Posted inWindows Server
YubiKey support in OpenSSH for Windows 11 and Windows 10
Configure and use YubiKey security keys with Microsoft OpenSSH in Windows Server, Windows 11 and Windows 10 to support FIDO/U2F devices.
Privacy Policy
Who we are Suggested text: Our website address is: http://demo.peregrine-themes.com/hester-blogger. Comments Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your…
Posted inWeb application security
3 Ways of blocking sendmail.php on IIS webserver
Use IIS URL Rewrite Module and Request Filtering in IIS to block access to certain scripts. Sendmail.php for example. To prevent sending spam.
Posted inWindows Server
How to add, list and remove IP addresses in Windows Firewall
Here is how to bulk add IP addresses in the Windows Firewall, list an IP address and remove all IP addresses from Windows Defender Firewall with Advanced Security. In Windows 11, 10 and Windows Server
Posted inWindows Server
Block brute force attacks on SQL Server, block IP addresses in Windows Firewall using PowerShell
This PowerShell solution blocks IP addresses that are trying to brute force your SQL Server logins, by blocking IP addresses in Windows Defender Firewall with Advanced Security, using PowerShell. You can use this to create your own solution to block offending IP addresses in SQL Server's firewall.
Posted inWindows Server
Windows Defender: Turn off routine remediation
Here is how to (temporarily) turn off routine remediation in Windows Defender Antivirus (WinDefend). During the transition of antivirus software to Windows Defender Antivirus (WinDefend), I don't want Windows Defender remediation on threats it might find. Later, when I have more information about potential threats, I can always choose to remediate that threat, e.g. quarantaine or remove it.
Posted inWindows Server
Install and setup IIS Manager for Remote Administration in Windows Server IIS (step by step)
In this article you’ll learn how to install and setup IIS Manager in Windows 11/10 to manage your website(s). You can also follow these steps to install Internet Information Services (IIS) Manager on a Windows Server Core edition, to locally or remotely manage hosted websites. This post also shows how to install IIS Web Management Service (WMSVC) on Server Core using PowerShell.
Posted inGNU Linux
Force HSTS in Apache .htaccess
Learn how to enable HSTS (HTTP Strict Transport Security) in Linux Apache .htaccess. I wrote about enabling HTTP Strict Transport Security (HSTS) in IIS earlier. But what about enabling HSTS in Apache .htaccess? Here is how.
Posted inWindows Server
Install OpenSSH in Windows Server
How to install OpenSSH Server in Windows Server Core using PowerShell. In this tutorial, you'll learn how to install Microsoft SSH Server in Windows Server 2022 and below (2019, 2016, 2012 R2). OpenSSH is an ideal and secure way of performing remote maintenance & administration on your servers. Even on Windows Server!
Posted inWindows Server
Securing privileged access
Securing privileged access is a critical first step to establishing security assurances for business assets in a modern organization. The security of most or all business assets in an IT organization depends on the integrity of the privileged accounts used to administer, manage, and develop. Cyber-attackers often target these accounts and other elements of privileged access to gain access to data and systems using credential theft attacks
Posted inWindows Server
Find vulnerable WordPress plugin versions fast using PowerShell
Use PowerShell to find vulnerable WordPress plugin versions hosted on your Windows Server IIS webserver fast, because new vulnerabilities are found on a daily basis. On Windows Server, PowerShell is a perfect tool for this job!
Posted inWeb application security
Disallow direct access to PHP files in wp-content/uploads/
It's recommended to disallow access to and execution of PHP files in wp-content/uploads folder. Preferably without the use of a security plugin. Blocking access to PHP files in WordPress wp-content/uploads folder is easily achieved with a .htaccess file on Linux Apache, or web.config accesssPolicy in Windows Server IIS, and here is how. Secure your WordPress site with this simple, yet effective, tip!
Posted inWindows Server
Basic Authentication module for Windows Server IIS 10
Basic Authentication managed HTTP module for IIS 10 with virtual users support. In my pursuit of a basic authentication alternative in IIS, other than the built-in Basic Authentication module or Helicon Ape, I came across Devbridge AzurePowerTools. It's apparently one of few HTTP managed modules for IIS that enables HTTP Basic Authentication with support for virtual users.
Posted inWordPress
Reduce Wordfence CPU usage, disable Wordfence “Live Traffic View”
Reduce Wordfence and WordPress CPU usage by checking settings and disabling Live Traffic View. This'll improve the performance and speed of your WordPress website.
Posted inPowerShell
Install Windows Server Servicing Stack Updates (SSU) using PowerShell
Install Servicing Stack Updates (SSU) for Windows Server 2012R2, 2016 and Windows Server 2019 using PowerShell, without downtime. Because they must be installed prior to normal Windows Server security updates you can install an SSU anytime you want to during the day. Here's a small PowerShell example to do so.