apache

15 Articles

Logging Baby’s Day In Linux

January 7, 2025 by 37 Comments

There’s plenty of surprises to be had when you become a parent, and one of the first is that it’s suddenly your job to record  the frequency of your infant’s various bodily functions in exacting detail. How many times did the little tyke eat, how long did they sleep, and perhaps most critically, how many times did they poop. The pediatrician will expect you to know these things, so you better start keeping notes.

Or, if you’re [Triceratops Labs], you build a physical button panel that will keep tabs on the info for you. At the press of each button, a log entry is made on the connected Raspberry Pi Zero W, which eventually makes its way to a web interface that you can view to see all of Junior’s statistics.

In terms of hardware, this one is quite simple — it’s really just an array of arcade-style push buttons wired directly into the Pi’s GPIO header. Where it shines is in the software. This project could have been just a Python script and a text file, but instead it uses a MariaDB database on the back-end, with Apache and PHP serving up the web page, and a custom Systemd service to tie it all together. In other words, it’s what happens when you let a Linux admin play with a soldering iron.

It probably won’t come as much surprise to find that hackers often come up with elaborate monitoring systems for their newborn children, after all, it’s a great excuse for a new project. This machine learning crib camera comes to mind.

Webserver Runs On Android Phone

March 27, 2024 by 36 Comments

Android, the popular mobile phone OS, is essentially just Linux with a nice user interface layer covering it all up. In theory, it should be able to do anything a normal computer running Linux could do. And, since most web servers in the world are running Linux, [PelleMannen] figured his Android phone could run a web server just as well as any other Linux machine and built this webpage that’s currently running on a smartphone, with an additional Reddit post for a little more discussion.

The phone uses Termux (which we’ve written about briefly before) to get to a Bash shell on the Android system. Before that happens, though, some setup needs to take place largely involving installing F-Droid through which Termux can be installed. From there the standard SSH and Apache servers can be installed as if the phone were running a normal Linux The rest of the installation involves tricking the phone into thinking it’s a full-fledged computer including a number of considerations to keep the phone from halting execution when the screen locks and other phone-specific issues.

With everything up and running, [PelleMannen] reports that it runs surprisingly well with the small ARM system outputting almost no heat. Since the project page is being hosted on this phone we can’t guarantee that the link above works, though, and it might get a few too many requests to stay online. We wish it were a little easier to get our pocket-sized computers to behave in similar ways to our regular laptops and PCs (even if they don’t have quite the same amount of power) but if you’re dead-set on repurposing an old phone we’ve also seen them used to great effect in place of a Raspberry Pi.

Run Your Own Server For Fun (and Zero Profit)

March 15, 2022 by 125 Comments

It seems there’s a service for everything, but sometimes you simply learn more by doing it yourself. If you haven’t enjoyed the somewhat anachronistic pleasures of running your own server and hosting your own darn website, well, today you’re in luck!

Yes, we’re going to take an old computer of some sort and turn it into a web server for hosting all of your projects at home. You could just as easily use a Raspberry Pi –even a Zero W would work — or really anything that’ll run Linux, but be aware that not all computing platforms are created equally as we’ll discuss shortly.

Yes, we’re going to roll our own in this article series. There are a lot of moving parts, so we’re going to have to cover a lot of material. Don’t worry- it’s not incredibly complicated. And you don’t have to do things the way we say. There’s flexibility at every turn, and you’re encouraged to forge your own path. That’s part of the fun!

Note: For the sake of space we’re going to skip over some of the most basic details such as installing Linux and focus on those that have the greatest impact on the project. This article gives a high level overview of what it takes to host your project website at home. It intentionally glosses over the deeper details and makes some necessary assumptions.

Continue reading “Run Your Own Server For Fun (and Zero Profit)”

This Week In Security: The Apache Fix Miss, Github (Malicious) Actions, And Shooting The Messenger

October 15, 2021 by 10 Comments

Apache 2.4.50 included a fix for CVE-2021-41773. It has since been discovered that this fix was incomplete, and this version is vulnerable to a permutation of the same vulnerability. 2.4.51 is now available, and should properly fix the vulnerability.

