24.09.2025 12:49
michaela (@michaela@mstdn.molthagen.de)

Frage an nginx-Expertys:

Ich habe mittels

location /administrator/ {
   auth_basic "Password Required";
   auth_basic_user_file /var/.htpasswd;
}

eine Paßwortabfrage für den Administrationsbereich einer Homepage eingerichtet.

Das funktioniert auch, solange ich www.example.com/administrator aufrufe, nicht aber, wenn ich www.example.com/administrator/index.php aufrufe. Dann wird die Passwortumfrage umgangen.

Ich hatte angenommen, auth_basic würde jeden unautorisierten Zugriff auf das Verzeichnis und alles, was darin ist, unterbinden, aber das ist offenbar nicht der Fall.

Wie kann ich dafür sorgen, dass auch der Direktaufruf einer Index-Datei passwortgeschützt ist?

Danke schon einmal!

Edit: Der Passwortschutz wird nur bei index.php umgangen, nicht bei index.html.

Ein vollständiges location /administrator/index.php bringt übrigens keine Änderung.

Edit 2: Lösung (wahrscheinlih) gefunden, siehe im Thread

#nginx #auth_basic #PHP

Show Original Post

copy and reply to the post

24.09.2025 11:00
decompwlj (@decompwlj@mathstodon.xyz)

A014312: Numbers with exactly 4 ones in binary expansion

3D graph, threejs - webGL ➡️ https://decompwlj.com/3Dgraph/A014312.html
3D graph Gen, threejs animation ➡️ https://decompwlj.com/3DgraphGen/A014312.html
2D graph, first 500 terms ➡️ https://decompwlj.com/2Dgraph500terms/A014312.html

#decompwlj #math #mathematics #maths #sequence #OEIS #JavaScript #php #graph #3D #threejs #webGL #triangular #numbers #primes #PrimeNumbers #palindromes #animation #FundamentalTheoremOfArithmetic #sequences #NumberTheory #classification #integer #decomposition #number #theory #equation #graphs #sieve #fundamental #theorem #arithmetic #research

Show Original Post

copy and reply to the post

24.09.2025 10:52
decompwlj (@decompwlj@mathstodon.xyz)

A014263: Numbers that contain even digits only

3D graph, threejs - webGL ➡️ https://decompwlj.com/3Dgraph/A014263.html
3D graph Gen, threejs animation ➡️ https://decompwlj.com/3DgraphGen/A014263.html
2D graph, first 500 terms ➡️ https://decompwlj.com/2Dgraph500terms/A014263.html

#decompwlj #math #mathematics #maths #sequence #OEIS #JavaScript #php #graph #3D #threejs #webGL #triangular #numbers #primes #PrimeNumbers #palindromes #animation #FundamentalTheoremOfArithmetic #sequences #NumberTheory #classification #integer #decomposition #number #theory #equation #graphs #sieve #fundamental #theorem #arithmetic #research

Show Original Post

copy and reply to the post

24.09.2025 10:01
webdevcon (@webdevcon@mastodon.social)

🎤 Daniel Leech spoke at Webdevcon!

The talk 'PHP, Value Objects and You 🫵' is now live!💪 🚀

🎥 Watch it here: https://webdevcon.nl/session/value-objects-and-you/

#wdc25 #backend #PHP #webdevcon

Show Original Post

copy and reply to the post

24.09.2025 10:01
dpc_ibuildings (@dpc_ibuildings@mastodon.social)

🎤 Daniel Leech spoke at The Dutch PHP Conference!

The talk 'PHP, Value Objects and You 🫵' is now live!💪 🚀

🎥 Watch it here: https://phpconference.nl/session/value-objects-and-you/

#dpc25 #backend #PHP #phpconference

Show Original Post

copy and reply to the post

24.09.2025 09:00
remi (@remi@phpc.social)

#PHP 8.5 is branched!

