Index

A

• ;allow_url_fopen variable / Making .ini a meany
• aboutus.org / How to look for it
• abuse department
  • searching / Finding the abuse department
• access
  • denying, to wp-config.php / Denying access to wp-config.php
• access controls
  • creating, firewall used / Fired up on firewalls
• account names
  • about / Private account names and nicknames
• acoustic keyloggers
  • about / Data loggers
• AdBlock Plus
  • about / AdBlock Plus *
• Ad Hacker
  • about / Ad and cookie cullers, Ad Hacker
• admin account
  • about / Neutering the admin account
  • issues / The problem with admin
  • deleting / Deleting admin
• administrative accounts / Administrative accounts
• ADrive
  • URL / Alternative document storage
• Adsense farms
  • about / Scraping and swearing
• advanced data management
  • about / Advanced data management and authentication
• AES
  • versus TKIP / AES vs. TKIP
  • about / AES vs. TKIP
• Akismet
  • about / Host type analysis
  / Spam
• alexa.com / How to look for it
• allintitle operator / Keyword scanning
• allinurl operator / Keyword scanning
• allow-by-default permission model / The deny-by-default permission model
• AllowUsers USERNAME / AllowUsers USERNAME
• allow_url_include variable / Making .ini a meany
• Angry IP Scanner
  • URL / Secondary scanners
• Anonymizer
  • URL / SSL proxies and Virtual Private Networks (VPNs)
• anonymous browsing
  • about / Anonymous browsing
  • locally private browsing / Locally private browsing
  • online private browsing / Online private browsing
• anonymous proxy server
  • about / Anonymous proxy server
• anti-malbot solution
  • setting up / Snaring the bots
• anti-malware
  • about / Proactive about anti-malware
  • reactionary old guard, detecting / The reactionary old guard: detection
  • antivirus scanners / Regular antivirus scanners
  • signature-based scanning / Signature-based
  • Heuristics-based scanning / Heuristics-based
  • proactive new guard, prevention / The proactive new guard: prevention
  • HIPS & behavior, scanning / HIPS and behavior scanning
  • HIPS vs behavior scanners / HIPS vs behavior scanners
  • Sandbox isolation / Sandbox isolation
  • solution / The almost perfect anti-malware solution
  • Comodo Internet Security (CIS) / Comodo Internet Security (CIS)
  • Comodo Firewall / Comodo Firewall
  • Comodo Antivirus / Comodo AntivirusComodo Antivirusabout
  • signature, scanning by / Scanning by signature
  • heuristics, scanning by / Scanning by heuristics
  • Comodo Defence+ (HIPS) and sandbox / Comodo Defense+ (HIPS) and sandbox
  • Pick 'n mix anti-malware modules / Pick 'n mix anti-malware modules
  • ZoneAlarm, firewall with / Firewall with ZoneAlarm
  • Avira AntiVir, antivirus with / Antivirus with Avira AntiVir
  • HIPS + sandbox + firewall with DefenseWall / HIPS + sandbox + firewall with DefenseWall
  • ThreatFire, behavior scanning with / Behavior scanning with ThreatFire
  • ThreatFire, updating / Updating ThreatFire
  • Sensitivity Level / Sensitivity Level
  • system activity monitor / System Activity Monitor
  • Sandboxie, multiple Sandboxes with / Multiple sandboxes with Sandboxie
  • advanced sandboxing, with virtual machines / Advanced sandboxing (and more) with virtual machines
  • Rootkit detection, with RootRepeal / Rootkit detection with GMER and RootRepeal
  • Rootkit detection, with GMR / Rootkit detection with GMER and RootRepeal
  • Malwarebytes, malware clearing with / Malware cleaning with Malwarebytes
  • product, summary / Anti-malware product summary
  • prevention models and user commitment / Prevention models and user commitment
• anti-malware suite
  • setting up / Setting up an antimalware suite
  • WordPress Firewall / Firewall
  • AntiVirus plugin / AntiVirus, Anti-malware
  • about / Anti-malware
  • AskApache Password Protect / Anti-malware
  • BulletProof Security / Anti-malware
  • Exploit Scanner / Anti-malware
  • Secure WordPress / Anti-malware
  • Ultimate Security Checker / Anti-malware
  • WordPress File Monitor / Anti-malware
  • WordPress Firewall 2 / Anti-malware
  • WP Security Scan / Anti-malware
• anti-scripting attacks
  • about / Anti-scripting attacks
• anti-spam solutions, WordPress
  • about / Spam
  • Akismet / Spam
  • Antispam Bee / Spam
  • Bad Behavior / Spam
  • Block Bad Queries (BBQ) / Spam
  • Defensio Anti-Spam / Spam
  • Fast Secure Contact Form / Spam
  • Math Comment Spam Protection / Spam
  • SI CAPTCHA Anti-Spam / Spam
• Antispam Bee / Spam
• AntiVirus plugin
  • about / AntiVirus, Anti-malware
  • URL / AntiVirus
• Apache HTTP Server Version 2.2 Documentation / Apache HTTP Server Version 2.2 Documentation
• Apache modules
  • about / Apache modules
  • mod_access / IP deny with mod_access
  • password protect directories / Password protect directories
  • mod_auth / Authentication with mod_auth
  • mod_auth_digest / Better passwords with mod_auth_digest
• Apple Mac
  • URL / Breaking Windows: considering alternatives
• Apple Product Security
  • about / Apple Product Security
  • URL / Apple Product Security
• application versions / The scanning phase
• aptitude package manag
  • about / Installing Webmin
• aptitude show command / Researching services
• archive.org / How to look for it
• AskApache
  • about / Bots to trot
• AskApache Password Protect
  • about / Anti-malware
• asset
  • about / Calculated risk
• attachments
  • encrypting, with compression utilities / Encrypting attachments with compression utilities
• AuthDigestGroupFile directive / Easily digestible groups
• authentication
  • issues / Access and authentication issues
  • cracking, with password attacks / Cracking authentication with password attacks
  • about / Advanced data management and authentication
• authentication keys
  • about / Securing the terminal
  / PasswordAuthentication yes
• Authenticator / Login
• authorization log
  • verifying / Checking the authorization log
• automated form filling
  • about / Advanced data management and authentication
• automated incremental backup / Automated incremental backup
• automated prefix change / Automated prefix change
• automatic network detection
  • disabling / Dprinter sharingaboutisabling automatic network detection
• Automatic WordPress Backup
  • about / Automatic WordPress Backup
• Automattic / .com blogs vs .org sites
• autossh / Remote db connections with an SSH tunnel
• Avira AntiVir
  • antivirus with / Antivirus with Avira AntiVir

B

• Backbox
  • URL / Hack packs
• backdoors
  • about / Scrutinising SUID and SGID files (aka SxID files)
  / Slamming backdoors and rootkits
• BackTrack
  • about / Hack packs
  • URL / Hack packs
• backup
  • prioritizing / Prioritizing backup
  • about / Diagnosis vs. downtime
• backup solutions
  • about / Backup
  • BackWPup / Backup
  • Updraft / Backup
  • WP-DB-Backup / Backup
• BackWPup
  • about / BackWPup
  / Backup
• Bad Behavior
  • about / Bad Behavior, Spam
  • URL / Bad Behavior
• bashrc
  • about / Understanding the terminal
• batch files
  • creating / Creating the batch files
  • testing / Testing your batch files
• Beef Taco
  • about / Beef Taco *
• behavior scanners
  • and host intrusion prevention system (HIPS) / HIPS and behavior scanning
  • vs host intrusion prevention system (HIPS) / HIPS vs behavior scanners
• BetterPrivacy
  • about / BetterPrivacy *
• blackbookonline.info / How to look for it
• black hat
  • about / Meet the hackers, Black hat, Misfits, Introducing the hacker's methodology
  • botnet / Botnets
  • cybercriminals / Cybercriminals
  • hacktivists / Hacktivists
  • scrapers / Scrapers
  • script kiddies / Script kiddies
  • spammers / Spammers
  • misfits / Misfits
• Block Bad Queries (BBQ) / Spam
• blog client references / Blog client references
• bomb marketing
  • about / Spammers
• Bot-trap
  • URL / Perishable Press Blackhole for bad bots
• botnet
  • about / Botnets
• bots / WordPress security by ultimate obscurity
  • about / Bot what?
  • trapping / Snaring the bots
• browsers
  • about / Browsers and security
  • and security / Browsers and security
• browsing
  • securing / Secure your browsing
• brute force attacks
  • about / Cracking authentication with password attacks
• BSD system / Weighing up Windows, Linux, and Mac OS X
• buffer overflow attacks / Buffer overflow attacks
• BulletProof Security / Anti-malware

