Category: security

Improve security for apc.php

If you’re running APC with PHP, you have the option to download apc.php to view, monitor the usage/stats. However, the default authentication is very open. Without any credential, anyone can view the running stats and also the cached filenames (a simple search on “APC INFO” will show some site running APC). The login is to…

September 23, 2008
Some Hack Script

After my fare share of performing security audit, these are some hacking script I found, not for the purpose of hacking, but for education, analysis and prevention. function ConvertBytes($number) { $len = strlen($number); if($len < 4) { return sprintf("%d b", $number); } if($len >= 4 && $len = 7 && $len

August 15, 2008
Windows Vista Firewall

If I didn’t know, I would say it sucks and install another firewall, like ZoneAlarm for all my other XP computers. However, after an issue with delay and slow connection to localhost, I have identified the problem is with conflicting firewalls. Uninstalled ZoneAlarm, then tweak Vista Firewall, it’s quite powerful (use w/ Advanced Security option).…

July 2, 2008
mod_dosevasive Configuration

DOSHashTableSize The hash table size defines the number of top-level nodes for each child’s hash table. Increasing this number will provide faster performance by decreasing the number of iterations required to get to the record, but consume more memory for table space. You should increase this if you have a busy web server. The value…

March 1, 2007