Skip to main content

Posts

Server Security - Secure Your Website using. Htaccess file

Recent posts

Server Security - Hide PHP Version

The PHP Configuration by default shows the PHP version in HTTP server header X-Powered-By to display the version installed on the server. But for security reasons, it is generally recommended to hide the version info from attackers or hackers. Sometimes versions has some vulnerabilities which help the attackers to find loop holes and gain access to your system. If the attacker knows the PHP version then it would be easier for them to exploit and find security holes. Therefore in this article “ Server Security – Hide PHP Version ” I will be explaining how to hide PHP Version from the response header. Suggested Read: Secure Apache Web Server To hide the version we need to open php.ini file in the file editor. expose_php = On expose_php = Off You may find php.ini on the following locations Debian/Ubuntu – /etc/php/7.0/cli/php.ini CentOS – /etc/php.ini Now locate expose_php and sets its value to Off expose_php = off Save the file and exit. Afterwards re...

Server Security - Disable Directory Listing

Directory Listing Directory Listing is by default enabled in an apache server. This happens when there is no index.html file (default) available in the directory. If there is no index file available in the directory then doesn’t understand which file to display so it displays all the files and folders in the directory. Please see the below screenshot The above image index file is the default file that is under the website folder. So when I will access my localhost with the following address – localhost/website1 or 192.168.1.2/website 1 then it shows the following page. It is actually showing the website because Apache knows exactly which file to display i.e. index.html But in case I have renamed the index.html file to index1.html then let’s see what happens. So this time when I access my website1 folder again then it will show all the files and folders inside the website1 folder. Files & Folders List Prevention In order to prevent this, you need to disable direc...

Server Security - Apache Web Server Hardening

Whenever any request is made from client to server then it sends some headers from server to client or vice versa. So when we receive server response we get some headers that give some extra information about the server. This information or headers sometimes becomes vulnerable for hackers to break your server and get into it. In order to stop unauthorized access we secure our server. So in this article “Server Security – Apache Web Server Hardening” I will secure the apache server by removing the server details from response headers. This comes under the Banner Grabbing Attack . In the Banner Grabbing method, Hacker tries to identify the target system OS or server name and version to penetrate into the system. To understand this look at the image below. Server Details If you will look at the image you will find out, In server response headers we are actually getting the lots of details . We are getting the following items: 1. Server Name and Version (Apache &...

Android - Create Force Update App Module in 30 minutes

In the article “ Android – Create Force Update App Module in 30 minutes “. I will be using the firebase remote config for the app force update module. First, navigate to Firebase and login with your Google account . Once signing will be done you will be able to see Go to Console on the right top corner of the page. Click on Go to Console After entering into the console you will have to create a new project. Click on the Add Project button. Now on the next screen, you have to enter the project name and click on Continue to move further. On the next screen, You will be asked to enable google analytics on your project it is by default enable so just click on continue to move further. Click on continue Then on the next screen, you will be asked to select google account for google analytics . Select default account for Firebase if you don’t have already created an account. Otherwise, in the drop-down you will see your other account. For this example, I am usi...

Android - Show A Dialog From Service

In this article, I will be discussing how you can create a dialog from service. As we all know that service in android does not have any UI and it is intended for long-running background tasks. But sometimes it is required to show some information to the user when your app is running in the background. Today I will show you how you can implement this type of functionality in your application. Before starting the tutorial let me tell you about the special permission that we are going to use. Permission AndroidManifest.xml<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/> This permission allows the app to use the system level window. AndroidManifest.xml <?xml version="1.0" encoding="utf-8"?><manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.app.dialogfromservice"> <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/> <appl...

Android - Create Root Checker App in Just 10 minutes

Today , I will show you how easily we can create a root checker app in android. It only takes 10 minutes to create this kind of application. activity_main.xml <?xml version="1.0" encoding="utf-8"?><androidx.constraintlayout.widget.ConstraintLayout xmlns:android="http://schemas.android.com/apk/res/android" xmlns:app="http://schemas.android.com/apk/res-auto" xmlns:tools="http://schemas.android.com/tools" android:layout_width="match_parent" android:layout_height="match_parent" tools:context=".MainActivity"> <TextView android:id="@+id/textView2" android:layout_width="wrap_content" android:layout_height="wrap_content" android:layout_marginTop="60dp" android:text="This app checks the rooting status of your phone" android:textAlignment="center" android:textSize="18sp...