchInterfaceID, &xmlhttp)
defer xmlhttp.Release()
MustCallMethod(xmlhttp, "open", "GET", "http://rss.slashdot.org/Slashdot/slashdot", false)
MustCallMethod(xmlhttp, "send", nil)
[Read more...]