C

• .com Support
  • about / .com support
• CAcert
  • URL / Obtaining signed certificates
  • about / Obtaining signed certificates
• catch-all e-mail account
  • about / Your e-mail addresses
• CC0
  • URL / Sack lawyers, employ creative commons
• cease and desist letter / The legal approach
• certificate
  • about / Protocol soup
• Certificate Authority
  • about / Dedicated, domain-specific certificates
• Certificate Patrol
  • about / Certificate Patrol *
• Certificate Signing Request
  • about / Using a signed certificate
• CGISecurity
  • about / CGISecurity
  • URL / CGISecurity
• chain-mail
  • about / Hoax virus
• chained proxies
  • about / Chained proxies
• change mode
  • permissions, modifying with / Using change mode to modify permissions
• Chap Secure Login / Login
• chkrootkit
  • URL / Slamming backdoors and rootkits
• Chrome
  • URL / Chrome
• Chrome's USPs
  • about / Chrome's USPs (for good and very bad)
• chroot-sftp directory / chrooted SFTP access with OpenSSH
• chrooted / Host type analysis
• chroot jails / chrooted SFTP access with OpenSSH
• CIDR notation / Do you want to add more IPs to the white list?
• CLF
  • reading / Reading the Common Log Format (CLF)
• CLI
  • about / Hushing it up with SSH, Linux or Mac locally
• client
  • connecting up / Connecting up a client
• clipboard loggers
  • about / Data loggers
• cloud-based storage
  • about / Alternative document storage
• CloudFlare
  • about / CloudFlare
  • URL / CloudFlare
• clouds
  • about / Backing up db and/or files to cloud storage
• Cobian
  • about / Backing up files for local Windows users
  • limitations / Backing up files for local Windows users
  • installing, as service / Installing Cobian as a service
• Cobian Backup task
  • setting up / Setting up your first Cobian Backup task
• code injection
  • about / The many dangers of cross-site scripting (XSS)
• code injection attacks
  • about / Privilege escalation and jailbreak opportunities
• Codex
  • URL / Codex
• CodySafe
  • URL / Portable applications
• Combofix
  • URL / Malware cleaning with Malwarebytes
• command line interfaces
  • about / Control panels and terminals
• comment spam
  • blocking / Blocking comment spam
• Comodo Antivirus
  • about / Comodo AntivirusComodo Antivirusabout
  / Comodo AntivirusComodo Antivirusabout
• Comodo Defence+ (HIPS) and sandbox / Comodo Defense+ (HIPS) and sandbox
• Comodo Firewall
  • about / Comodo Firewall
  / Comodo Firewall
• Comodo Internet Security (CIS)
  • about / Comodo Internet Security (CIS)
  • Comodo Firewall / Comodo Firewall
  • Comodo Antivirus / Comodo AntivirusComodo Antivirusabout
  • signature, scanning by / Scanning by signature
  • heuristics, scanning by / Scanning by heuristics
• compression utilities
  • attachments, encrypting with / Encrypting attachments with compression utilities
• ConfigServer / Fired up on firewalls
• configuration, kernel / Configuring the kernel
• configuration, OSSEC HIDS / Configuring the OSSEC HIDS
• connection options
  • sizing up / Sizing up connection options
• console
  • about / Hushing it up with SSH
• consoles
  • about / Control panels and terminals
• content
  • about / An overview of our risk
  • scraping / Scraping and swearing
  • sharing / Sharing and collaboration
  • collaborating / Sharing and collaboration
  • protecting / Protecting content
• content, protecting
  • pre-emptive defense / Pre-emptive defense, Linking lead content, Coining a copyright notice, Showing only summaries, Refusing right-clicks
  • reactive response / Reactive response, Trackbacks, Searching with Google, Using Google Alerts
• content recycling scenarios / Fair play to fair use, Illegality vs. benefit, A nice problem to have (or better still to manage)
• Content Security Policy / Content
• content tracking device / Adding a digi-print footer
• control panel / Locking it down
• control panel login
  • versus server login / Server login
  • about / Control panel login
• control panel module / CSF as a control panel module
• control panels
  • about / Control panels and terminals
• cookie stealing
  • about / The many dangers of cross-site scripting (XSS)
• copyright and content injection tools
  • about / Content
  • ©Feed / Content
  • Content Security Policy / Content
  • Copyright Proof / Content
  • Creative Commons Configurator / Content
• copyright box
  • about / Coining a copyright notice
• copyright notice / Coining a copyright notice
• Copyright Proof / Content
• copyright violation notices
  • about / Scraping and media hotlinking
• Copyscape
  • about / Copyscape
  • URL / Copyscape
• cordial approach / The cordial approach
• Core Rule Set (CRS) / Applying a ruleset
• Cotse
  • URL / SSL proxies and Virtual Private Networks (VPNs)
• counter-notice
  • about / The DMCA approach
• cover tracks phase / Cover tracks
• cPanel
  • about / Access and authentication issues, Managing unmanaged with Webmin, Tracking suspect activity with logs
  • Password Protect Directories / cPanel's Password Protect Directories
• crackers
  • about / Hackers and crackers
• Creative Commons
  • about / Sack lawyers, employ creative commons
  • URL / Site and feed licensing
• Creative Commons Configurator / Content
• crimeware
  • about / Crimeware
• cron / Backing up a database to local machines
• Cron
  • about / Understanding the terminal
• cronjobs / Backing up a database to local machines
• crontabs / Backing up a database to local machines, Cron the script
• CRS
  • enabling / Enabling CRS and logging
• CSF
  • about / Enhancing usability with CSF
  • installing / Installing CSF
  • control panel module / CSF as a control panel module
  • commands / CSF from the command line
  • system vulnerabilities, scanning / Using CSF to scan for system vulnerabilities
• CSRF
  • about / Assorted threats with cross-site request forgery (CSRF)
• CUPS / Researching services, Service watch
• cybercrime
  • about / Crimeware
• cybercriminals
  • about / Cybercriminals
• Cyberduck
  • about / SFTP using S/FTP clients

D

• (D)DOS protection
  • providing, mod_evasive used / (D)DoS protection with mod_evasive
• daemons
  • about / Overall risk to the site and server, The scanning phase, Service or disservice?
• Damn Small Linux
  • URL / Booting a Preinstalled Environment (PE)
• dangerous permissions
  • sniffing out / Suspect hidden files and directories
• Darknet
  • about / Darknet
  • URL / Darknet
• Dark Reading
  • about / Dark Reading
  • URL / Dark Reading
• Dashboard
  • about / Cracking authentication with password attacks, Lazy site and server administration, WordPress administration with SSL
• data
  • intercepting, with MITM / Intercepting data with man-in-the-middle attacks
  • dumping, from database / Dumping the data from a database
• data-logging malware
  • about / Using public computers – it can be done
• data-mining / Botnets
• database
  • backing up, to local machines / Backing up a database to local machines
  • data, dumping from / Dumping the data from a database
• database manager / Locking it down
• data encryption
  • about / Protocol soup
• data loggers
  • about / Data loggers
• data packets
  • about / Sniffing out problems with wireless, Look (out), no wires
• data security and backup solutions
  • separate data drives / Have separate data drives
  • hard drives, encrypting / Encrypting hard drives
  • incremental backup, automated / Automated incremental backup
  • registry backup / Registry backup
• db + files, backing up
  • on web server / Backing up db + files on the web server
  • by web host / Backing up db + files by your web host
  • to web mail / Backing up db to (web)mail
• DD-WRT
  • about / Swapping firmware
• decryption
  • about / E-mail encryption and digital signatures with PGP
• dedicated certificate
  • about / Dedicated, domain-specific certificates
• dedicated IP
  • about / Dedicated IP
• dedicated private server
  • about / Better webmail solutions
• dedicated server
  • about / Ethical hacking vs. doing time, Host type analysis, Choices choices ...
• deep diagnosis
  • preparing for / Diagnosis vs. downtime
• deface sites / Script kiddies
• default-deny guidelines / Protecting against social engineering
• default-deny strategy / The proactive new guard: prevention
• default jQuery files / Default jQuery files
• Defensio Anti-Spam / Spam
• Denial of Service (DoS) attacks / Botnets
  • services, attacking with / Open ports with vulnerable services
• deny-by-default permission model / The deny-by-default permission model
• deny-by-default strategy / Breaking Windows: considering alternatives
• deny rule
  • adding / Adding a deny rule
• diagnosis
  • about / Diagnosis vs. downtime
  • versus downtime / Diagnosis vs. downtime
• dictionary attacks
  • about / Cracking authentication with password attacks
• differential backup / Full, incremental and differential
• digestible groups
  • about / Easily digestible groups
• Digg / Networking, friending, and info leak
• digi-print footer
  • adding / Adding a digi-print footer
• digital signature
  • about / E-mail encryption and digital signatures with PGP
• directories
  • about / Files and users
• directory traversal attacks
  • about / Directory traversal attacks
• Discretionary Access Control (DAC) / Controlling user access with RBAC
• display_errors variable / Making .ini a meany
• DistroWatch
  • URL / Breaking Windows: considering alternatives
• Ditto / Ditto for themes
• DMCA approach
  • about / The DMCA approach
• DMCA notice
  • about / The DMCA approach
• DNS
  • about / Demystifying DNS
  • web address, resolving / Resolving a web address
• DNS management
  • about / Managing unmanaged with Webmin
• DNS servers / Resolving a web address
• domain admin address
  • about / Your e-mail addresses
• domain name
  • rules / Domain name security
• domain name security / Domain name security
• domain privacy
  • about / WHOIS whacking
• domain registration
  • about / WHOIS whacking
• downtime
  • about / Diagnosis vs. downtime
  • versus diagnosis / Diagnosis vs. downtime
• dpkg package / Researching services
• Dropbox
  • URL / Alternative document storage
• dynamic logs
  • about / Dynamic logs

E

• /etc/shadow file / Scrutinising SUID and SGID files (aka SxID files)
• ;error_log variable / Making .ini a meany
• e-mail addresses
  • about / Your e-mail addresses
• e-mail clients
  • about / E-mailing clients and webmail
• earth.google.com / How to look for it
• eBay
  • about / Swapping firmware
• empty passwords
  • verifying / Checking for empty passwords
• enable_dl variable / Making .ini a meany
• encrypted webmail
  • about / Encrypted webmail
• encryption
  • about / E-mail encryption and digital signatures with PGP
• encryption type
  • verifying / Checking your encryption type
• Enigform
  • URL / E-mail encryption and digital signatures with PGP
• Enigmail
  • URL / E-mail encryption and digital signatures with PGP
• ethical hackers
  • about / White hat, Hackers and crackers
• ethical hacking
  • about / Ethical hacking vs. doing time
• evil twin
  • about / Evil twins
• exit command / Using CSF to scan for system vulnerabilities
• Exploit Scanner / Anti-malware
• export command / Exporting the version numbers
• expose_php variable / Making .ini a meany
• external media
  • verifying / Checking external media

