WordPress XMLRPC DDoS attacks?
Since today, I notice a huge increase in HTTP POST requests on WordPress
xmlrpc.php, on multiple websites. Anyone got a clue what is causing this? Are you seeing this too? Please comment.
I’ll update this post when (if) more information comes available, might it be something new.
This could be related to WordPress’ xmlrpc.php pingback DDoS vulnerability discoverd last March and reported by Sucuri, or it may be related to the WordPress pingback vulnerability reported by Acunetix. But it might be something new as well.
When the .svc web service handler doesn’t work on IIS 8.0 with ASP.NET 4.5
When a WCF web service returns a 404 Not Found error, after installing the HTTP-Activation feature in IIS, then you might need to add an extra Handler to your IIS configuration:
- Request path:
System.ServiceModel.Activation.ServiceHttpHandlerFactory, System.ServiceModel.Activation, Version=188.8.131.52, Culture=neutral, PublicKeyToken=31bf3856ad364e35
29 Jun 2014
Everyone wants a fast loading website, whether it’s based on WordPress, Drupal, Joomla, or something else. For WordPress, a lot of posts are available here to optimize WordPress performance, and Drupal can easily be improved with the BOOST module. But what about Joomla?
Here are three basic tips to improve Joomla performance and loading speed. All changes can be made through the administrator back-end of Joomla, or by downloading and editing the configuration.php file.
26 Jun 2014
Jason Deacon, from Australia’s design and development company Wiliam , writes about how to use a back-end instance of Umbraco 7, which is completely decoupled from the front-end (an ASP.NET MVC 5 site).
Our approach leverages a file called “Umbraco.config” which is really just a XML file which Umbraco publishes all its public content to whenever a node is published in the interface. This XML structure mirrors the document types and properties of the site structure populated in Umbraco and therefore offers the perfect snapshot of the content the site can serve, without having to query a database for it.
21 Jun 2014
At Vevida, we like to help our customers as much as possible. Even with optimizing a MySQL database if they don’t ask for it (when they don’t know performance can be improved), just because we spot a slow query in our slow-query log.
The other day I spotted the following in MySQL slow-query log:
# Time: 140605 16:41:34 # User@Host: database[database] @ server-01.example.com [184.108.40.206] # Thread_id: 4660034 Schema: database QC_hit: No # Query_time: 3.010892 Lock_time: 0.000062 Rows_sent: 872 Rows_examined: 8035 use database; SET timestamp=1401979294; SELECT * FROM sContent WHERE sYear = '2014' AND sPublish = 1 and ('2014-06-05 16:41:30' Between sVisible_from And sVisible_untill or sVisible_unlimited
19 Jun 2014
MySQL storage engine, MyISAM versus InnoDB
In the earlier days of MySQL, the default storage engine for your database was MyISAM. This is why you still encounter a lot of examples with
engine=MyISAM online. Nowadays, the InnoDB storage engine is MySQL’s default. MyISAM is no longer actively developed, InnoDB is. Therefor, all/most MySQL performance optimizations are for the InnoDB engine and it’s wise to choose this as your table storage engine.
If you have existing tables, and applications that use them, that you want to convert to InnoDB for better reliability and scalability, use the following guidelines and tips. Let’s assume most such tables were originally MyISAM, which was formerly the default. Here’s how, the fast and easy way in one prepared statement.
As you know, more and more web hosting providers require SMTP authentication (often abbrevated as SMTP AUTH) and a TLS encrypted connection to send email. Here you’ll find some script examples to send SMTP AUTH email over TLS with ASP, ASP.NET and PHP. Can we do the same with Ghost and Node.js?
17 Jun 2014
More and more privacy experts are nowdays calling people to move away from the email service provider giants (gmail, yahoo!, microsoft, etc) and are urging people to set up their own email services, to “decentralize”. This brings up many many other issues though, and one of which is that if only a small group people use a certain email server, even if they use TLS, it’s relatively easy for someone passively monitoring (email) traffic to correlate who (from some server) is communicating with whom (from another server). Even if the connection and the content is protected by TLS and GPG respectively, some people might feel uncomfortable if a third party knew that they are actually communicating (well these people better not use email, but let’s not get carried away).
This post is about sending SMTP traffic between two servers on the Internet over Tor, that is without someone being able to easily see who is sending what to whom. IMHO, it can be helpful in some situations to certain groups of people.