. Hints notes PAE
Makefile oldcard gethints. awk
The Kernel configuration file is generic. We need to configure it, including the hardware support, IPv6 support, and nic. To prevent problems in the configuration file,
Let's back up it first:
# Cp generic. Bak
Then we can use any editor to open the file, which can be opened by VI or EE. For convenience, I will use EE to open the file:
# Ee generic
After opening, there are similar:
# Generic -- generic Kernel configuration file for FreeBSD/i386
#
XML Easy Learning Manual (2) One of XML QuickStart
XML Easy Learning Handbook (2) XML QuickStart II
XML Easy Learning Handbook (2) XML QuickStart Three
XML Easy Learning Handbook (3) One of XML concepts
XML Easy Learning Handbook (3) XML Concept bis
XML Easy Learning Handbook
. Solutions
1. Never trust user input fields. All user input should be considered untrusted and potentially malicious. Untrusted input processes of applications may become vulnerable to buffer overflow attacks, SQL injection, OS command injection, denial of service, and email injection.
2. Use regular expressions to filter data submitted by users. For example, we can search (r or n) in the input string ).
3. Use external components and libraries to prevent such problems as ZEND mail, PEAR mail,
server. Check the log, which is displayed in the/usr/local/Apache/logs/directory of the server.A file like DOS-192.168.1.94 is generated [dos and IP addresses are generally used], which is as follows:Ls/usr/local/Apache/logs/DOS-192.168.1.101 DOS-192.168.1.104One more log is displayed:DOS-192.168.1.104Let's look at it again:The logs in tail-F/usr/local/apache2/logs/error_log are as follows: [Note: the error log is in apache2/logs and in apache2]Bogon:/usr/local/Apache/logs # tail/usr/local/apac
Module: mod_evasiveRole: Prevent DDOS attacksIntroduction: The predecessor of the mod_evasive module is mod_dosevasive.Download: http://www.nuclearelephant.com/projects/mod_evasive
Install# Tar zxvf mod_evasive_1.10.1.tar.gz# Cd mod_evasive_1.10.1#/Usr/local/apache/bin/apxs-I-a-c mod_evasive20.c
Open the httpd. conf fileCheck whetherLoadModule evasive20_module modules/mod_evasive+soIf not, add it.
And add it to httpd. conf.#################################DOSHashTableSize 3097DOSPageCount 2DOSSi
System version: Red Hat 6HTTPD version: httpd-2.4.20Tar package: modsecurity-apache_2.5.9.tar.gz mod_evasive_1.10.1.tar.gzAbout apxs:http://itlab.idcquan.com/linux/manual/apachemanual/programs/apxs.html
Installation of the Mod_evasive module# Tar XF mod_evasive_1.10.1.tar.gz# cd mod_evasive# lschangelog mod_evasive20.c mod_evasive20.o Mod_evasiveNSAPI . clicense mod_evasive20.la mod_evasive20.slo readmemakefile.tmpl mod_evasive20.lo mod_evasive.
An error occurred in apache under fedora7. Solution to code 400: Linux Enterprise Application-Linux server application information. For details, refer to the following section. Problem:
If you enter 127.0.0.1 or the Host IP address in the browser, the following error occurs:
/**********/
Bad Request
Your browser sent a request that this server cocould not understand.
Apache/2.2.0 (Fedora) Server at 127.0.0.1 Port 80
/*********/
If http: // host name/is opened in the browser on the host, the
How to Use ssdeep to detect webshell
In the latest version of ModSecurity, The ssdeep webshell detection interface is added, and the client security (game Security) is suddenly recalled) I bought a book about malware analysis know-how and toolbox-techniques and tools against "rogue" software. this book mentions the use of ssdeep to find malware (webshell is a type of malware, and the security field is interconnected). This article describes how to us
/naxsi-tutorial-1/Defense MechanismNaxsi's main protection mechanism is to implement threat blocking through a built-in set of extremely strict core rules, and to prevent normal requests from being killed by a user-defined whitelist (white list), through continuous optimization of both sides, To achieve a balance between security protection and business access.modsecurity Module Module IntroductionIn favor of filtering and blocking web dangers, the strong rule is that OWASP provides rules that a
, without the user's knowledge, to forge the request as a user. The core is the use of browser cookies or server session policy to steal user identities .Form TokeCSRF is an action that forges a user request, so all the parameters requested by the user need to be constructed, and the form token organizes the attacker to get all the request parameters by adding a random number to the request parameter.Verification CodeSimpler and more efficient, that is, when a request is submitted, the user is r
corresponding to 'A' MOD '1' is 0 MOD 1 = 0, and the user's corresponding value is 0.