F

• facebook.com / How to look for it
• Fail2ban
  • URL / Dynamic logs
• fair dealing clause
  • about / Fair play to fair use
• false negatives
  • about / Secondary scanners, Rulesets and WordPress
• false positives
  • about / Secondary scanners, Rulesets and WordPress
• Fantastico
  • about / Fast installs with Fantastico ... but is it?
  • platform installation options / Fast installs with Fantastico ... but is it?
• fantastico_fileslist.txt file / Fast installs with Fantastico ... but is it?
• fantversion.php file / Fast installs with Fantastico ... but is it?
• FastCGI
  • about / Isolating risk with SuPHP
  • versus SuPHP / Isolating risk with SuPHP
• Fast Secure Contact Form / Spam
• FEBE
  • about / FEBE *
• Feedburner
  • Uncommon Uses link / Feedburner's Uncommon Uses
• feed content licensing
  • about / Site and feed licensing
• feed references / Feed references
• file changes
  • auditing / Scrutinizing file changes
• FileInsight / Deep file scanning
• file issues, WordPress / Server and file problems
• file path / What file
• file permissions
  • ensuring / Ensuring correct permissions
• files
  • backing up, for local Windows users / Backing up files for local Windows users
  • protecting / Protecting files
  • hiding / Hiding your files
  • about / Files and users
• file sharing
  • about / Quit sharing
• file system
  • about / An overview of our risk
• file upload size
  • uploading / Limiting file upload size
• FileZilla
  • about / Portable applications
• find command / Scrutinizing file changes
• Firefox
  • about / Portable applications, Chrome outfoxed
  • security settings / Firefox security settings
  • URL / Firefox
• firewall
  • about / Look (out), no wires, Hardening the firewall
  • access control, creating / Fired up on firewalls
  • adding, to network / Adding the firewall to the network
  • setting up / Setting up the firewall
  • stopping error / Error on stopping the firewall
• firmware
  • swapping / Swapping firmware
• flash cookie / Spyware
• Force non-SSL / SSL
• form grabbers
  • about / Data loggers
• forums, WordPress Ultimate Security
  • about / Forums
  • hack in the box / hack in the box
  • sla.ckers / sla.ckers
  • WindowSecurity / WindowSecurity
• Foundstone signature db / Hacking Google hacking with SiteDigger
• FreeWRT
  • URL / Swapping firmware
• FTP
  • about / Unencrypted traffic, Protocol soup
  / Service watch
• FTP packets
  • about / Open ports with vulnerable services
• FTP ports / Bricking up the doors
  • blocking / Closing the port
• full backup / Full, incremental and differential
  • about / Full backup to local
• Fully Qualified Domain Name
  • about / Using a signed certificate
• ©Feed / Content

G

• G/PGP Plugin for SquirrelMail
  • URL / E-mail encryption and digital signatures with PGP
• gain access phase / Gain access
• genuine software
  • verifying / Verifying genuine software
• GET method / What file
• GFI Languard
  • about / GFI Languard
  • URL / GFI Languard
• Ghostery
  • about / Ghostery
• Git / Creating the web interface
• Gmail
  • about / Checking your encryption type
• GMR
  • URL / Rootkit detection with GMER and RootRepeal
• GnuPG signatures
  • about / GnuPG cryptographic signatures
• Go Hacking
  • about / Go Hacking
  • URL / Go Hacking
• Google
  • about / Google hacking, Checking your encryption type
  • searching with / Searching with Google
• google.com / How to look for it
• google.com/streetview / How to look for it
• Google Alarm
  • URL / Chrome's USPs (for good and very bad)
• Google Alerts
  • using / Using Google Alerts
  • URL / Using Google Alerts
• Google Blogs
  • about / Don't bother with Google Blogs
• Google Docs
  • URL / Online applications
• Google hacking
  • about / Unchecked information leak, Google hacking
  • links / Sites and links
  • sites / Sites and links
  • files, matching from site / Finding files
  • keyword scanning / Keyword scanning
  • phone books / Phone numbers
  • hacking, with SiteDigger / Hacking Google hacking with SiteDigger
• Google Hacking Database
  • URL / More on Google hacking
  • about / Hacking Google hacking with SiteDigger
• GPG
  • URL / E-mail encryption and digital signatures with PGP
• Gpg4win
  • URL / E-mail encryption and digital signatures with PGP
• GPL
  • URL / Sack lawyers, employ creative commons
• Gradm
  • RBAC system, training with / Training the RBAC system with Gradm
  • installing / Installing Gradm
• grep parameter / Researching services with Netstat
• grey hat
  • about / Meet the hackers, Grey hat
• grlearn
  • about / Training the RBAC system with Gradm
• group file
  • about / Creating group membership
• group membership
  • creating / Creating group membership
• groups
  • about / Files and users
• groups.google.com / How to look for it
• grsecurity
  • about / Growling quietly with greater security
  • URL, for official site / Growling quietly with greater security
  • URL, for forum / Growling quietly with greater security
  • installing / Debian grsecurity from repositories
  • compiling, into kernel / Compiling grsecurity into a kernel
  • levels / grsecurity levels
• grsecurity levels / grsecurity levels
• grsecurity packages
  • matching, with kernel version / Matching the kernel and grsecurity packages
• GUI
  • about / Managing unmanaged with Webmin

H

• ha.ckers
  • about / ha.ckers
  • URL / ha.ckers
• Hack Attempt Identifier
  • URL / Legwork for access logs
• hacker methodologies
  • about / Introducing the hacker's methodology
  • reconnaissance phase / Reconnaissance, The reconnaissance phase, What to look for, How to look for it
  • scanning phase / Scanning, The scanning phase
  • gain access phase / Gain access
  • secure access phase / Secure access
  • cover tracks phase / Cover tracks
• hackers
  • about / Meet the hackers, Hackers and crackers
  • white hat / White hat
  • black hat / Black hat, Misfits, Introducing the hacker's methodology
  • grey hat / Grey hat
• HackerTarget
  • about / HackerTarget
  • URL / HackerTarget
• hacking education, WordPress Ultimate Security
  • about / Hacking education
  • Go Hacking / Go Hacking
  • HackThisSite / HackThisSite
  • Hellbound Hackers / Hellbound Hackers
  • OWASP WebGoat Project / OWASP WebGoat Project
  • We Chall / We Chall
  • YouTube / YouTube
• hack in the box
  • about / hack in the box
• Hackintosh
  • URL / Breaking Windows: considering alternatives
• HackThisSite
  • URL / HackThisSite
• hacktivists
  • about / Hacktivists
• harden-servers
  • unsafe services, deleting with / Deleting unsafe services with harden-servers
• hashing salts / Setting up secret keys
• HEAD method / What file
• HeidiSql
  • URL / Safer database administration
• heuristic scanning / The reactionary old guard: detection, Heuristics-based
• hidden files / Suspect hidden files and directories
• hidden links
  • about / Spammers
• HIPS & behavior scanning / HIPS and behavior scanning
• HIPS + sandbox + firewall with DefenseWall / HIPS + sandbox + firewall with DefenseWall
• hoax viruses
  • about / Hoax virus
• home directory permissions / Home directory permissions
• honeypots / WordPress security by ultimate obscurity, Honey pots, Binning the bots
• hosting options, WordPress blogs
  • about / Host type analysis
  • wordpress.com / Host type analysis
  • shared / Host type analysis
  • unmanaged virtual private server (VPS) / Host type analysis
  • dedicated server / Host type analysis
• hosting types
  • about / Logs and hosting types
• host intrusion prevention system (HIPS)
  • and behavior scanning / HIPS and behavior scanning
  • about / HIPS and behavior scanning
  • vs behavior scanners / HIPS vs behavior scanners
• hotlinking
  • about / Scraping and media hotlinking
  / Hotlink protection, Preventing media hotlinks
• htaccess file
  • about / Configuring the virtual host file, The htaccess file, A quick shout out to htaccess, bless, Denying access to wp-config.php, Revisiting the htaccess file, open_basedir
  • comment spam, blocking / Blocking comment spam
  • file upload size, limiting / Limiting file upload size
  • hotlinking / Hotlink protection
  • files, protecting / Protecting files
  • server signature, hiding / Hiding the server signature
  • protecting / Protecting the htaccess file
  • hiding / Hiding htaccess files
  • correct permissions, ensuring / Ensuring correct permissions
  • deny rule, adding for / Adding a deny rule
• htpasswd directory
  • about / Authentication with mod_auth
• HTTP
  • about / Protocol soup
• http
  • about / Safe server access
• HTTP header
  • about / What file
• https
  • about / Safe server access
• HTTPS
  • about / Protocol soup
• HTTrack
  • URL / Scouting-assistive applications
• Hushmail
  • about / Better webmail solutions
  • URL / Better webmail solutions
• hybrid attacks
  • about / Cracking authentication with password attacks

I

• .ini guide
  • PHP, tightening up with / PHP's .ini mini guide
• ICANN Domain Security
  • URL / Domain name security
• IE
  • about / Internet Explorer (IE)
• IE8
  • about / Internet Explorer (IE)
• IE9
  • about / Internet Explorer (IE)
• iframe injection
  • about / The many dangers of cross-site scripting (XSS)
• Incoming links box / Incoming links
• incremental backup / Full, incremental and differential
  • about / Incremental backups to local, Incremental remote-to-remote
• index.php file / Hiding your files
• indirect access
  • locking down / Locking down indirect access
• inetd / inetd and xinetd super-servers
• info leak / Unchecked information leak
• initial diagnosis
  • about / Diagnosis vs. downtime
• installation, Cobian
  • as service / Installing Cobian as a service
• installation, CSF / Installing CSF
• installation, Gradm / Installing Gradm
• installation, grsecurity / Debian grsecurity from repositories
• installation, Suhosin / Installing Suhosin
• installation, SuPHP / Installing SuPHP
• installation, Webmin / Installing Webmin
• installing
  • Suhosin / Installing Suhosin
  • SuPHP / Installing SuPHP
  • CSF / Installing CSF
  • grsecurity / Debian grsecurity from repositories
  • Gradm / Installing Gradm
• interactive / An overview of our risk
• Internet Explorer
  • URL / Internet Explorer
• Internet Options / Windows security services, Internet Options
• IP auditing / The scanning phase
• IP Deny Manager
  • about / IP deny with mod_access
• IP spoofing
  • about / IP spoofing
• iptables
  • about / Installing Webmin
  • references / Reference for iptables
• iptables solution / Fired up on firewalls, Bog-standard iptables firewall
• IRC
  • about / IRC
• issues, WordPress
  • about / WordPress problems
  • incompatible plugins / Incompatible plugins
  • injected plugins / Injected plugins
  • themes / Widgets, third party code and theme problems
  • third party code / Widgets, third party code and theme problems
  • widgets / Widgets, third party code and theme problems
  • files / Fun 'n' frolics with files
  • shared areas, verifying / Verifying uploads and shared areas
  • uploads, verifying / Verifying uploads and shared areas
  • htaccess files, verifying / Checking htaccess files
  • hidden users / Pruning hidden users
• ixquick.com / How to look for it
• Ixquick search engine
  • about / What to look for

