This PowerShell solution blocks IP addresses that are trying to brute force your SQL Server logins, by blocking IP addresses in Windows Defender Firewall with Advanced Security. For the time being, some manual labor is involved, but it is still manageable. You can use this to create your own solution to block offending IP addresses in SQL Server’s firewall.
Sjoerd Langkemper writes about Cracking PHP rand():
Webapps occasionaly need to create tokens that are hard to guess. For example for session tokens or CSRF tokens, or in forgot password functionality where you get a token mailed to reset your password. These tokens should be cryptographically secure, but are often made by calling
rand() multiple times and transforming the output to a string. This post will explore how hard it is to predict a token made with
This is a very interesting read about how PHP
rand() works, and how to attack & crack it. The post ends with the following conclusion:
Or why *not* to add a delay … !
It is important to protect your WordPress website from brute-force attacks, and various security plugins exist in doing so. For the purpose of this article, I modified the WordPress Login Delay plugin with a fixed delay of three seconds for my
wp-login.php page. This provides you with an easy to use method of protecting your WordPress login form (but do read the caveats!).