(4) enter the user name
'-"#
"-" The corresponding value is 0-0 = 0, and the user's corresponding value is 0.
Bit operators , |, ^,
(5) enter the user name
'/'1 ′#
"/The value corresponding to '1' is 0/1 = 0, and the user's corresponding value is 0.
Bit operators , |, ^,
(6) enter the username a' 'B '#
The value corresponding to 'A' 'B' is 0 0 = 0, and the user's corresponding value is 0.
For th
/
Install# Tar zxvf modsecurity-apache-1.9.tar.gz# Cd modsecurity-apache-1.9/apache2/#/Apache2/bin/apxs-CIA mod_security.c
Open the httpd. conf fileCheck whetherLoadmodule security_module modules/mod_security.soIf not, add it.
And add it to httpd. conf.#################################
Secfilterengine onSecfiltercheckurlencoding onSecfilterdefaultaction "Deny, log, status: 500"# Secfilterforcebyterange 32 1
, without the user's knowledge, to forge the request as a user. The core is the use of browser cookies or server session policy to steal user identities .Form TokeCSRF is an action that forges a user request, so all the parameters requested by the user need to be constructed, and the form token organizes the attacker to get all the request parameters by adding a random number to the request parameter.Verification CodeSimpler and more efficient, that is, when a request is submitted, the user is r
spoofed by the attacker without the user's knowledge of the request.Referer CheckThe source of the request is recorded in the Referer domain of the HTTP request header, which can be verified by checking the request source to verify that it is legitimate, and can also be exploited to break through the chain of intrusion.4. Web Application FirewallModsecurity is an open-source Web application firewall that detects attacks and protects Web applications, either embedded in a Web application server
LinuxBooks:Penetration Test Books:The Art of exploitation by Jon Erickson, 2008Metasploit:the penetration tester #039; s Guide by David Kennedy and others, 2011Penetration testing:a hands-on Introduction to Hacking by Georgia Weidman, 2014rtfm:red Team Field Manual by Ben Clark, 2014The Hacker Playbook by Peter Kim, 2014The Basics of Hacking and penetration testing by Patrick Engebretson, 2013Professional Penetration Testing by Thomas Wilhelm, 2013Advanced Penetration testing for highly-secured
Playing FreeBSD discovery is really tiring. I believe that the following questions are the first time to play FreeBSD have encountered:
Installation system By default only text mode, need to manually install Gnome,kde and other desktop environment.
FreeBSD installs, upgrades the software two ways: ports,pkg, how to use?
How virtual machines Install the VMware Tools Enhanced experience
FreeBSD provides DVD image, how to install software directly from the mirror, to avoid the
similar to this position: "/home/jaceju/public_html/". Download the latest Smarty kit from the official website of Smarty: Http://smarty.php.net. After unlocking Smarty 2.6.0, you will see a lot of files, including a Libs folder. There should be 3 class.php + 1 DEBUG.TPL + 1 plugin folders + 1 Core folders in Libs. Then directly copy the Libs to your program Master folder, and then rename it to class. That's it? That's right! This installation method is relatively simple, suitable for use
Introduction
Weibo designers know that there is an internal tool that can help build prototypes quickly, and we call them "WDL", the initials of the Weibo Design Library, the English name of the micro-blog. by February 28, 2011 WDL formally released the internal version, open browsing, our designers, as well as product managers have been using it, and actively focus on and support the WDL of each component Update and version upgrade.
Our official definition of WDL is:
"WDL is a code base for
Article Description: uncover the wdl-of the micro-blog interaction norms of the growth process.
Introduction
Weibo designers know that there is an internal tool that can help build prototypes quickly, and we call them "WDL", the initials of the Weibo Design Library, the English name of the micro-blog. by February 28, 2011 WDL formally released the internal version, open browsing, our designers, as well as product managers have been using it, and actively focus on and support the WDL
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.