Sysadmin, Windows Server, IIS, security, website & WordPress, MySQL, optimization
Jim Walker from HackRepair.com posted a 2016 version of his Bad Bots .htaccess on Pastebin. I offered Jim to translate his Bad Bots .htaccess to web.config, to be used with Windows Server IIS. And here it is, learn to protect your website with this web.config file!
Continue reading “HackRepair.com’s Bad Bots .htaccess in web.config for IIS”
Imperva’s Web Application Attack Report shows spam is WordPress’ largest security threat. Imperva, an international cyber security company founded in 2002, published its 2015 web application attack report. The report includes a thorough analysis of attack data obtained through its Web Application Firewall (or WAF).
Continue reading “WordPress Is the Most Attacked CMS Application”
Rewrite and proxy HTTP requests in IIS. In my case scenario, I had to proxy requests on IIS, because a website was moved from web server A to B, and the DNS wasn’t updated yet. All HTTP requests for the moved website are handled in IIS’ Default Web Site; that’s the wildcard host, and the original host no longer existed there. We needed to match our website and proxy those requests to the new IIS web server. This can either be done using a proxy with URL Rewrite, IIS Application Request Routing (ARR), or a .htaccess file handled by Helicon Ape.
Mod_evasive is a module for Apache and Windows Server IIS (using Helicon Ape), to provide protection and evasive action in the event of an HTTP DoS-, DDoS or brute force attack. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denies an IP address access to a website if it’s requesting the same page more than 10 times a second. This is configurable.
WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites… Secure WordPress xmlprc.php interface and reduce service disruption.
Continue reading “Huge increase in WordPress xmlrpc.php POST requests”
How to hide file extensions, such as .php, with URL Rewrite on Windows Server IIS? Sometimes it’s important to hide the file extension of scripts you use. Security by obscurity might be that reason, if you don’t want others to know what script language you are using for your website. This example will hide the .php extension using the IIS URL Rewrite module, in a ready to use web.config & .htaccess example.
Continue reading “Hide .php extension with IIS URL Rewrite Module (how-to)”
This website Saotn.org is hosted on Windows Server 2012 with IIS 8.0 with WordPress for a few months now, and everything is running very smooth. And I would never hit this bug because I don’t need to change my permalinks structure, or save any other plugin setting which would want write to a web.config file. One of my colleagues on the other hand, just moved his website to one of our IIS 8.0 web servers and he noticed he couldn’t save his Permalinks structure in the IIS web.config file. This can be pretty annoying ;-) Quick fix attached…
Continue reading “WordPress 3.5 on IIS 8.0 is unable to save a web.config file”
How to create your own Origin Pull CDN (Content Delivery Network) with just a few lines of PHP code, to boost WordPress’ performance. The advantage of having your website content hosted on a Content Delivery Network (CDN) is having your content distributed and stored across the Globe. Utilizing the network of the Content Delivery Network provider. Hosting your WordPress in a Content Delivery Network is an important WordPress optimization tip. Here is how to create your own Origin Pull CDN with PHP…
Continue reading “Create your own PHP based Origin Pull CDN”
Convert Apache .htaccess to web.config with help from this post. This post describes some of the IIS URL Rewrite equivalents of commonly used Apache .htaccess settings. This is useful when you want to convert your .htaccess to web.config. The second part of this post outlines how to use Internet Information Services Manager to import and convert .htaccess to web.config.
The Internet Storm Center reports that a large number of Joomla sites are currently deploying malicious code and infecting visitors with malware; some WordPress sites are also thought to be affected. The German CERT-Bund Computer Emergency Response Team, which is operated by the German Federal Office for Information Security (BSI), has confirmed that similar attacks on and via Joomla servers have also been observed in Germany.
Continue reading ““Joomla sites misused to deploy malware” – Update”
Acunetix’ Bogdan Calin wrote an article explaining why .htaccess files should not be used to secure sensitive data. htaccess files should not be used for security restrictions.
Block and filter unwanted web HTTP traffic with blacklists, on both IIS and Apache. Protect your website easily with this PHP blacklist class. Let’s create our own web/HTTP blacklist.
Continue reading “How to filter web traffic with blacklists”
Learn how to use .htaccess in Windows Server IIS. In this post I’ll provide you with some useful .htaccess URL rewrite examples. URL rewrite examples that you can use on Window Server IIS for your website.
Continue reading “How to use .htaccess files on Windows Server IIS”
How to use .htaccess as a Web Application Firewall (WAF), and block out exploits and rogue HTTP requests. Sometimes you have no choice but to protect your website yourself, for example if your hosting provider doesn’t offer a Web Application Firewall (WAF) [2] security solution.
Continue reading “7 Tips: .htaccess as Web Application Firewall (WAF) to secure your website”