Today I found something that annoying me when I tried to test the security hole by displaying the theme directory for one of my website that using Atahualpa theme version 3.5.1. Some error messages appeared when I tried to access such address: h++p://www.mydomain.com/wp-content/themes/atahualpa351/ . This error message caused by the using of unknown TEMPLATEPATH constant if this file accessed directly without from the index of the website itself. So, here is the modification I created to display “Access denied” message instead of error message that displaying the path of the theme directory in my web server. Read more…
Actually, this modification I created was being intended for a friend of mine who implemented HESK for his department. I was interested with its interface, so I tried to create a new ticket and tested after submitting the ticket, I reload the “thank-you” page. In fact, a new ticket then would be created, the same condition that occured in osTicket, which I have created the modification regarding it to fix the same problem. Read more…
Actually, this modification is similar with another one that I made here: How to Avoid Duplicate Ticket Content in osTicket System. After client post message (reply) to his/her ticket that has been created before, then client reload/refresh that next page, the duplicate message will be saved in database. This modification will avoid that duplicate message saved in database of your osTicket System. Read more…
In WordPress, almost plugins that I have used, do not include the index.html or index.php file inside its directory. As default, up to WordPress version 2.8.4, there is no protection to prevent or to avoid directory listing the first time you access your website after you install your WordPress. Thus, you or even your visitor can type such as http://www.yourdomain.com/wp-content/plugins/akismet/ then, voila… you or they can see the directory list which has the files inside that /akismet/ sub directory. You should take care about this early. Otherwise, if your visitor know about the weakness of your plugins that you currently use, they can exploit the bugs and hack your website easily. To avoid this happened, there are three methods that you can do how to avoid the directory list in your WordPress. Read more…
Recent Comments