Security

Things To Do Immediately After Getting Your TMNet UNIFI (HSBB)

Posted by | 87 Comments

Little Introduction:

On March 2010, Telekom Malaysia Berhad (TM) launched its High Speed Broadband (HSBB) service, called ‘UniFi‘. TM’s UniFi high speed broadband packages comprises services of high speed Internet, video (IPTV), and phone, with speeds of 5 Mbps, 10Mbps and 20Mbps.

Upon sign up, the customer will receive 4 pieces of equipment:

  • Fiber Broadband Termination Unit (BTU), ie. where you connect the fiber optic cable into.
  • WiFi router (D-Link, D-615 with custom firmware), which is plugged into the fiber BTU.
  • Set-Top box for IPTV and VoD, which will plug into the WiFi router.
  • DECT phone plugged into the Fiber BTU.

I’m not going to rant about the UniFi or TMNet’s services, nor speed, nor the much debated bandwith cap that TM said they’re going to impose.

I’m going to talk about the security (or the lack thereof) of the default WiFi router setup.

Continue reading

Protect Your WordPress Directory from Public Browsing

Posted by | 7 Comments

Found a really good WordPress security tips a while ago:

Directories should not be left open for public browsing.

There is a potential problem letting people know what plug-ins you have, or what versions they are. If there is some known exploit that is linked to a plug-in, it could be easy enough for someone to use it to their advantage.

To test whether your site is vulnerable to this issue, just go to http://<your_site>/wp-content/plugins
Your site SHOULDN’T be listing all the plug-ins available on your site.

It’s fairly simple to protect your WordPress installation from public browsing:
1. Make an empty wp-content/plugins/index.html file
Or
2. just add this line in your .htaccess file in your root:
Options All -Indexes