The framset element replaces the body element in pages as a means to include a different document model for web pages: they're bad for usability and accessibility, and what they intended to accomplish have been completely replaced by CSS and ubiquitous server-side development. The iframe element, on the other hand, does not replace the body of a...
How To Remain Logged In - The Infamous "Remember Me" Checkbox Persistent Login Cookies ("remember me" functionality) are a danger zone; on the one hand, they are entirely as safe as conventional logins when users understand how to handle them; and on the other hand, they are an enormous security risk in the hands of most...
Written by GentleGiant on 01/29/12 at 14:03:44 EST
1.Disk to disk backup using dd command: dd is a powerful UNIX utility, which is used by the Linux kernel makefiles to make boot images. It can also be used to copy data. This article explains how to backup entire hard disk and create an image of a hard disk using dd command. 2.15 rsync command examples: Every sysadmin should master the usage of...
If you were to move your mouse over the links on bidderssite.com, you would notice that they are highlighted with a different color. This article explains how you can achieve such mouse-over or hover effects with links on your site. Cascading Style Sheets (CSS) Code to Highlight Links on MouseOver. The default style in most browsers for a link...
Cascading Style Sheets, or CSS, can be used to create a wide variety of visual effects. For example, it is possible to create a button that looks three dimensional (3D) but is actually pure text. The 3D protruding effect is produced using CSS. This article describes two ways in which you can produce a 3D text button using CSS, without using any...
Image rollovers (sometimes also called Image MouseOvers or mouse-overs are a fairly common sight in websites today. You've probably seen them around too: when you move your mouse cursor over a button on a particular site, the button appears to be depressed. Move your mouse cursor away, and the button pops out again. Image rollovers are...
For sites where users are allowed to use HTML, the goal is not to escape the input, but to restrict what HTML features can be used. The level of restriction depends on the site. A site like MySpace may decide to let users customize the appearance of their pages as much as they want. In contrast, a forum will probably limit users to P, BLOCKQUOTE,...
Written by GentleGiant on 01/24/12 at 14:54:12 EST
For sites where users are allowed to use HTML, the goal is not to escape the input, but to restrict what HTML features can be used. The level of restriction depends on the site. A site like MySpace may decide to let users customize the appearance of their pages as much as they want. In contrast, a forum will probably limit users to P, BLOCKQUOTE,...
Written by GentleGiant on 01/24/12 at 14:54:09 EST
A Cross-site request forgery hole is when a malicious site can cause a visitor's browser to make a request to your server that causes a change on the server. The server thinks that because the request comes with the user's cookies, the user wanted to submit that form. Depending on which forms on your site are vulnerable, an attacker might be able...
Written by GentleGiant on 01/24/12 at 14:54:04 EST
Make sure form submissions that cause server-side changes use your own forms. There are two ways you can do this: Check the referrer header. If it is not present, or if it does not show the correct URL as the referrer, reject the submission. This has the advantage of being simple and sane, but the disadvantage that users who have...
Written by GentleGiant on 01/24/12 at 14:53:58 EST
Some security holes in web sites don't involve web browsers at all and are therefore out of scope for this page. Examples include directory traversal, buffer overflows, SQL injection, and forgetting to apply form access controls to both the page with the form and the code that handles the form. The Web Application Security Consortium's Threat...
Written by GentleGiant on 01/24/12 at 14:53:48 EST
Websites today are more complex than ever, containing a lot of dynamic content making the experience for the user more enjoyable. Dynamic content is achieved through the use of web applications which can deliver different output to a user depending on their settings and needs. Dynamic websites suffer from a threat that static websites don't,...
Written by GentleGiant on 01/22/12 at 22:25:51 EST
Most existing browsers are capable of interpreting and executing scripts -- created in such scripting languages as JavaScript, JScript, VBScript -- that are embedded in the Web-page downloads from the Web server. When an attacker introduces a malicious script to a dynamic form submitted by the user, a cross-site scripting (XSS) attack then occurs....
Written by GentleGiant on 01/22/12 at 22:25:35 EST
Cookie theft occurs when the the cookie issued by the application is hijacked for malicious purposes by an attacker. By suitably inserting script code into the URL that invokes the portion of the site that uses cookies and is vulnerable, the attacker captures the cookies and can cause damage to content as well as mimic business functions and...
Written by GentleGiant on 01/22/12 at 22:25:28 EST
You can never be sure that a script is safe. The best you can do is to examine it carefully and understand what it's doing and how it's doing it. If you don't understand the language the script's written in, show it to someone who does. Things to think about when you examine a script: -How complex is it? The longer it is, the more likely...
Written by GentleGiant on 01/22/12 at 14:18:16 EST
Not right. Although you can restrict access to a script to certain IP addresses or to user name/password combinations, you can't control how the script is invoked. A script can be invoked from any form, anywhere in the world. Or its form interface can be bypassed entirely and the script invoked by directly requesting its URL. Don't assume that a...
Written by GentleGiant on 01/22/12 at 13:18:04 EST
Perl is a powerful, adaptable and dynamic programming language which is compiled each time before running. It was first developed by Larry Wall in late 1980s. Today we will discuss briefly the system variables used in Perl. The following are system variables used in Perl: 1. $$ This variable returns the process ID of the process that is running...
What is a Landing Page? When running a marketing campaign, the ultimate goal is to convert prospects into customers. Driving prospects to an online landing page is often an interim step towards this end goal. Landing pages are specific pages designed to make a prospective customer take action. Marketers could send all prospective customers...
Written by GentleGiant on 01/20/12 at 12:16:01 EST
Local SEO for Small Businesses What You Need and How to Get It There hasn't ever been a more overused and often less understood term than Search Engine Optimization, or SEO. Millions (I am not kidding) of freelancers are in front of their PCs across the globe with the shingle out that says "SEO Specialist." And you know what? Some of...
Written by GentleGiant on 12/29/11 at 20:06:34 EST
Google has implemented a cutting edge method of crawling web sites for its search engine index. This unprecedented method of indexing web pages is known as Google Sitemaps, and it is quickly growing in popularity among webmasters and SEO agents and managers due to its ability to get an entire web site indexed quickly and to pick up errors in the...
Written by GentleGiant on 12/27/11 at 15:39:18 EST
Despite the official line from PHP which says you need to recompile PHP –with-mcrypt. No body needs to go through all that. I’ll show you a quick and easy way to install both mcrypt for the webserver and mcrypt for php in two easy steps. Note that this easy fix is being done on my Fedora Core 12 linux box. But should be the same for other...
1.The first thing we need to do is check a couple of PHP settings. The easiest way to do this is with a phpinfo file. If you don't know how to create a phpinfo file, you can find instructions here. 2.Now that you have a php info file, upload it to your website's public_html directory and view it in your browser by typing ...
This will install WebMin if you are going to use a different control panel or already have one dont install webmin: First nano the program dir nano /etc/yum.repos.d/webmin.repo Then copy and past all the following: [Webmin] name=Webmin Distribution Neutral baseurl=http://download.webmin.com/download/yum...
Normally ruby will install flvtool2 automatically like this: gem install flvtool2 When the auto installer didnt install flvtool2 for me I had to manually do it. This is how you do it... yum install ruby -y cd /usr/local/src wget http://www.repo.bstack.net/flvtool/flvtool2-1.0.6.tgz tar zxvf flvtool2-1.0.6.tgz cd...
Ok, lets get going on our install of FFMpeg a common module needed with video streaming on the web. Your probabbly here because you want to install a video clip type site and found you needed this module. OK here we go, first log into your server as root. Then cd wget http://www.repo.bstack.net/clipbucket/ffmpegauto.zip unzip ffmpegauto.zip...