A vulnerability (CVE-2019-11043) was identified which could affect websites running under nginx webserver with PHP-FPM enabled. On October 22, a security researcher has tweeted regarding a freshly patched remote code execution vulnerability in PHP-FPM which exposed the bug . You can find the GitHub repository which provides the proof of concept (PoC) for the vulnerability. […]

ASSP is one of the free and open source anti-spam solution available. At the time of this writing, the version released is 2.6.1 and has a plethora of features, which is a good study by itself. Check out the website http://www.thockar.com/assp-home/ for a detailed list of features. However, the configuration and installation of ASSP are often […]

For me, a sysadmin is a jack of all, master of few trades. A good sysadmin can play multiple roles effortlessly, in his professional as well as personal life. Once he is into debugging an issue, don’t disturb. That’s the only condition he would have. I agree that its difficult to document how a sysadmin […]

Do we need security through obscurity? My answer would be ‘yes‘, we need security through obscurity as well. Well changing the ssh port from the default 22 to a non-default one is desired and is recommended by me. But do not simply rely on this method though for SSH security. On a publicly accessible server […]

WordPress based websites sometimes show a 500 internal server error and in some cases, you get a white screen instead of the error. There can be many reasons for this error, but primarily two which accounts for 80% of the cases. Let’s discuss the scenarios in detail. Primary reasons Wrong entries in .htaccess (assuming that […]