J

• JavaScript
  • about / Anti-scripting attacks
• Javascript Kit
  • about / Bots to trot
• Jeremiah Grossman
  • about / Jeremiah Grossman
  • URL / Jeremiah Grossman
• jugular approach
  • about / The jugular approach

K

• Keepass
  • URL / Future-proofed data management
• KeePass
  • about / Portable applications
• KeepassX
  • URL / Future-proofed data management
• kernel / The open source advantage
  • grsecurity, compiling into / Compiling grsecurity into a kernel
  • patching / Patching the kernel
  • configuring / Configuring the kernel
• kernel version
  • matching, with grsecurity packages / Matching the kernel and grsecurity packages
  • exporting / Exporting the version numbers
• keyloggers
  • about / Data loggers, At loggerheads with the loggers, Using public computers – it can be done
  • URL / Managing passwords and sensitive data
• keys
  • creating / Creating keys: Linux or Mac locally, Creating keys: Windows locally
  • uploading / Uploading keys
  • using, from multiple machines / Using keys from multiple machines
• key security variables
  • about / Making .ini a meany
  • ;allow_url_fopen / Making .ini a meany
  • allow_url_include / Making .ini a meany
  • display_errors / Making .ini a meany
  • enable_dl / Making .ini a meany
  • ;error_log / Making .ini a meany
  • expose_php / Making .ini a meany
  • magic_quotes_gpc / Making .ini a meany
  • ;open_basedir / Making .ini a meany
  • register_globals / Making .ini a meany
  • safe_mode / Making .ini a meany
• keyset authentication
  • about / Better webmail solutions
• keystroke loggers
  • about / Data loggers
• kill command / Creating the batch files
• KrebsonSecurity
  • about / KrebsonSecurity
  • URL / KrebsonSecurity
• Kvetch!
  • about / Kvetch!

L

• LAMP
  • about / Server-side core documents
• LastPass
  • about / LastPass *
• Lastpass
  • URL / Future-proofed data management
  • about / Why LastPass?
  • setting up / Setting up LastPass
  • installing / Installing LastPass
  • using / Using LastPass
  • security, bolstering / Bolstering LastPass security
  • multi-factor authentication / LastPass multi-factor authentication
• Lastpass multi-factor authentication
  • virtual keyboard / Virtual keyboard
  • one time passwords / One time passwords
  • grid system / Grid system
  • YubiKey support / YubiKey supportYubiKey supportLastpass multi-factor authenticationYubiKey support
  • sesame authentication / Sesame authentication
• lawyers
  • firing, Creative Commons used / Sack lawyers, employ creative commons
• LBAK User Tracking
  • URL / Chicken and egg with logging plugins
  / Users
• least privilege permissions / Privilege escalation and jailbreak opportunities
• legal approach
  • about / The legal approach
• Limit Login Attempts
  • about / Limit Login Attempts, Login
• linkedin.com / How to look for it
• LinkedIn WordPress group
  • about / LinkedIn WordPress group
• link loggers
  • about / Data loggers
• Linux
  • about / Files and users, Hardening the kernel with grsecurity
• Linux, WordPress Ultimate Security
  • about / Linux
  • Linux Online / Linux Online
  • Linux Journal / Linux Journal
  • YoLinux / YoLinux
• Linux Journal
  • about / Linux Journal
  • URL / Linux Journal
• Linux Online
  • about / Linux Online
  • URL / Linux Online
• Linux users
  • database, backing up for / Files and db backup for local Mac 'n Linux users, Full backup to local, Incremental remote-to-remote
  • files, backing up for / Files and db backup for local Mac 'n Linux users, Full backup to local, Incremental remote-to-remote
• LiveCD
  • about / Hack packs, Booting a Preinstalled Environment (PE)
• LiveCDs
  • about / Breaking Windows: considering alternatives
• live chat request
  • about / Shared hosting SSH request
• Loblogomy
  • about / Bots to trot
• local development server
  • about / Considering a local development server
• Local File Inclusion attack / What file
• local issues, WordPress / Local problems
• local machines
  • database, backing up to / Backing up a database to local machines
• local software clients
  • about / Local software clients
  • instant scanning / Instant scanning
  • sandboxed client / Sandboxing clients
• local Windows users
  • files, backing up for / Backing up files for local Windows users
• Locationbar²
  • about / Locationbar2
• Lockbin
  • URL / Better webmail solutions
• Lock The Text
  • about / Lock The Text
• login safeguards, WordPress
  • about / More login safeguards, Login
  • Limit Login Attempts / Limit Login Attempts, Login
  • scuttle log-in errors / Scuttle log-in errors
  • Authenticator / Login
  • Chap Secure Login / Login
  • Member Access / Login
  • One-Time Password / Login
  • Restricted Site Access / Login
  • Semisecure Login Reimagined / Login
  • Stealth Login / Login
• logs
  • suspect activity, tracking with / Tracking suspect activity with logs
  • about / Logs and hosting types
  • parsing / Securing and parsing logs
  • securing / Securing and parsing logs
  • enabling / Enabling logs
• loopback traffic / Bog-standard iptables firewall
• LSO / Spyware
  • about / BetterPrivacy *

M

• MAC
  • about / Optional: MAC address filtering
• MAC address filtering
  • about / Optional: MAC address filtering
• MacNikto
  • URL / Wikto
• macro virus
  • about / Viruses
• Mac users
  • database, backing up for / Files and db backup for local Mac 'n Linux users, Full backup to local, Incremental remote-to-remote
  • files, backing up for / Files and db backup for local Mac 'n Linux users, Full backup to local
• magic_quotes_gpc variable / Making .ini a meany
• mailing lists
  • about / Mailing lists
• maintenance mode
  • considering / Considering maintenance mode
• maintenance mode, considering
  • about / Considering maintenance mode
  • plugin, using / Using a plugin
  • rewrite rule, using / Using a rewrite rule
• malbots
  • about / Botnets, Bad bot
  / Binning the bots
• malformed packets
  • sniffing out, with Snort / Sniffing out malformed packets with Snort
• Maltego
  • URL / Scouting-assistive applications
• malware / Botnets
  • about / Malwares dissected
  • blended threats / Blended threats
  • crimeware / Crimeware
  • data loggers / Data loggers
  • hoax viruses / Hoax virus
  • rootkits / Rootkits
• Malwarebytes
  • used, for cleaning Malware / Malware cleaning with Malwarebytes
  • URL / Malware cleaning with Malwarebytes
• malware scans
  • running / Running malware scans and checking compatibility
• Malzilla / Deep file scanning
• man-in-the-middle attack
  • about / Protocol soup
• manual prefix change / Manual prefix change
• maps.google.com / How to look for it
• Math Comment Spam Protection / Spam
• MD5 checksums
  • about / MD5 checksums
• media
  • about / An overview of our risk
• media hotlinks
  • preventing / Preventing media hotlinks
• Meld
  • URL / Local file comparison
• Member Access / Login
• memory
  • protecting, with PaX / Memory protection with PaX
• memory dump attack / Encrypting hard drives
• Messenger / Disabling clutter and risky Windows services
• Metasploit
  • about / NeXpose and Metasploit
• Microsoft Security
  • about / Microsoft Security
  • URL / Microsoft Security
• Mint
  • about / Breaking Windows: considering alternatives
  • URL / Breaking Windows: considering alternatives
• misfits
  • about / Misfits
• MITM
  • data, intercepting with / Intercepting data with man-in-the-middle attacks
  • about / Intercepting data with man-in-the-middle attacks, Paros Proxy
• ModSecurity
  • web, firewalling with / Firewalling the web with ModSecurity
  • URL / Firewalling the web with ModSecurity
  • installing / Installing mod-security, the Apache module
  • resources / ModSecurity resources
• mod_auth module
  • authentication, performing with / Authentication with mod_auth
• mod_auth_db
  • about / mod_auth_db and mod_auth_dbm
• mod_auth_dbm
  • about / mod_auth_db and mod_auth_dbm
• mod_auth_digest
  • about / Better passwords with mod_auth_digest
• mod_auth_mysql
  • about / mod_auth_mysql
• mod_auth_pg95
  • about / mod_auth_pg95
• mod_evasive
  • about / (D)DoS protection with mod_evasive
  • (D)DOS protection, providing / (D)DoS protection with mod_evasive
• MS Office Live
  • URL / Online applications
• multi-layered protection model
  • about / The multi-layered protection model
• MySQL
  • about / Containing MySQL databases
  • test database / Deleting the test database
• mysqldump / Backing up a database to local machines
• MySQL root account
  • empty passwords, verifying / Checking for empty passwords

