There is a serious security hole in the way that Apache handles symlinks on shared servers.
This allows an exploited account on a server to view .php files owned by other accounts, thus escalating a single-account exploit to potentially many accounts on the one server. This post describes how to plug these holes very portably. [click to continue…]
Nolisting is a spam-avoidance scheme which tricks the spammers into giving up when trying to send us spam. It can result in 50-60% spam reduction on heavily spammed domains and does not use any server load as the spammers don’t even get to connect. [ The 60% figure was measured in 2008 but the technique is expected to be less effective these days (2011).]
More specifically, nolisting tricks the spammers into talking to IPs that ignore traffic, whereas normal mailers go on to talk to the real mail system. [click to continue…]