$ php -v
PHP 8.6.0-dev (cli) (built: Sep 24 2025 08:54:54) (NTS GCC x86_64 DEBUG)
Copyright (c) The PHP Group
Built by Remi for test
Zend Engine v4.6.0-dev, Copyright (c) Zend Technologies
with Zend OPcache v8.6.0-dev, Copyright (c), by Zend Technologies

Show Original Post

copy and reply to the post

24.09.2025 07:18
GripNews (@GripNews@mastodon.social)

🌘 MD5 碰撞：webshell 與普通檔案的雙重身分
➤ 當惡意程式碼披上合法外衣
✤ https://github.com/phith0n/collision-webshell
本儲存庫展示了一個獨特的資安技術，其中一個 PHP webshell 檔案與一個看似無害的普通 PHP 檔案，在 MD5 雜湊值上完全相同。這意味著，儘管兩者的內容截然不同，但它們經過 MD5 演算法計算後會產生相同的雜湊值。這種現象稱為 MD5 碰撞，為資安研究和應用帶來了新的視角，尤其是在檔案驗證和惡意軟體識別方面。
+ 太驚人了！原本以為 MD5 已經過時，沒想到還能玩出這種花樣。這對於防毒軟體和入侵偵測系統來說是個大挑戰。
+ 這個概念很有趣，但實際應用是什麼？是否可以在偵測系統中繞過檢查？
#資訊安全 #雜湊碰撞 #webshell #PHP

Show Original Post

copy and reply to the post

24.09.2025 05:43
decompwlj (@decompwlj@mathstodon.xyz)

A014261: Numbers that contain odd digits only

3D graph, threejs - webGL ➡️ https://decompwlj.com/3Dgraph/A014261.html
3D graph Gen, threejs animation ➡️ https://decompwlj.com/3DgraphGen/A014261.html
2D graph, first 500 terms ➡️ https://decompwlj.com/2Dgraph500terms/A014261.html

#decompwlj #math #mathematics #maths #sequence #OEIS #JavaScript #php #graph #3D #threejs #webGL #triangular #numbers #primes #PrimeNumbers #palindromes #animation #FundamentalTheoremOfArithmetic #sequences #NumberTheory #classification #integer #decomposition #number #theory #equation #graphs #sieve #fundamental #theorem #arithmetic #research

Show Original Post

copy and reply to the post

24.09.2025 05:36
decompwlj (@decompwlj@mathstodon.xyz)

A014192: Palindromes in base 4 (written in base 10)

3D graph, threejs - webGL ➡️ https://decompwlj.com/3Dgraph/A014192.html
3D graph Gen, threejs animation ➡️ https://decompwlj.com/3DgraphGen/A014192.html
2D graph, first 500 terms ➡️ https://decompwlj.com/2Dgraph500terms/A014192.html

#decompwlj #math #mathematics #maths #sequence #OEIS #JavaScript #php #graph #3D #threejs #webGL #triangular #numbers #primes #PrimeNumbers #palindromes #animation #FundamentalTheoremOfArithmetic #sequences #NumberTheory #classification #integer #decomposition #number #theory #equation #graphs #sieve #fundamental #theorem #arithmetic #research

Show Original Post

copy and reply to the post

24.09.2025 00:36
mobileatom (@mobileatom@flipboard.com)

Introducing the PHP Language Extensions Library. #PHP

https://www.daveliddament.co.uk/articles/introducing-php-language-extensions-library/?utm_source=flipboard&utm_medium=activitypub

Posted into SYMFONY FOR THE DEVIL @symfony-for-the-devil-mobileatom

Show Original Post

copy and reply to the post

24.09.2025 00:02
techbot (@techbot@social.raytec.co)

Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign

A Chinese-speaking threat actor conducted a large-scale SEO poisoning campaign dubbed 'Operation Rewrite' using BadIIS malware to manipulate search results. The attackers compromised legitimate websites and used malicious IIS modules to intercept web traffic and serve altered content. The campaign targeted East and Southeast Asia, particularly Vietnam. Multiple variants of BadIIS were discovered, including ASP.NET handlers and PHP scripts. The threat actor is linked to previously known groups like Group 9 and possibly DragonRank. Their toolkit allowed them to inject malicious content, redirect users, and exploit compromised servers for various malicious purposes.

Pulse ID: 68d2615ca893a861b85e0392
Pulse Link: https://otx.alienvault.com/pulse/68d2615ca893a861b85e0392
Pulse Author: AlienVault
Created: 2025-09-23 08:59:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #Chinese #CyberSecurity #InfoSec #Malware #NET #OTX #OpenThreatExchange #PHP #RAT #RCE #SEOPoisoning #Vietnam #bot #AlienVault

Show Original Post

copy and reply to the post

23.09.2025 23:28
asgrim (@asgrim@phpc.social)

Something very exciting I've been working on in PIE 🥧 and got a proof of concept working tonight. Looking forward to being able to reveal more soon 🤐 #phppie #thePHPF #php #phpc

Show Original Post

copy and reply to the post