N

• nameservers / Resolving a web address
• nano / Hardening the Secure Shell
• Navicat
  • URL / Safer database administration
• Nessus
  • about / Nessus
  • URL / Nessus
  • policies, creating with / Creating policies with Nessus
• NetMeeting Remote Desktop Sharing / Disabling clutter and risky Windows services
• Netstat
  • about / Researching services with Netstat
  • services, researching with / Researching services with Netstat
• network
  • mapping out / Mapping out the network
  • firewall, adding to / Adding the firewall to the network
• network assets
  • about / Network assets
  • media / PCs and media
  • PCs / PCs and media
  • routing gear / Routing gear
  • server / Server
• network device
  • open ports, verifying on / Checking for open ports on a network device
  • vulnerable services, verifying on / Checking for vulnerable services on a network device
• network hop
  • about / Remote webmail clients (and other web applications)
• network security
  • about / World wide worry
• NeXpose
  • about / NeXpose and Metasploit
• NFS / Service watch
• Nikto
  • URL / Wikto
  • about / HackerTarget
• Nikto @ HackerTarget
  • URL / Wikto
• NIS / Service watch
• Nmap
  • URL / Mapping out the network
  • about / Nmap: the Network Mapper
• no-follow link / Illegality vs. benefit
• non-human accounts / Non-human accounts
• non-official support
  • LinkedIn WordPress group / LinkedIn WordPress group
  • WordPress Forums / WordPress forums
  • WordPress Tavern / WordPress Tavern
• No Rights Reserved license / Sack lawyers, employ creative commons
• NoScript
  • about / NoScript *

O

• ;open_basedir variable / Making .ini a meany
• octal notation / Ownership and permissions
• off-site logging
  • about / Off-site logging
• offenders, tackling
  • about / Tackling offenders
  • cordial approach / The cordial approach
  • DMCA approach / The DMCA approach
  • jugular approach / The jugular approach
  • legal approach / The legal approach
• Oinkmaster
  • URL / Emerging Threats
• older browsers
  • isolating / Isolating older browsers
• One-Time Password / Login
• one-time passwords
  • about / Advanced data management and authentication
• online applications
  • about / Online applications
• online private browsing
  • about / Online private browsing
  • anonymous proxy server / Anonymous proxy server
  • chained proxies / Chained proxies
  • SSL proxies / SSL proxies and Virtual Private Networks (VPNs)
  • private SOCKS proxy with SSH / Private SOCKS proxy with SSH
• OpenOffice
  • about / Portable applications
• open ports
  • verifying, on network device / Checking for open ports on a network device
• open source
  • benefits / The open source advantage
• open source firmware
  • about / Swapping firmware
• OpenSSH
  • about / Files and db backup for local Mac 'n Linux users, Hardening the Secure Shell
• OpenVAS
  • about / OpenVAS, HackerTarget
  • URL / OpenVAS
• OpenVAS @ HackerTarget
  • URL / OpenVAS
• OpenWRT
  • URL / Swapping firmware
• open_basedir directive / open_basedir
• Opera
  • URL / Opera
• operator
  • about / Google hacking
• Opolis
  • about / Better webmail solutions
  • URL / Better webmail solutions
• organizations, WordPress Ultimate Security
  • about / Organizations
  • OWASP / OWASP
  • SANS / SANS
  • SecurityFocus / SecurityFocus
  • WASC / WASC
  • Wikipedia / Wikipedia
• original content
  • scenarios / The effect on the current and future worth of the original content
• OSSEC
  • about / phpMyAdmin login
  • URL / Integrity, logs, and alerts with OSSEC
  • source, verifying / Obtaining and verifying the source
  • source, obtaining / Obtaining and verifying the source
  • installation process / The installation process
  • features / Setting the configuration to analyze the following logs
  • using / Using OSSEC
  • updating / Updating OSSEC
• OSSEC-WUI / OSSEC-WUI
• OSSEC HIDS
  • configuring / Configuring the OSSEC HIDS
• OSSTM
  • about / ISECOM's OSSTM
• OWASP
  • about / OWASP
  • URL / OWASP
• OWASP Testing Guide
  • about / OWASP Testing Guide
• ownership
  • about / Ownership and permissions

P

• 777 permissions
  • about / 777 permissions
• packages
  • about / Repositories, packages, and integrity
• packet sniffing
  • about / Hotspotting Wi-Fi, WordPress administration with SSL
• Pageant
  • about / SFTP using S/FTP clients
• pagefile
  • about / Covering your tracks
• pagefile.sys
  • about / Covering your tracks
• PAM (Pluggable Authentication Modules) / Installing Gradm
• panel
  • setting up / Setting up a panel
• Paros
  • about / Alternative tools
• Paros Proxy
  • URL / Paros Proxy
• Passenger
  • RoR, deploying with / Deploying Ruby on Rails with Passenger, Enabling everything, Configuring the network
• passwd file
  • about / The passwd file
• password and data managers
  • web browser data managers / Web browser data managers
  • future-proofed data management / Future-proofed data management
  • LastPass / Why LastPass?
  • LastPass, setting up / Setting up LastPass
  • LastPass, installing / Installing LastPass
  • LastPass, using / Using LastPass
  • LastPass security, bolstering / Bolstering LastPass security
  • LastPass, multi-factor authentication / LastPass multi-factor authentication
• password attacks
  • authentication, cracking with / Cracking authentication with password attacks
• PasswordAuthentication yes / PasswordAuthentication yes
• password files
  • editing / Creating and editing password files
  • creating / Creating and editing password files
• password loggers
  • about / Data loggers
• password manager / The password manager
• Password Protect Directories
  • about / cPanel's Password Protect Directories
• password protection
  • about / Password protect directories, More authentication methods
• passwords
  • managing / Managing passwords and sensitive data
  • passphrase policy / Proper passphrase policy
• patches / The open source advantage
• PaX
  • about / Growling quietly with greater security, Memory protection with PaX
  • memory, protecting with / Memory protection with PaX
• PC-BSD / Weighing up Windows, Linux, and Mac OS X
• penetration testing, WordPress Ultimate Security
  • about / Penetration testing
  • OSSTM / ISECOM's OSSTM
  • OWASP Testing Guide / OWASP Testing Guide
• pentesting systems / The almost perfect anti-malware solution
• Perfect Privacy
  • URL / SSL proxies and Virtual Private Networks (VPNs)
• Performance Logs and Alerts / Disabling clutter and risky Windows services
• Perishable Press 4G Blacklist
  • about / The Perishable Press 4G Blacklist
  • URL / The Perishable Press 4G Blacklist
• Perishable Press Blackhole
  • about / Perishable Press Blackhole for bad bots
  • URL / Perishable Press Blackhole for bad bots
• permalink rewrite rules
  • about / Configuring the virtual host file
• permissions
  • about / Ownership and permissions
  • modifying, change mode used / Using change mode to modify permissions
• permissions, for WordPress theme file / Translating symbolic to octal notation
• PermitRootLogin no. / PermitRootLogin yes
• PermitRootLogin yes / PermitRootLogin yes
• PGP
  • about / Encrypted webmail, E-mail encryption and digital signatures with PGP
  • e-mail encryption / E-mail encryption and digital signatures with PGP
  • digital signatures / E-mail encryption and digital signatures with PGP
• PGP (commercial)
  • URL / E-mail encryption and digital signatures with PGP
• PGP (non-commercial use only)
  • URL / E-mail encryption and digital signatures with PGP
• phantom edits
  • issues / WordPress problems
• PHP
  • tightening up, with .ini guide / PHP's .ini mini guide
  • configuration options, locating / Locating your configuration options
  • patching, with Suhosin / Patching PHP with Suhosin
• php.ini file / Locating your configuration options
• PHP directives
  • references / open_basedir
• phpMyAdmin / Privilege escalation and jailbreak opportunities
  • about / phpMyAdmin login, Remote db connections with an SSH tunnel
  • safer database administration / Safer database administration
• Phrack Magazine
  • about / Phrack Magazine
  • URL / Phrack Magazine
• physical cable connection
  • about / Alt: physical cable connection
• physical risk
  • about / Physically hacked off
• Pick 'n mix anti-malware modules / Pick 'n mix anti-malware modules
• pipl.com / How to look for it
• PlagiarismToday
  • URL / Finding the abuse department
• Plagium
  • about / Plagium
  • URL / Plagium
• platform installation options, Fantastico / Fast installs with Fantastico ... but is it?
• Plesk
  • about / Managing unmanaged with Webmin
• Plugin Repository Trac
  • about / Plugin Repository Trac
• plugins
  • updating / Updating plugins, widgets and other code
  • issues / The problem with plugins
  • inspecting / Scrutinize widgets, plugins and third party code
• policies
  • creating, with Nessus / Creating policies with Nessus
• pop-up adverts / Ad and cookie cullers
• Port 21 / Ports 101
• Port 22 / Port 22, Ports 101
• Port 23 / Ports 101
• Port 25 / Ports 101
• Port 53 / Ports 101
• Port 80 / Ports 101
• Port 110 / Ports 101
• Port 443 / Ports 101
• Port 995 / Ports 101
• Port 54321 / Port 22
• portable applications
  • about / Portable applications
• PortableApps
  • about / Portable applications
  • URL / Portable applications
• ports
  • about / Overall risk to the site and server, Scanning, Bricking up the doors
  • closing / Closing the port
• portscanning
  • about / Checking for open ports on a network device
• ports survey / The scanning phase
• PostgreSQL
  • about / mod_auth_pg95
• POST method / What file
• PR5 site / Illegality vs. benefit
• pre-emptive defense / Pre-emptive defense, Linking lead content, Coining a copyright notice, Showing only summaries, Refusing right-clicks
• Preinstalled Environment (PE)
  • booting / Booting a Preinstalled Environment (PE)
• Press This
  • about / Lazy site and server administration
• printer sharing
  • about / Dprinter sharingaboutisabling automatic network detection
• private certificates
  • about / Dedicated, domain-specific certificates
• private key
  • about / Protocol soup
• private registration / Domain name security
• privileged accounts
  • creating / Creating privileged accounts
• privilege escalation rights
  • about / Files and users
• privilege separation / Kernel level chroot hardening
• production server / Considering a local development server
• Project Honey Pot
  • about / Project Honey Pot
  • URL / Project Honey Pot
• proprietary software / The open source advantage
• Protocol 1 / Protocol 2
• Protocol 2 / Protocol 2
• protocols
  • about / Sizing up connection options
  • HTTP / Protocol soup
  • SSL / Protocol soup
  • TLS / Protocol soup
  • HTTPS / Protocol soup
  • SSH / Protocol soup
  • FTP / Protocol soup
  • SFTP / Protocol soup
• proxy ports / Bricking up the doors
• proxy scanner
  • about / Paros Proxy
• PSPad
  • URL / Local file comparison
• ps utility / Researching services
• public computers
  • about / Using public computers – it can be done
  • using / Using public computers – it can be done
  • Preinstalled Environment (PE), booting / Booting a Preinstalled Environment (PE)
  • online applications / Online applications
  • portable applications / Portable applications
  • authentication / Advanced data management and authentication
  • advanced data management / Advanced data management and authentication
  • external media, verifying / Checking external media
• public hotspots
  • about / Hotspotting Wi-Fi
• public key
  • about / Protocol soup
• pulledpork
  • URL / Emerging Threats
• Puppy Linux
  • URL / Booting a Preinstalled Environment (PE)
• PuTTY
  • about / Portable applications, Windows locally, Port 22
  • URL / Windows locally