The original exploit used .%2e/ as the magic payload, which is using URL encoding to sneak the extra dot symbol through as part of the path. The new workaround uses .%%32%65/. This looks a bit weird, but makes sense when you decode it. URL encoding uses UTF-8, and so %32 decodes to 2, and %65 to e. Familiar? Yep, it’s just the original vulnerability with a second layer of URL encoding. This has the same requirements as the first iteration, cgi-bin has to be enabled for code execution, and require all denied has to be disabled in the configuration files. Continue reading “This Week In Security: The Apache Fix Miss, Github (Malicious) Actions, And Shooting The Messenger”

What To Do When The Botnet Comes Knocking

March 21, 2019 by 34 Comments

“It was a cold and windy night, but the breeze of ill omen blowing across the ‘net was colder. The regular trickle of login attempts suddenly became a torrent of IP addresses, all trying to break into the back-end of the Joomla site I host. I poured another cup of joe, it was gonna be a long night.”

Tech noir aside, there was something odd going on. I get an email from that web-site each time there is a failed login. The occasional login attempt isn’t surprising, but this was multiple attempts per minute, all from different IP addresses. Looking at the logs, I got the feeling they were pulling usernames and passwords from one of the various database dumps, probably also randomly seeding information from the Whois database on my domain.

Continue reading “What To Do When The Botnet Comes Knocking”

Milspec Teardown: AH-64A Apache Data Entry Panel

April 30, 2018 by 93 Comments

It’s time once again to see how those tax dollars are spent, this time in the form of a “Data Entry Keyboard” manufactured by Hughes Helicopters. This device was built circa 1986 or so, and was used in the AH-64A Apache. Specifically, this panel would have been located by the gunner’s left knee, and served as a general purpose input device for the Apache’s Fire Control System. Eventually the Apache was upgraded with a so-called “glass cockpit”; consolidating various vehicle functions into a handful of multi-purpose digital displays. As such, this particular device became obsolete and was pulled from the active Apache fleet.

The military vehicle aficionados out there may know that while the Apache is currently a product of Boeing, it was originally designed by Hughes Helicopter. In 1984, McDonnell Douglas purchased Hughes Helicopter and took over production of the Apache, and then McDonnell Douglas themselves were merged with Boeing in 1997.

So it’s somewhat interesting that this device bears the name of Hughes Helicopter, as of the time it was manufactured, they would have been known as McDonnell Douglas Helicopter Systems. Presumably they had to work through existing stock of components that already had Hughes branding on them, leaving some transitional examples such as this one.

But you didn’t come here for a history lesson on the American military-industrial complex, you want to know about the hardware itself. So let’s crack it open to see what we can learn about this piece of aviation history.

Continue reading “Milspec Teardown: AH-64A Apache Data Entry Panel”

OptionsBleed – Apache Bleeds In Uncommon Configuration

September 19, 2017 by 8 Comments

[Hanno Böck] recently uncovered a vulnerability in Apache webserver, affecting Apache HTTP Server 2.2.x through 2.2.34 and 2.4.x through 2.4.27. This bug only affects Apache servers with a certain configuration in .htaccess file. Dubbed Optionsbleed, this vulnerability is a use after free error in Apache HTTP that causes a corrupted Allow header to be replied by the webserver in response to HTTP OPTIONS requests. This can leak pieces of arbitrary memory from the server process that may contain sensitive information. The memory pieces change after multiple requests, so for a vulnerable host an arbitrary number of memory chunks can be leaked.

Unlike the famous Heartbleed bug in the past, Optionsbleed leaks only small chunks of memory and more importantly only affects a small number of hosts by default. Nevertheless, shared hosting environments that allow for .htaccess file changes can be quite sensitive to it, as a rogue .htaccess file from one user can potentially bleed info for the whole server. Scanning the Alexa Top 1 Million revealed 466 hosts with corrupted Allow headers, so it seems the impact is not huge so far.

The bug appears if a webmaster tries to use the “Limit” directive with an invalid HTTP method. We decided to test this behaviour with a simple .htaccess file like this:

Continue reading “OptionsBleed – Apache Bleeds In Uncommon Configuration”