Showing posts with label internet. Show all posts
Showing posts with label internet. Show all posts

Sunday, February 11, 2018

How To Disable Directory Listing in Apache on Ubuntu 14.04

I found this very good tutorial on a Chinese blog, so it has been translated and reproduced here:

What you see in the picture below Directory Listing in Apache server settings. And this is turned on by default.

To check if you have this problem, try to visit a directory in your apache server location with a browser, such as localhost/someFolder and you will see the contents of this folder. Webmasters and website owners generally don't want this activated because they don't want strangers to browse the contents of their website.

If you see something similar to the above photo, you got this problem as well.

While it might not be a huge security problem to your site, it certainly makes you not comfortable, and it is also not a very pleasant experience for users to crash into your directory like this.

However, it is actually very easy to turn it off in Ubuntu, here is how.

1. Navigate to /etc/apache2

2. From there, you will find a file named :


3.  Open apache2.conf with your favourite text editor. If you don't know how to edit a text file on a server, find some help on Google.

4. Find this line: ( there are actually two lines of these, one's under <Directory /var/www/>, and another one is under <Directory /srv/>, for now, we will work on the former one since that's where our website is in.)

    Options Indexes FollowSymLinks

5. Remove 'Indexes' from this line, so that it will look like this

    Options FollowSymLinks

6. Save the file, open a terminal then restart apache.

    sudo service apache2 restart

And we are done, try to visit a directory under your web var/www in a browser, and you will get a 403 forbidden error.

Sunday, July 16, 2017

Challenge: No Internet & Cell Phone For 7 days

I've known this blogger since I was very young. Inspired by Leo Babauta's post "A Month With Limited Internet, & Now No Cell Phone", I have decided to go offline for 7 days. It believe it is an important challenge. Similarly to Leo Babauta, I:
  • Make my living on the Internet.
  • Watch movies on the Internet.
  • I receive my mail on the Internet.
  • I manage my academic duties on the Internet.
  • Study on the Internet.
  • Listen to music on the Internet.
  • Practice programming on the Internet. 
  • Socialize on the Internet.
  • I pay my bills on the Internet.
  • I make my purchases on the Internet. 
  • Backup my data on the Internet.
  • And so on...
I don't consider myself as a person struggling with internet addiction, but as a person who spends a lot of time online and sees the Internet as something that has of extreme value and importance in my life.

So, from Monday, 17th July till Sunday, 23rd July, I will not be connected to the Internet and my phone will be turned off. They will be out of reach and if possible out of the house to avoid the temptation. I will be writing down what happens every day, and in addition to not being connected to the internet, the challenge includes:
  • No SMS or chatting of any kind.
  • No movies or series of any kind.
  • No listening to music of any kind.
  • No use of laptop of any kind.
  • No use of cell-phone of any kind.
  • No use of television of any kind.
As mentioned above, the challenge will go for 7 days and in addition to that, it is a "cold turkey" challenge. Cheating is not allowed nor tolerated and would mean the challenge has failed.

Thursday, March 17, 2016

It is 2016 and Payoneer still does not offer two-step authentication

In summary, this blog post is about Payoneer not offering two-step authentication for its members despite numerous requests.

As of March 17, 2016, Payoneer, a world-renowned company with more than 3 million customers, does not offer a two-step authentication protection for its members.

Founded in 2005, Payoneer provides financial services and online money transfer services worldwide. It is available in more than 200 countries and supports more than 150 currencies. 

Payoneer's concept is simple: you get an international credit card from Payoneer that allows you to get paid from any valuable american company. You will be able to use the credit card literally on any ATM machine anywhere in the world and withdraw the funds. You don't have to deal with banks, their headaches and contracts.

Payoneer had extreme success in the past and recently posted those stats on their website:

After massive success and being 10 years in business, the security department at Payoneer still doesn't get it: two-step authentication matters; all large and small tech giants include it such as: Apple, Amazon, Google, Amazon, Microsoft, etc...

Apparently, Payoneer is not aware that it is a company that handles financial accounts, not a social media accounts. Would thieves and hackers be interested to hack or hijack a simple social media account or a financial account that lets you gain access to a decent amount of cash? said

Here goes my first criticism for Payoneer, besides no 2 factor authentication being available, I find it unbelievable that a company processing payments will not allow me to use special characters in my password, only letters and numbers are allowed, this will greatly help malicious hackers trying to break into my account using a brute force attack.

What Payoneer doesn't understand is that is not difficult to get to know someone's password, whether be it: installing some spyware on the victim's machine, standing behind the victim while s/he types  the password, or any type security vulnerability in the service's website and database. In addition to that, Payoneer does not force members to add characters in their passwords.

The community has been asking for this feature since forever, for example:

4. November, 2015: Security at Payoneer

I have personally contacted Payoneer's customer support team and this is the response I have received from them:

Thank you for contacting us. We understand your concern. Unfortunately the service is not available at present. We are working hard to make this available in future.

From this blog, I send a wake-up call to the security department of Payonner- it is time to fall out of the coma and straighten-up the security department.