DROWN ATTACK – SSLv2 Vulnerablity

Security researchers identified a new openSSL vulnerability, called DROWN( Decrypting RSA With Obsolete and Weakened Encryption ) on March 2016. This attack was focused on servers that uses the more secure TLS protocol, which also supports the obsolete SSLv2.This vulnerability allows an attacker to decrypt the highly secured TLS encrypted communication, if the server houses SSLv2 cipher support.

DROWN was assigned the CVE-2016-0800 id by the us-nert on march (https://www.us-cert.gov/ncas/bulletins/SB16-067 ).

More than 11 million websites that uses TLS were vulnerable to DROWN attack.If your website is protected by TLS and your server directly on indirectly supports the older SSLv2 , you are also vulnerable and an attacker may exploit it to get important information such as  user names, password, financial credentials,important documents ..etc. Continue reading…

Kibana :: Installation and setup

Kibana is an open source data visualization plugin for Elasticsearch. It provides visualization capabilities on top of the content indexed on an Elasticsearch cluster. Users can create bar, line and scatter plots, or pie charts and maps on top of large volumes of data.

You can set up Kibana and start exploring your Elasticsearch indices in minutes. All you need is:

* Elasticsearch 2.3 or later
* A modern web browser – Supported Browsers.
Continue reading…

DISTRIBUTED DENIAL-OF-SERVICE (DDOS) ATTACKS

DDoS has emerged as a choice of weapon for hackers. DDoS attackers not only use it to target individual websites and servers of the network, but also subdue the network itself. The growing dependency and usage of the Internet, makes the impact of successful DDoS attacks more challenging for service providers and other enterprises, costing them thousands of money lost in revenue and productivity. DDoS attackers employ much sophisticated spoofing techniques and protocols day by day and it has become essential to develop a solution that has been designed to specifically detect and destroy DDoS attacks to help the businesses and enterprises run efficiently.

DDoS attacks overwhelmed servers, network links and network devices by disrupting Internet systems. The attackers utilize multiple hosts that may be managed or undermined by collaborators in order to attack the target. Each of these hosts part take in the attack and produce a stream of requests to overburden the proposed target. DDoS attacks can govern up to thousands of compromised hosts against a single target. These hosts are acquired from unprotected computers accessing the Internet. ‘Sleeper’ codes can be implanted on these computers and by that way the attackers can launch a DDoS attack.
Continue reading…

Zend OpCache

The Zend OpCache provides faster PHP execution through opcode caching and optimization. It improves PHP performance by storing precompiled script bytecode in the shared memory.

Installing Zend OPCache on PHP 5.3 or 5.4

1. Login to SSH on your server

2. Type the following commands:

#cd /usr/local/src

#wget http://pecl.php.net/get/ZendOpcache

# to get the latest (master) build do the following instead:

Continue reading…