Q

• Qualys
  • about / Qualys
  • URL / Qualys
• questions, for hosting providers / Questions to ask hosting providers

R

• RapidSSL
  • URL / Obtaining signed certificates
• RBAC
  • user access, controlling with / Controlling user access with RBAC
• RBAC system
  • training, with Gradm / Training the RBAC system with Gradm
• reactive response / Reactive response, Trackbacks, Searching with Google, Using Google Alerts
• reconnaissance phase
  • about / Reconnaissance, The reconnaissance phase, What to look for, How to look for it
• redundant code
  • deleting / Deleting redundant code
• referrer
  • about / Short circuiting bots with htaccess
• register_globals variable / Making .ini a meany
• registrant
  • about / WHOIS whacking
• registrar
  • about / WHOIS whacking
• registry
  • about / WHOIS whacking
• registry backup / Registry backup
• relational links / Relational links
• remote db connections, SSH tunnel / Remote db connections with an SSH tunnel
• Remote Desktop Help Session Manager / Disabling clutter and risky Windows services
• Remote File Inclusion attack / What file
• Remote shell / Service watch
• remove_actions() / Introducing remove_actions
• repositories / Repositories, packages, and integrity
• RequestPolicy
  • about / RequestPolicy
• request protocol / What file
• Restricted Site Access / Login
• reverse proxy / Firewalling the web with ModSecurity
• rewrite rule
  • using / Using a rewrite rule
• risk
  • about / Calculated risk
  • overview / An overview of our risk
  • isolating, with SuPHP / Isolating risk with SuPHP
• RoboForm
  • URL / Future-proofed data management
• robots.txt file
  • about / Good bot
• RobotsGen
  • URL / Good bot, bad bot
• rogue site / Hoax virus
• Role Scoper / Custom roles, Users
• root
  • about / Elevating to superuser permissions
• Rootkit
  • detecting, with RootRepeal / Rootkit detection with GMER and RootRepeal
  • detecting, with GMR / Rootkit detection with GMER and RootRepeal
• rootkit
  • about / Malwares dissected, Rootkits
• rootkit detection / Slamming backdoors and rootkits
• Rootkit Hunter
  • URL / Slamming backdoors and rootkits
• RootRepeal
  • URL / Rootkit detection with GMER and RootRepeal
• RoR
  • deploying, with Passenger / Deploying Ruby on Rails with Passenger, Enabling everything, Configuring the network
• router password
  • about / Router password
• Routing and Remote Access / Disabling clutter and risky Windows services
• RPC / Service watch
• RSS feeds / Fielding your feeds
• Ruby / Ruby on Rails dependencies
• rwx
  • about / Ownership and permissions

S

• S-Mail
  • URL / Better webmail solutions
• S/FTP clients
  • about / SFTP using S/FTP clients
• Safari
  • about / Safari
• safe_mode variable / Making .ini a meany
• sandboxed client
  • about / Sandboxing clients
• Sandboxie
  • multiple sandboxes with / Multiple sandboxes with Sandboxie
• Sandbox isolation / Sandbox isolation
• SanityCheck
  • URL / Malware cleaning with Malwarebytes
• SANS
  • about / SANS
  • URL / SANS
• scanning phase
  • about / Scanning, The scanning phase
  • IP auditing / The scanning phase
  • ports survey / The scanning phase
  • application versions / The scanning phase
• scrapers
  • about / Scrapers
  • issues / The problem with scrapers
  • seeking out / Seeking out scrapers
• scraping
  • about / Scraping and swearing
• screen loggers
  • about / Data loggers
• ScribeFire
  • about / Lazy site and server administration
• script kiddies
  • about / Script kiddies
• scuttle log-in errors / Scuttle log-in errors
• search engine optimization
  • about / Illegality vs. benefit
• search engines
  • about / Google hacking
• secondary scanners / Secondary scanners
• second terminal instance / Port 22
• secret keys
  • setting up / Setting up secret keys
• SecRuleEngine variable / Enabling CRS and logging
• SecTools.Org
  • about / SecTools.Org
• secure access phase / Secure access
• secure tunnel
  • about / Protocol soup
• Secure WordPress / Anti-malware
• secure workspace
  • providing / Providing a secure workspace
• security
  • extending / Extending security
• Security / Action Center / Windows security services, Security or Action Center
• security by obscurity / WordPress security by ultimate obscurity
• SecurityFocus
  • about / SecurityFocus
  • URL / SecurityFocus
• Security Manager
  • about / Security Manager (SM)
• security policy
  • about / Calculated risk
• security policy, for somesite.com
  • about / Security policy for somesite.com
  • aim / Aim
  • goals / Goals
  • roles / Roles and responsibilities, Site Editors
  • responsibilities / Roles and responsibilities, Site Editors
  • network assets / Network assets, Server
  • website assets / Website assets
  • further policy considerations / Further policy considerations
• security settings
  • maximising, sysctl used / Using Sysctl support to maximize security settings
• security settings, Firefox
  • about / Firefox security settings
  • password manager / The password manager
• self-signed certificate
  • about / Dedicated, domain-specific certificates
  • creating / Creating a self-signed certificate
  • SSL, activating / Alerting WordPress and activating SSL
  • WordPress, altering / Alerting WordPress and activating SSL
• self-signed certificate, creating
  • about / Creating a self-signed certificate
  • files, generating / Generating the files
  • required Apache modules / Required Apache modules
  • virtual host file, configuring / Configuring the virtual host file
• Semisecure Login Reimagined / Login
• sensitive data
  • managing / Managing passwords and sensitive data
• Sensitivity Level / Sensitivity Level
• server issues, WordPress / Server and file problems
• server login
  • versus control panel login / Server login
  • shared hosting SSH request / Shared hosting SSH request
  • terminal, setting up / Setting up the terminal locally
  • terminal, securing / Securing the terminal
• server log investigation / Investigating the site and server log
• server ports / Access and authentication issues
• serverside core documents, WordPress Ultimate Security
  • about / Server-side core documents
  • Apache HTTP Server Version 2.2 Documentation / Apache HTTP Server Version 2.2 Documentation
  • Apache module index / Apache: Module Index
  • MySQL security / MySQL: Security
  • PHP security / PHP: Security
• server signature
  • hiding / Hiding the server signature
• server vulnerabilities
  • scanning for / Scanning for server vulnerabilities
• service
  • Cobian, installing as / Installing Cobian as a service
• service manager
  • services, disabling with / Disabling services using a service manager
• services
  • attacking, with Denial of Service (DoS) attacks / Open ports with vulnerable services
  • about / Scanning
  • researching, with Netstat / Researching services with Netstat
  • researching / Researching services
  • disabling, service manager used / Disabling services using a service manager
• sesame authentication / Sesame authentication
• session cookie
  • about / Assorted threats with cross-site request forgery (CSRF)
• SFTP
  • about / Protocol soup, SFTP from the command line
• sftpusers groups / chrooted SFTP access with OpenSSH
• SGID files
  • scrutinising / Scrutinising SUID and SGID files (aka SxID files)
• shared certificates
  • about / WordPress administration with SSL, Shared, server-wide certificates
• shared hosting
  • about / Host type analysis
• shared hosting SSH request
  • about / Shared hosting SSH request
• shared human accounts / Shared human accounts
• SHARE directory / Providing a secure workspace
• shared web host
  • about / SSL for shared hosts
• sharing
  • quitting / Quit sharing
• shell
  • about / Hushing it up with SSH
• shells
  • about / Control panels and terminals
• short URLs / Third party apps and short links
• shoulder surfers
  • about / Using public computers – it can be done
• SI CAPTCHA Anti-Spam / Spam
• signature scanning / The reactionary old guard: detection, Signature-based
• signed certificate
  • using / Using a signed certificate
• signed certificates
  • obtaining / Obtaining signed certificates
  • setting up / Setting up a signed certificate
• single.php file / Tweaking the title
• Site Administrator
  • about / Site Administrator
• SiteDigger
  • about / Hacking Google hacking with SiteDigger
  • URL / Hacking Google hacking with SiteDigger
• Site Editors
  • about / Site Editors
• sites
  • about / An overview of our risk
• SkyDrive
  • URL / Alternative document storage
• Skype / Networking, friending, and info leak
• sla.ckers
  • about / sla.ckers
  • URL / sla.ckers
• SMEStorage Multi-Cloud WordPress Backup
  • about / SMEStorage Multi-Cloud WordPress Backup
  • Automatic WordPress Backup / Automatic WordPress Backup
  • Updraft / Updraft
  • BackWPup / BackWPup
  • VaultPress / VaultPress
• Snipplr
  • about / Bots to trot
• Snorby
  • URL / Sniffing out malformed packets with Snort
  • installing / Installing the packages
• Snort
  • malformed packets, sniffing out with / Sniffing out malformed packets with Snort
  • URL / Sniffing out malformed packets with Snort
  • installation options / Snort's installation options
• social engineer
  • about / Calculated risk
• social engineering
  • about / Physically hacked off, Social engineering, Protecting against social engineering
  • examples / Phone calls, Phishing
• social engineering examples
  • phone calls / Phone calls
  • walk-ins / Walk-ins
  • phishing / Phishing
• social networking / Social networking (and so on)
• social networks
  • about / Networking, friending, and info leak
• sound loggers
  • about / Data loggers
• souped-up router
  • benefits / Network security re-routed
• spam
  • about / Damn spam
• SpamAssassin
  • about / SpamAssassin Trainer
• spam defacement
  • about / Damn spam, rants, and heart attacks
• spam management / Host type analysis
• spammers
  • about / Spammers
• spamming
  • about / Botnets
• Spam Poison
  • URL / Perishable Press Blackhole for bad bots
• spam redirections
  • about / Damn spam, rants, and heart attacks
• Spengler
  • about / Growling quietly with greater security
• Spider Trap
  • URL / Perishable Press Blackhole for bad bots
• splogs
  • about / Scraping and swearing
• Splunk
  • about / Splunk
  • features / Splunk
  • URL, for documentation / Splunk
• spoof addresses
  • about / Beware of spoof addresses
• spoof caller ID
  • about / Phone calls
• spoofing / Reading the Common Log Format (CLF)
• spyware
  • about / Spyware
• SQL
  • about / Privilege escalation and jailbreak opportunities
• SQL database
  • about / An overview of our risk
• SQL injection / Privilege escalation and jailbreak opportunities
• SQLyog
  • URL / Safer database administration
• SSDP Discovery Service / Disabling clutter and risky Windows services
• SSH
  • about / Online applications, Protocol soup, Hushing it up with SSH, Hardening the Secure Shell
  • reloading / Reloading SSH
• SSH clients
  • about / Windows locally
• sshd_config file / Bog-standard iptables firewall, Adding the firewall to the network
• SSH tunnel
  • remote db connections / Remote db connections with an SSH tunnel
  • about / Remote db connections with an SSH tunnel
• SSID
  • modifying / Changing the SSID
  • hiding / Hiding the SSID
• SSL
  • about / Online applications, Encrypted webmail, Protocol soup
  • WordPress administration, securing with / WordPress administration with SSL, Letting WordPress know
  • for shared hosts / SSL for shared hosts
  • for dedicated servers / SSL for VPS and dedicated servers
  • for VPS / SSL for VPS and dedicated servers
  • testing / Testing SSL and insecure pages
  • reference / SSL reference
• SSL certificate checks
  • about / SSL certificate checks
  • Certificate Patrol / Certificate Patrol *
  • Perspectives / Perspectives *
• SSLShopper
  • URL / Obtaining signed certificates
  • about / Obtaining signed certificates
• Stealth Login / Login
• sudo directive / Elevating to superuser permissions, Protecting world-writable files
• Suhosin
  • PHP, patching with / Patching PHP with Suhosin
  • about / Patching PHP with Suhosin
  • installing / Installing Suhosin
• SUID files
  • scrutinising / Scrutinising SUID and SGID files (aka SxID files)
• SUPERAntiSpyware
  • URL / Malware cleaning with Malwarebytes
• superbob
  • about / Files and users
• superior prefix / Manual prefix change
• SuperScan
  • URL / Secondary scanners
• superuser
  • permissions / Elevating to superuser permissions
  • about / Elevating to superuser permissions, Files and users
• superuser permissions
  • about / Elevating to superuser permissions
• SuPHP
  • risk, isloating with / Isolating risk with SuPHP
  • versus FastCGI / Isolating risk with SuPHP
  • installing / Installing SuPHP
  • alternatives / Alternatives to SuPHP
• suspect activity
  • tracking, with logs / Tracking suspect activity with logs
• SXID
  • about / Keeping track of changes with SXID
  • cronning / Cronning SXID
• SxID
  • about / Scrutinising SUID and SGID files (aka SxID files)
• symbolic notation
  • about / Ownership and permissions
• symbolic permissions
  • translating, to octal notation / Translating symbolic to octal notation
• SyncBackPro
  • about / Backing up files for local Windows users
• Syncplicity
  • URL / Alternative document storage
• sysctl
  • about / Stockier network stack
  • security settings, maximising / Using Sysctl support to maximize security settings
• Syslog-ng
  • URL / Off-site logging
• system
  • patching / Patching the system and programs
  • programs / Patching the system and programs
  • security patches / Patching the system and programs
  • unwanted software, binning / Binning unwanted software
  • clutter, disabling / Disabling clutter and risky Windows services
  • Windows services, disabling / Disabling clutter and risky Windows services
  • XP's Simple File Sharing, disabling / Disabling XP's Simple File Sharing
• System Activity Monitor / System Activity Monitor
• System Administrator
  • about / System Administrator
• system users
  • about / System users
  • shared human accounts / Shared human accounts
  • admins / Administrative accounts
• system vulnerabilities
  • scanning, CSF used / Using CSF to scan for system vulnerabilities
• sysv-rc-conf tool / Binning the FTP service and firewalling the port
  • using / Using sysv-rc-conf

