You are here: Sysadmins of the North » Security

Security

You are here: Sysadmins of the North » Security

Are you in my blocklist?

Access blocked

Recently, Jeff Starr wrote about blocking IP addresses posting random string comment spam. That post reminded me about my own older post about blocking WordPress comment spammers manually. With just a few manual steps, you create your own little blocklist for WordPress in either a .htaccess or web.config file. Here are the IP addresses I’m currently blocking. Note, this list can get long (loooonnggg).

YubiKey support in OpenSSH for Windows 11 and Windows 10

OpenSSH logo

Since Win32-OpenSSH version 8.9.1.0p1-Beta there is decent support for FIDO/U2F hardware authenticators. This means we can use a YubiKey with Windows 11 and Windows 10, w00h00! In this post, I’ll show you how to install Microsoft OpenSSH client in Windows 11 and Windows 10, and how to configure your YubiKey. If you follow this guide and all goes well, you no longer need additional tools like Git Bash or MremoteNG/MobaXterm.

What are 4 important security measures for Windows Server & IIS 10?

white and gray metal pipe

When you have just installed your new Windows Server, with or without IIS as web server, it is important to take a few extra security measurements. Securing your server is important to keep hackers out and your data safe. This article provides 4 key steps in strengthening your Windows Server web (IIS) or file server security.

Exploit PHP mail() to get remote code execution

Exploit PHP mail() function to perform remote code execution, under rare circumstances. Security Sucks wrote about an interesting way to exploit PHP’s mail() function for remote code execution. Apparently, if you are able to control the 5th parameter of the mail() function ($options), you have the opportunity to execute arbitrary commands.

Scroll to Top