Showing posts from October 25, 2009

Centos 5.4

The CentOS team is pleased to announce the availability of CentOS 5.4. Major changes in CentOS 5 compared to CentOS 4 include:

These updated software versions: Apache-2.2, php-5.1.6, kernel-2.6.18, Gnome-2.16, KDE-3.5,, Evolution-2.12, Firefox-3.0, Thunderbird-2.0, MySQL-5.0, PostgreSQL-8.

Better desktop support with compiz and AIGLX.

Virtualization provided by the Xen hypervisor with Virtual Machine Manager and libvirt.

Major changes compared to earlier CentOS 5 versions include:

KVM as a preview for the new virtualization technology in Enterprise Linux.

ext4 as a technology preview in file systems.

Source :

download from local ix ( Indonesia )

Sql injection and mod security - black and white

this noon , we read mail from someone and he claim he find sql injection in our site , how it can be ... , magic quota still off and mod_security not yet installed

see this article

from :

Red Hat / CentOS Install mod_security Apache Intrusion Detection And Prevention Engine

by Vivek Gite

How do I install ModSecurity - an open source intrusion detection and prevention engine for web applications under CentOS / RHEL / Red Hat Enterprise Linux 5.x server?

ModSecurity operates embedded into the web server (httpd), acting as a powerful umbrella - shielding web applications from attacks. In order to use mod_security, you need to turn on EPEL repo under CentOS / RHEL Linux. Once repo is turned on, type the following command to install ModSecurity:
# yum install mod_security
Sample output:

Loaded plugins: downloadonly, fastestmirror, priorities, protectbase
Loading mirror speeds from cached hostfile
* epel: www.gtlib.g…

Redirect and Phising Facebook

This night very smooth just open my eyes and read the security around the world, facebook is the biggest social community and there are people can make the application like games , quiz and etc.

Can we Phising that ?... of course ...

have u read this


# [+] Facebook Redirection
# [+] Author : 599eme Man
# [+] Contact :
# [+] How use ?
# [+] PoC :

check your nginx

debian:~# uname -a Linux debian 2.6.18-6-686 #1 SMP Thu Aug 20 21:56:59 UTC
2009 i686 GNU/Linux
debian:~# cat /etc/issue
Debian GNU/Linux 4.0 \n \l

debian:~# dpkg -l|grep nginx
ii nginx 0.4.13-2+etch2 small, but very powerful and efficient
debian:~# ps xauwww|grep worker|grep -v grep
www-data 3577 0.0 0.9 2688 928 ? S 01:50 0:00 nginx: worker process
debian:~# gdb -p 3577
GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are

welcome to change it and/or distribute copies of it under certain
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
Attaching to process 3577
Reading symbols from /usr/sbin/nginx...(no debugging symbols found)...done.
Using host libthread_db library "/lib/tls/i686/cmov/l…