http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
semi-optimal setup; ip_hash might give you issues if you have to server a lot of mobile-clients (at least here in europe), because of central proxies used by mobile-providers. this one might help if you need stickyness:…
suphp, but only if your are stupid enough to switch safe_mode On https://8ack.de/guides/suphp_shellshock
suphp might be exploitet, but only with stupid settings https://8ack.de/guides/suphp_shellshock
i'm working on it it, but it looks like it works only under rare conditions
> but fastcgi_params does not put attacker controlled data into environment variables it does https://gist.github.com/anonymous/ea60dc2915eccf0b803e
i wasnt able (yet) to exploit php-fpm, although i was able to sneak the user-agent into it and had an exploitable bash and a system() - call within this file output ->…
https://access.redhat.com/articles/1200223 CUPS probably too, but no POC seen yet
sslabs gives you grade F https://www.ssllabs.com/ssltest/analyze.html?d=wbsrch.com btw, where are your cipher_suites from?
your setup is pretty bad (performance and security), here comes why: 1. combine all listen 80 - serverblocks into one, and then return 301 https://$host$request_uri; instead of rewrite, it is faster and you can skip the…
i think it depends on the terms&conditions of google's playstore. just because you are german doesnt meant you cant ge sued by american laws, and i know that german and american laws are quite dirrefent when it comes to…
downlaod -> http://9ol.es/BOOTSTRA.386/assets/bootstrap.zip -> 404
any demo-site available?
prepaid creditcards are quite usefull
quite realted, but dont know how this would fit in there: DONT PANIC First Aid Kit - resources and links: https://8ack.de/firstaidkit/
http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
semi-optimal setup; ip_hash might give you issues if you have to server a lot of mobile-clients (at least here in europe), because of central proxies used by mobile-providers. this one might help if you need stickyness:…
suphp, but only if your are stupid enough to switch safe_mode On https://8ack.de/guides/suphp_shellshock
suphp might be exploitet, but only with stupid settings https://8ack.de/guides/suphp_shellshock
i'm working on it it, but it looks like it works only under rare conditions
> but fastcgi_params does not put attacker controlled data into environment variables it does https://gist.github.com/anonymous/ea60dc2915eccf0b803e
i wasnt able (yet) to exploit php-fpm, although i was able to sneak the user-agent into it and had an exploitable bash and a system() - call within this file output ->…
https://access.redhat.com/articles/1200223 CUPS probably too, but no POC seen yet
sslabs gives you grade F https://www.ssllabs.com/ssltest/analyze.html?d=wbsrch.com btw, where are your cipher_suites from?
your setup is pretty bad (performance and security), here comes why: 1. combine all listen 80 - serverblocks into one, and then return 301 https://$host$request_uri; instead of rewrite, it is faster and you can skip the…
i think it depends on the terms&conditions of google's playstore. just because you are german doesnt meant you cant ge sued by american laws, and i know that german and american laws are quite dirrefent when it comes to…
downlaod -> http://9ol.es/BOOTSTRA.386/assets/bootstrap.zip -> 404
any demo-site available?
prepaid creditcards are quite usefull
quite realted, but dont know how this would fit in there: DONT PANIC First Aid Kit - resources and links: https://8ack.de/firstaidkit/