Sysadmins of the North, a technical blog in English and Dutch

WordPress XMLRPC DDoS attacks?

Since today, I notice a huge increase in HTTP POST requests on WordPress xmlrpc.php, on multiple websites. Anyone got a clue what is causing this? Are you seeing this too? Please comment.
I’ll update this post when (if) more information comes available, might it be something new.

This could be related to WordPress’ xmlrpc.php pingback DDoS vulnerability discoverd last March and reported by Sucuri, or it may be related to the WordPress pingback vulnerability reported by Acunetix. But it might be something new as well.

Read More

IIS loves to tell the world that a website runs on IIS, it does so with the Server response header as shown below. In this post I’ll show you how to rewrite and remove unwanted response headers in IIS, because we don’t want to give hackers too much information about our servers.

Read More

When the .svc web service handler doesn’t work on IIS 8.0 with ASP.NET 4.5

When a WCF web service returns a 404 Not Found error, after installing the HTTP-Activation feature in IIS, then you might need to add an extra Handler to your IIS configuration:

• Request path: *.svc
• Type:

  System.ServiceModel.Activation.ServiceHttpHandlerFactory, 
  System.ServiceModel.Activation, Version=4.0.0.0, Culture=neutral, 
  PublicKeyToken=31bf3856ad364e35

• Name: svc-Integrated-4.0

Read More

Everyone wants a fast loading website, whether it’s based on WordPress, Drupal, Joomla, or something else. For WordPress, a lot of posts are available here to optimize WordPress performance, and Drupal can easily be improved with the BOOST module. But what about Joomla?

Here are three basic tips to improve Joomla performance and loading speed. All changes can be made through the administrator back-end of Joomla, or by downloading and editing the configuration.php file.

Read More

Jason Deacon, from Australia’s design and development company Wiliam , writes about how to use a back-end instance of Umbraco 7, which is completely decoupled from the front-end (an ASP.NET MVC 5 site).

Decoupling Umbraco
Our approach leverages a file called “Umbraco.config” which is really just a XML file which Umbraco publishes all its public content to whenever a node is published in the interface. This XML structure mirrors the document types and properties of the site structure populated in Umbraco and therefore offers the perfect snapshot of the content the site can serve, without having to query a database for it.

Read Decoupling Umbraco from your front-end website.

At Vevida, we like to help our customers as much as possible. Even with optimizing a MySQL database if they don’t ask for it (when they don’t know performance can be improved), just because we spot a slow query in our slow-query log.

The other day I spotted the following in MySQL slow-query log:

# Time: 140605 16:41:34
# User@Host: database[database] @ server-01.example.com [1.1.11.111]
# Thread_id: 4660034  Schema: database  QC_hit: No
# Query_time: 3.010892  Lock_time: 0.000062  Rows_sent: 872  Rows_examined: 8035
use database;
SET timestamp=1401979294;
SELECT * FROM sContent WHERE sYear = '2014' AND sPublish = 1 and ('2014-06-05 16:41:30' Between sVisible_from And sVisible_untill or sVisible_unlimited

Roughly 3 seconds to examine 8035 and send 872 rows. That must be a good canidate for optimization, so I started with examining the query.

Read More

Let’s continue on the PGP (GnuPG, OpenPGP) and email security/privacy topics. Riseup put together an OpenPGP Best Practises guide.

MySQL storage engine, MyISAM versus InnoDB
In the earlier days of MySQL, the default storage engine for your database was MyISAM. This is why you still encounter a lot of examples with engine=MyISAM online. Nowadays, the InnoDB storage engine is MySQL’s default. MyISAM is no longer actively developed, InnoDB is. Therefor, all/most MySQL performance optimizations are for the InnoDB engine and it’s wise to choose this as your table storage engine.

If you have existing tables, and applications that use them, that you want to convert to InnoDB for better reliability and scalability, use the following guidelines and tips. Let’s assume most such tables were originally MyISAM, which was formerly the default. Here’s how, the fast and easy way in one prepared statement.

Read More

Ghost Publishing platform uses Nodemailer to send e-mails with Node.js. It can send e-mail using SMTP, sendmail or Amazon SES and is unicode friendly.

As you know, more and more web hosting providers require SMTP authentication (often abbrevated as SMTP AUTH) and a TLS encrypted connection to send email. Here you’ll find some script examples to send SMTP AUTH email over TLS with ASP, ASP.NET and PHP. Can we do the same with Ghost and Node.js?

Yes we can!

Read More

Into.the.Void. writes:

More and more privacy experts are nowdays calling people to move away from the email service provider giants (gmail, yahoo!, microsoft, etc) and are urging people to set up their own email services, to “decentralize”. This brings up many many other issues though, and one of which is that if only a small group people use a certain email server, even if they use TLS, it’s relatively easy for someone passively monitoring (email) traffic to correlate who (from some server) is communicating with whom (from another server). Even if the connection and the content is protected by TLS and GPG respectively, some people might feel uncomfortable if a third party knew that they are actually communicating (well these people better not use email, but let’s not get carried away).

This post is about sending SMTP traffic between two servers on the Internet over Tor, that is without someone being able to easily see who is sending what to whom. IMHO, it can be helpful in some situations to certain groups of people.

SMTP over Hidden Services with postfix