T

• TCP-IP
  • about / Stockier network stack
• TCP Wrappers
  • about / Gatekeeping with TCP wrappers
• technical risk
  • about / Physically hacked off
• Telnet / Disabling clutter and risky Windows services
  • about / Protocol soup, Service watch
• terminal
  • about / Hushing it up with SSH
  • setting up / Setting up the terminal locally
  • securing / Securing the terminal
• terminals
  • about / Control panels and terminals
• test database
  • deleting / Deleting the test database
• The Live CD List
  • URL / Breaking Windows: considering alternatives
• The Web Robots Pages
  • URL / Good bot, bad bot
• ThinkFree
  • URL / Online applications
• third party applications / Third party apps and short links
• third party code
  • introducing / Vulnerable versions
  • inspecting / Scrutinize widgets, plugins and third party code
• third party vulnerabilities
  • reasons / Vulnerable versions
• threat
  • about / Calculated risk
• ThreatFire
  • behavior scanning with / Behavior scanning with ThreatFire
  • updating / Updating ThreatFire
• threatscape
  • about / Calculated risk
• Thunderbird
  • about / Portable applications
• timestamp / What visitor
• TinEye
  • about / TinEye
  • URL / TinEye
• TKIP
  • versus AES / AES vs. TKIP
• TLS
  • about / Protocol soup
• Tomato
  • URL / Swapping firmware
• toolkits, WordPress Ultimate Security
  • about / Toolkits
  • SecTools.Org / SecTools.Org
  • TU / TREACHERY UNLIMITED
  • WASC Web Application Security Scanner List / WASC Web Application Security Scanner List
• Tor
  • about / Chained proxies
  • URL / Chained proxies
• Trac
  • about / Trac
• trackbacks
  • scanning / Trackbacks
• tracking cookie / Spyware
• Trojan
  • about / Blended threats, Trojan horses
• Trojan rootkit / Phishing
• TU
  • about / TREACHERY UNLIMITED
• Tunnelier
  • about / Windows locally, Installing Cobian as a service, Port 22
  • setting up / Setting up Tunnelier
  • tasks / Setting up Tunnelier's FTP-to-SFTP bridge
• Tux Chooser
  • URL / Breaking Windows: considering alternatives

U

• UAC
  • about / Breaking Windows: considering alternatives
• Ubuntu
  • about / Breaking Windows: considering alternatives
  • URL / Breaking Windows: considering alternatives
• Ultimate Security Checker / Anti-malware
• unauthorised logins
  • verifying / Safe server access
• uniform resource locator
  • about / Resolving a web address
• unintentional denial of service / Open ports with vulnerable services
• Universal Plug and Play Device Host / Disabling clutter and risky Windows services
• unmanaged dedicated server
  • about / Host type analysis
• unmanaged virtual private server (VPS)
  • about / Host type analysis
• unsafe services
  • deleting, with harden-servers / Deleting unsafe services with harden-servers
• unsecured access
  • about / Accessible round-up
• Updraft
  • about / Updraft
  / Backup
• uploads folder / Prioritizing backup, Hiding your files
• US Copyright Office
  • URL / The DMCA approach
• user-agent / Reading the Common Log Format (CLF)
• user-agent string / Reading the Common Log Format (CLF)
• user access
  • controlling, with RBAC / Controlling user access with RBAC
• user access controls
  • about / Growling quietly with greater security
• User Access Manager / Custom roles, Users
• User Account Control / The deny-by-default permission model, Windows security services
• User Account Control (UAC)
  • about / User Account Control
  • configuring, in Vista / Configuring UAC in Vista
  • configuring, in Windows 7 / Configuring UAC in Windows 7
  • disabling, at registry (Vista and 7) / Disabling UAC at the registry (Vista and 7)
  • issues, with Premium / UAC problems with Vista Home and Premium
  • issues, with Vista Home / UAC problems with Vista Home and Premium
• user accounts
  • deleting / Deleting user accounts
• user agent
  • about / Short circuiting bots with htaccess
• user input validation / Buffer overflow attacks
• users
  • about / Files and users
  • deleting / Deleting users safely
  • securing / Securing your users, Using a plugin

V

• vanilla
  • downloading / Compiling grsecurity into a kernel
• VaultPress
  • about / Prioritizing backup, VaultPress
  • URL / VaultPress
• VeriSign
  • URL / Obtaining signed certificates
• version leak / Hiding the WordPress version
• virtual host file
  • configuring / Configuring the virtual host file
  • setting up / Setting up the virtual host file
• virtual machine
  • using / Using a virtual machine
• Virtual Machines (VM)
  • advanced sandboxing / Advanced sandboxing (and more) with virtual machines
• Virtual Machines (VMS) / Sandbox isolation
• virtual memory
  • about / Covering your tracks
• virtual private server
  • about / Better webmail solutions
• virtual storage
  • about / Backing up db and/or files to cloud storage
• virus definition files / Regular antivirus scanners
• viruses
  • about / Viruses
• Vista user accounts
  • about / Vista and Windows 7 user accounts
• vpsBible's Cron Guide / Backing up a database to local machines
• vpsBible's SOCKS SSH Guide
  • URL / Private SOCKS proxy with SSH
• VPS machines / Error on stopping the firewall
• vulnerability
  • about / Calculated risk
• vulnerability assessment package / Nessus
• vulnerable services
  • verifying, on network device / Checking for vulnerable services on a network device

