Posted inWindows Server
HackRepair.com’s Bad Bots .htaccess in web.config for IIS
Block bad bots in WIndows Server IIS using web.config. Learn to protect your WordPress website with this web.config file!
Posted inGNU Linux
Install Elasticsearch on CentOS 6.7
Elasticsearch is a highly scalable open-source full-text search and analytics engine. It allows you to store, search, and analyze big volumes of data quickly and in near real time. In this article we'll go over the steps to install Elasticsearch on CentOS 6.7.
Posted inWindows Server
Optimize PHP’s OPcache configuration
Learn how to optimize PHP's OPcache configuration and make OPcache perform even better! After you've configured and optimized PHP realpath_cache_size, it is time to fine-tune the OPcache cache mechanism. With just a few tweaks you can tune OPcache to make it perform much better, and here is how!
Posted inWeb application security
Add a delay to your WordPress login form
This plugin adds a three second delay when logging into WordPress. This slows down brute-force attacks on your website. However, it is not recommended to use sleep(), because a heavy brute-force attack will let all those POST requests sleep for the given amount of time.
Posted inWordPress
My WordPress web.config
Do you host your WordPress website on Windows Server IIS? And are you having trouble with your web.config? I often receive questions about how to use a web.config file in WordPress on Windows Server, and which settings are important for a WordPress site. Maybe it's because I'm a WordPress on Windows Server IIS enthusiast, so here is my web.config for your convenience (really, it's not that special).
Posted inGNU Linux Windows Server
Redirect HTTP to HTTPS
Various HTTP to HTTPS redirection methods, for Windows Server IIS and Linux Apache.
Posted inGNU Linux
Monit monitoring on Ubuntu 14.04 VM on Hyper-V
Set up a Monit monitoring service for your websites and services. Monit is a free and open source service monitoring application which can perform various event-based actions. Monit can send email notifications, restart a service or application, or take other responsive actions. We set Monit up on a Ubuntu 14.04 VM, built on Hyper-V. And we use Monit to monitor several websites, and send out notifications on downtime.
Posted inGNU Linux
How to restore a deleted Open-Xchange context?
How-to restore, or recover, an accidentally deleted OX context. If you've accidentally deleted an Open-Xchange context (contextid), then that is bad... Here is how to recover a deleted OX context and filestore... Assuming you make Open-Xchange backups of course.
Posted inWindows Server
Disk Cleanup in Windows Server
Learn how to perform disk cleanup in Windows Server. Gain gigabytes of free disk space by cleaning up Windows Update-, Service Pack-, and hotfix installations. Analyze and clean WinSxs, install cleanmgr in Windows Server 2012 Core, or move SoftwareDistribution folder.
Posted inWeb application security
Joomla websites abused as open proxy for Denial-of-Service attacks
Joomla websites using the Googlemaps plugin for Joomla are actively abused as open proxy for launching Denial-of-Service (DoS) attacks. The problem with the Joomla Googlemaps plugin lies in the fact anyone can execute cURL HTTP requests to remote websites.
Posted inWeb application security
Exploit PHP mail() to get remote code execution
If you are able to control the 5th parameter of PHP mail() function ($options), you have the opportunity to execute arbitrary commands. Remote Code Execution (RCE) in PHP mail()
Posted inWordPress
Send authenticated SMTP email over TLS from WordPress
How to configure TLS for SMTP email in WordPress. I was suprised WordPress is not able to send email using an SMTP server out-of-the-box. Not to mention using authenticated SMTP or TLS transport for security. A quick Google search showed me multiple plugins to handle this, but I wanted to create something myself. Here is how to override the wp-mail() function and send email using authenticated SMTP and StartTLS from WordPress.
Posted inCode base
Magento maintenance script for IIS
Optimize the speed and performance of your Magento ecommerce webshop by carrying out important maintenance. Now for Windows Server IIS too. Remove old MySQL database log files and Magento cache data on a regular basis.
Posted inWindows Server
Mod_evasive on IIS
Website DDoS protection with mod_evasive.Mod_evasive is a module for Apache and Windows Server IIS (using Helicon Ape). It provides protection and evasive action in the event of an HTTP DoS-, DDoS or brute force attack. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denies an IP address access to a website if it's requesting the same page more than 10 times a second. This is configurable.
Posted inWordPress
Huge increase in WordPress xmlrpc.php POST requests
WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites... Secure WordPress xmlprc.php interface and reduce service disruption.