Secure your webserver

Published Date: 2020/02/12 by: DaVieS

Secure your webserver

Warning! Seems like webdevelopment went crazy!
If you would like to avoid any hacking or destructive operations by attackers see below, you may found this little article interesting.

To recover your lost Database and avoid leaking it: Send us 0.06 Bitcoin (BTC) to our Bitcoin address 1Mo24VYuZfZrDHw7GaGr8B6iZTMe8JbWw8 and contact us by Email with your Server IP or Domain name and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your Database is downloaded and backed up on our servers. Backups that we have right now: plife_geniza, plife_shop, plife_crm . If we dont receive your payment in the next 10 Days, we will make your database public or use them otherwise.

So what to do? - We help that.

How did they hacked me...

The most common attack methods are:

  • .env files (Laravel) may contains your database passwords and any sensitive data, this file should not been used by Laravel this is simply irresponsibility since PHP was born all passwords are must be stored in PHP files.
  • .git files, this is a Git Repository if this available to attackers they could grab your source code including passwords.
  • .ini files sometimes a beginner PHP programmers uses .INI files to store passwords
  • .db / .sqlite We discovered many SQlite database available in websites that contains passwords or any sensitive datas.
  • User-Agent XSS: if your website tracking User-Agent or any header sent to the server and if you can see them like in admin-area you should 'escaping' against < > html codes, because if you dont a well crafted query could lead to hijacking your session.
  • You didn't use SSL.
  • You are using wordpress




Prevention is always the best solution, here are some steps:

  • Make sure the Database Server is unreachable from internet.
  • Disable some paths / extensions in your webserver config
    • .git
    • .env (Laravel uses it, no clue how do they think this...)
    • .ini
    • .db
    • .sqlite
  • Make a regular backups and upgrade your server periodically.

If you like the article then don't forget to share!

MSSQL Fail to start on newer hardware

I recently faced with a strange issue with Microsoft Database Server.I used Bhyve as hypervisor and a Windows as Guest OS, tried to install MSSQL..

DELL PERC H710 turning into JBOD for ZFS

So at this very begining of the day I picked up an oldie machine Dell T620 and decided to want JBOD for ZFS, better IOPS and easier..

2021 Annual Report

Evolving. Trusted. Doing Better. I proudly can confirm that we still put many efforts to make our infrastucture more stable more green and.. going dark (again)

Back in time the most of the websites were DARK, specially the tech ones and forums. Then people started to use more slick, curved and light..

sysAdmin ToolBox v2.3.0

We just uploaded the very new release of this application.We added new function called: WiFi Discovery I'm sure everyone will love that, so..

New Software (PFR)

Our new Software released under Open Source license. PFR is a cross-platform easy-to-use powerfull tool to recover broken files that caused HDD..

BVCP for FreeBSD Bhyve Released today!

I'm happily announce that, one of our greatest product just released for the public! BVCP is a Webcontrol interface for FreeBSD Bhyve aka..

Upgrade into FreeBSD Bhyve was successfull

As I told before we were started to migrate our infrastructure from Linux/KVM (FreeBSD) into FreeBSD/Bhyve (FreeBSD). I announce that we..

Hello Bhyve, Im moving in ...

We are performing an update at this weekend, there will be some interrupts in our services. Please be patient! ..

All rights reserved 2009 - 2022
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD