CyberKeeda In Social Media
Showing posts with label Web Server. Show all posts
Showing posts with label Web Server. Show all posts

How to fix : OpenSSL Sweet 32 Birthday attack Vulnerability






Sweet32 Birthday attack, which affects the triple-DES cipher. OpenSSL has rated the triple-DES vulnerability as low, they stated “triple-DES should now be considered as ‘bad’ as RC4.”

The Sweet32 Birthday attack does not affect SSL Certificates; certificates do not need to be renewed, reissued, or reinstalled.


Fix :

Verify the CIPHER status from below commands.

One can use openssl ciphers  command to see a list of available ciphers for OpenSSL




openssl ciphers

To check the status of DES and 3DES cipher below commands will help.

 openssl s_client -connect yourserverIP:443 -cipher 'DES:3DES' -ssl2
 openssl s_client -connect yourserverIP:443 -cipher 'DES:3DES' -ssl3 
 openssl s_client -connect yourserverIP:443 -cipher 'DES:3DES' -tls1 
 openssl s_client -connect yourserverIP:443 -cipher 'DES:3DES' -tls1_1 
 openssl s_client -connect yourserverIP:443 -cipher 'DES:3DES' -tls1_2



Find your Open SSL  config file ( openssl.conf )   and locate     SSLCipherSuite

You might find a lot of ciphers written parallel along with SSLCipherSuite.

Just Add  ! before DES and 3DES to disable CIPHER successive with :

 ! -- It states don't use
 : -- It states a begining of CIPHER
It should look like below

SSLCipherSuite !3DES:!DES 

Save and close ssl config file and restart apache to reflect changes.

On Ubuntu/Debian

systemctl restart apache2

On RHEL/CentOS

systemctl restart httpd
Read more ...

How to enable PHP LDAP module / extension in XAMP



Before proceeding,do check whether LDAP module is enabled by default or not, you can verify the same using phpinfo.php page.

To check create the a php file within htdocs folder as phpinfo.php

create a notepad file and rename it as phpinfo.php

paste the below mentioned code into it and save it into  htdocs folder

<?php
        phpinfo();
?>


Open the browser and hit, https://localhost/phpinfo.php

If you find the below mentioned screenshot, Well !!! you don't need to do anything PHP_LDAP module is already enabled within your XAMP server.



Now, if you can't find anything like that just follow the steps.


  • Change directory to C :  -- xampp -- php

  • Find and Copy the listed files 
  1.      libeay32.dll
  2.      libsasl.dll
  3.      ssleay32.dll
  • Copy into C:\Windows\System32

  • Now again toggle / change directory into C :  -->  xampp -->  php
  • Find and open file named   php.ini 
  • Again find and UnComment the below mentioned line to enable it.
       ;extension=php_ldap.dll


and make it look like the below screenshot by removing the  ;
to look it as extension=php_ldap.dll


Now restart Apache from XAMP control pannel



Read more ...

Protect website from brute force attacks using apache modules ( mod_security )



Below mentioned apache module is quiet famous in terms of security

mod_security


  • It works as a firewall and it is used to monitor real traffic
  • It protects websites from brute force attack
Install on Redhat/CentOS
       # yum install mod_secuirty
       # service httpd restart

Find and un comment the line within your http.conf file to make it as

LoadModule security2_module modules/mod_security2.so

          


    Read more ...
    Designed By Jackuna