Daily Web Tools » Security

PHP Security Problems Explained

Liz Jamieson — Tue, 21 Oct 2008 09:00:45 +0000

What a clear and helpful article. I came across this article at the weekend. Anyone interested in PHP coding can benefit from a good read of this.

An ideal breakdown of all the security issues to consider when coding PHP (and MySQL) and the different types of attack a PHP website can be open to.

These include attacks such as XSS, SQL Injection and Form spoofing.

A further useful and related article can be found here – the author desribes how to sanitise database input before applying it to your MySQL database.

Free Tool For Remembering Passwords – KeePass

Liz Jamieson — Fri, 22 Aug 2008 19:31:23 +0000

Nowadays you have to remember far too many passwords. You need a password for your e-mail account, your FTP logind, social networking accounts, gmail, yahoo, passwords , bank accounts and so on.

Also, because you should use different passwords for each account setting up new ones for each account is mind numbing. As is trying to remember them all.

Not only that – some accounts want you to set up a secret question, a secret answer, your date of birth, your mother’s maiden name, your first phone number and other such things.

Now – I don’t use my mother’s real maiden name online so I need something to remind me of the fake maiden name I am using for her. So – enter KeePass.

KeePass is a free/open-source password manager or safe which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database.

The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, please visit the KeePass website.

Is Your WordPress Blog Being Hijacked?

Liz Jamieson — Tue, 19 Aug 2008 16:51:49 +0000

Suspicious URLS

I only mention this as there have been several hundred attempts to hijack one of my WordPress blog recently. I noticed when checking my statistics, that instead of some people accessing a page using a standard URL – you know something like :

www.myblog.com/blog/an-interesting-blog-post/

they were using URLS that looked good at the start, but had incredibly long numbers attached to them – the URLS being used looked more like this :

www.myblog.com/blog/an-interesting-blog-post/?;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445445434C4152452040
54207661726368617228323535292C4043207661726368617228343030302920
4445434C415245205461626C655F437572736F7220435552534F5220464F52207 . . .

SQL Injection

Above is an example of someone trying to inject some SQL a WordPress database so that the wordpress blog running off the database is infected with hundreds of outgoing links to porn or pharmaceutical websites. You don’t normally notice until your Google rankings start to drop.

Today’s article is there one that explains what is going on with the latest SQL Injection attacks and how to combat them. Keeping your wordpress version updated is a good start. But he also goes into how to check to see if your blog has been spammed. Nasty.