W

• W32/Blaster / Blended threats
• war dialing attack / WHOIS whacking
• warez
  • about / Script kiddies
• WASC
  • URL / WASC
• WASC Web Application Security Scanner List
  • about / WASC Web Application Security Scanner List
• web
  • firewalling, with ModSecurity / Firewalling the web with ModSecurity
• web address
  • resolving / Resolving a web address
• WebGoat
  • about / OWASP WebGoat Project
• web host
  • db + files, backing up with / Backing up db + files by your web host
• web interface
  • creating / Creating the web interface
• webmail
  • solutions / Better webmail solutions
• web mail
  • db + files, backing up to / Backing up db to (web)mail
• webmail clients
  • about / Remote webmail clients (and other web applications)
• Webmin / Control panel login
  • about / Managing unmanaged with Webmin
  • installing / Installing Webmin
  • securing / Securing Webmin
• Webmin module
  • installing / CSF as a control panel module
• Web of Trust (WOT)
  • about / Web of Trust (WOT) *
• web server
  • about / An overview of our risk
  • db + files, backing up on / Backing up db + files on the web server
• website assets
  • about / Website assets
  • backup / Backup
  • code updates / Code updates
  • database / Database
  • domain / Domain
• web vulnerabilities
  • scanning for / Scanning for web vulnerabilities
• We Chall
  • about / We Chall
  • URL / We Chall
• WEP
  • versus WPA / WEP vs. WPA vs. WPA2
  • about / WEP vs. WPA vs. WPA2
• whatismyip / What is my IP?
• white hat
  • about / White hat
• who.is / How to look for it
• WHOIS
  • about / WHOIS whacking
• WHOIS records
  • about / Unchecked information leak
• WHOIS search
  • running / Run a WHOIS search
• WHOIS whacking
  • about / WHOIS whacking
• Wi-Fi
  • hot-spotting / Hotspotting Wi-Fi
• widgets
  • inspecting / Scrutinize widgets, plugins and third party code
• Wikipedia
  • about / Wikipedia
• Wikto
  • about / Wikto
  • URL / Wikto
• Windows 7 user accounts
  • about / Vista and Windows 7 user accounts
• Windows Defender / Windows security services, Windows Defender
• WindowSecurity
  • about / WindowSecurity
  • URL / WindowSecurity
• Windows Firewall / Windows security services, Windows Firewall
• Windows security, services
  • about / Windows security services
  • Security / Action Center / Security or Action Center
  • Windows Firewall / Windows Firewall
  • Windows Update / Windows Update
  • Internet Options / Internet Options
  • Windows Defender / Windows Defender
  • User Account Control / User Account Control
  • User Account Control, configuring in Vista / Configuring UAC in Vista
  • User Account Control, configuring in Windows 7 / Configuring UAC in Windows 7
  • User Account Control, disabling / Disabling UAC at the registry (Vista and 7)
  • User Account Control, issues with premium / UAC problems with Vista Home and Premium
  • User Account Control, issues with Vista Home / UAC problems with Vista Home and Premium
• Windows Update / Windows security services, Windows Update
• Windows user accounts
  • about / Windows user accounts
• Windows using Winbuilder
  • URL / Booting a Preinstalled Environment (PE)
• Windows XP / The deny-by-default permission model
• WinMerge
  • URL / Local file comparison
• winPenPack
  • URL / Portable applications
• Winzip Courier
  • URL / Encrypting attachments with compression utilities
• wireless
  • securing / Securing wireless
  • summing up / Summing up wireless
• wireless, securing
  • about / Securing wireless
  • router password / Router password
  • SSID, modifying / Changing the SSID
  • SSID, hiding / Hiding the SSID
  • AES versus TKIP / AES vs. TKIP
• wireless authentication key
  • about / Wireless authentication key
• wireless keyboard sniffers
  • about / Data loggers
• wireless management utility
  • about / The wireless management utility
• wireless sniffing
  • about / Sniffing out problems with wireless
• WordPress
  • about / An overview of our risk, Scanning for web vulnerabilities, WordPress
  • securing / WordPress security by ultimate obscurity
  • login safeguards / More login safeguards, Login
  • permissions / WordPress permissions
  • anti-malware suite / Anti-malware
  • backup solutions / Backup
  • copyright and content injection tools / Content
  • anti-spam solutions / Spam
  • issues / WordPress problems, Incompatible plugins, Injected plugins, Fun 'n' frolics with files
  • reinstalling / Reinstalling WordPress
  • forums / Forums
  • .com Support / .com support
  • Codex / Codex
  • news / News
  • planet / Planet
  • development updates / Development updates
  • Trac / Trac
  • bugs, reporting / Reporting Bugs
  • security issues / Security issues
  • Plugin Repository Trac / Plugin Repository Trac
  • themes / Plugins and themes
  • plugins / Plugins and themes
  • themes source / Plugins and themes source
  • Kvetch! / Kvetch!
  • IRC / IRC
• WordPress, reinstalling
  • about / Reinstalling WordPress
  • provisional questions / Some provisos, Upload WordPress and plugins
  • database backup, importing / Importing a database backup
  • wp-config-sample.php, editing / Editing wp-config-sample.php
  • least privileges, setting / Setting least privileges
  • passwords, changing / Changing your passwords
  • search engine results pages, verifying / Checking your search engine results pages
• wordpress.com
  • about / .com blogs vs .org sites, Host type analysis, Choices choices ...
  • versus wordpress.org / .com blogs vs .org sites
• wordpress.org
  • versus wordpress.com / .com blogs vs .org sites
  • about / .com blogs vs .org sites
• WordPress 3.2 updates
  • about / Dry run updates
• WordPress administration
  • securing, with SSL / WordPress administration with SSL, Letting WordPress know
• WordPress blogs
  • hosting options / Host type analysis
• WordPress Dashboard
  • about / Safe server access
• WordPress File Monitor / Anti-malware
• WordPress Firewall
  • about / Firewall
• WordPress Firewall 2 / Anti-malware
• WordPress Forums
  • about / WordPress forums
• WordPress security
  • about / WordPress security by ultimate obscurity
  • blog client references / Blog client references
  • feed references / Feed references
  • relational links / Relational links
  • link relationships thingy / Linking relationships thingy
  • stylesheet location / Stylesheet location
  • wp-content, migrating / Renaming and migrating wp-content
  • wp-content, renaming / Renaming and migrating wp-content
• WordPress setup
  • example / Sizing up connection options
• WordPress Tavern
  • about / WordPress Tavern
• WordPress theme file
  • permissions / Translating symbolic to octal notation
• WordPress Ultimate Security
  • about / WordPress 3 Ultimate Security
  • zines / Bloggers and zines
  • bloggers / Bloggers and zines
  • forums / Forums
  • hacking education / Hacking education, Hellbound Hackers
  • Linux / Linux, YoLinux
  • organizations / Organizations, SANS
  • penetration testing / Penetration testing, OWASP Testing Guide
  • serverside core documents / Server-side core documents
  • toolkits / Toolkits, SecTools.Org
• WordPress version
  • hiding / Hiding the WordPress version
• wordpress_INFECTED folder / Sending the clean platform live
• world-writable files
  • protecting / Protecting world-writable files
• worm
  • about / Blended threats, Worms
• wp-config-sample.php file
  • editing / Editing wp-config-sample.php
• wp-config.php
  • access, denying to / Denying access to wp-config.php
• wp-config.php file
  • about / Added protection for wp-config.php
  • moving, above WordPress root / Moving wp-config.php above the WordPress root
  / wp-config.php filePermissions case study: super-tight wp-config.php
• wp-config.php permissions / wp-config.php permissions
• wp-content
  • migrating / Renaming and migrating wp-content
  • renaming / Renaming and migrating wp-content
• wp-content directory / Prioritizing backup
  • about / Full, incremental and differential
• WP-DB-Backup / Backup
• WP-Members / Users
• WPA
  • versus WEP / WEP vs. WPA vs. WPA2
  • versus WPA2 / WEP vs. WPA vs. WPA2, WPA2 with AES
  • about / WEP vs. WPA vs. WPA2
• WPA2
  • about / Sniffing out problems with wireless, WPA2 with AES
  • versus WPA / WEP vs. WPA vs. WPA2, WPA2 with AES
• WP DB Backup
  • about / Backing up db to (web)mail
• WP File Monitor
  • URL / Chicken and egg with logging plugins
• WP Firewall
  • URL / Chicken and egg with logging plugins
• WP Security Scan / Nuking the wp_ tables prefix, Anti-malware
• WPSSL (WordPress with SSL) / SSL
• wp_ tables prefix / Nuking the wp_ tables prefix
• WUBI
  • URL / Booting a Preinstalled Environment (PE)

X

• XAMPP
  • about / Portable applications
• Xerobank
  • URL / SSL proxies and Virtual Private Networks (VPNs)
• xinetd / inetd and xinetd super-servers
• XP user accounts
  • about / XP user accounts
• XSS
  • about / Enticing URLs, The many dangers of cross-site scripting (XSS)

Y

• YoLinux
  • about / YoLinux
• YouTube
  • about / YouTube
• Yubikeys
  • about / Advanced data management and authentication
• YubiKey support / YubiKey supportYubiKey supportLastpass multi-factor authenticationYubiKey support

Z

• 7-Zip
  • URL / Encrypting attachments with compression utilities, Tracking suspect activity with logs
• zero-day
  • about / Zero day
• Zoho
  • URL / Online applications
• zombie machines / Botnets
• ZoneAlarm
  • firewall with / Firewall with ZoneAlarm
• zone file / Resolving a web address