How to disable SMBv1 in Windows 10 and Windows Server
It is urged you disable SMBv1 in your Windows variant (Windows 10, 8.1, Server 2016, 2012 R2), and here is how if you haven't done so yet.
Sysadmins of the North
Technical SysOps blog, where topics include Sysadmin, DevOps, computers, servers, web, MySQL, database, virtualization, optimization and security
Sysadmins of the North
Technical SysOps blog, where topics include Sysadmin, DevOps, computers, servers, web, MySQL, database, virtualization, optimization and security
Tag Security
Read MoreHow to disable SMBv1 in Windows 10 and Windows Server
Check WordPress Core files integrity
Check WordPress integrity and verify WordPress Core files' md5 checksums against WordPress' checksums API, using this standalone PHP file.
Akal Premium WordPress theme XSS vulnerability
This post describes the Akal premium WordPress theme Cross Site Scripting (XSS) vulnerability. If you use this theme, delete it immediately!
HackRepair.com’s Bad Bots .htaccess in web.config for IIS
Learn to protect your WordPress website with this web.config file on Windows Server IIS. Block IP addresses, bad bots, query string sequences
Deny vulnerable WordPress plugins using Windows Server File Server Resource Manager’s File Screens
Using Windows Server File Server Resource Manager‘s File Screens you can block vulnerable WordPress plugins from being uploaded to your IIS web server. In the following example, you’ll learn how to block WP DB Backup plugin system-wide on Windows Server, read on…
Generate pseudorandom passwords with OpenSSL
OpenSSL comes in handy when you need to generate passwords or random strings. For example for system accounts and services. In this short post I'll give you a quick example on how to generate random passwords with OpenSSL in Linux (Bash), Windows and PHP.
My WordPress web.config
Do you host your WordPress website on Windows Server IIS? And are you having trouble with your web.config? Here is mine :)
Tunnel RDP through SSH & PuTTY
Have you ever been in a situation where you needed to perform remote administration on a Windows Server, and the RDP port 3389 is blocked on a firewall? You can tunnel RDP over SSH with PuTTY
Disable WordPress comments (how-to)
With thousands spam reactions, disabling (and removing) WordPress comments is often the only way to go. Here is how to disable WordPress comments in both the WordPress Dashboard interface and in your MySQL / MariaDB database.
Exploit PHP’s mail() to get remote code execution
Exploit PHP's mail() function for remote code execution. Apparently, if you are able to control the 5th parameter of the mail() function ($options), you have the opportunity to execute arbitrary commands.
Huge increase in WordPress xmlrpc.php POST requests
How to identify, block, mitigate and leverage xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites... Secure WordPress xmlprc.php interface and reduce service disruption.
Remove IIS Server version HTTP Response Header
Windows Server IIS loves to tell the world that a website runs on IIS. It does so with the "Server:" header in the HTTP response, as shown below. In this post I'll show you how to remove HTTP response headers in Windows Server IIS. You don't want to give hackers too much information about your servers, right?.
Hide the .php file extension with IIS URL Rewrite Module
Sometimes it's important to remove (or hide) the file extension of scripts you use. Security by obscurity might be that reason, if you don't want others to know what script language you are using for your website, or for static site hosts.
Test SMTP authentication and StartTLS
Investigate SMTP authentication issues like a boss! When using TLS encrypted SMTP connections, it's always handy if you are able to create a SMTP logon credentials and test SMTP authentication over a TLS/StartTLS connection. Preferably from your command-prompt.
Block WordPress comment spammers manually
The less spammers hit your WordPress blog, the better your blog performs, is one of my opinions. A second is, the less unnecessary plugins you use on your WordPress blog, the better. So, a little while ago I decided to remove plugins like Stop Spammer Registration Plugin and do its work myself.
Grep for forensic log parsing and analysis on Windows Server IIS
How to use GnuWin32 ported tools like grep.exe and find.exe for forensic log file analysis in Windows Server. Find webshells and backdoors in websites, check visitor's IP addresses or hits to backdoor/webshell files in IIS log files easy. Command-line log analysis in Windows Server, search for Joomla-, WordPress-, Drupal- and PHP- malware & backdoors in your website with grep and find.
MySQL Connector/NET and Entity Framework
How to let MySQL Connector/NET and Entity Framework play nicely. This blog post is a quicky and an oldy… Since we still receive a reasonable amount of questions about this topic at the customer service of my employer I’m posting…
Filter web traffic with blacklists
Block and filter unwanted web HTTP traffic with blocklists, on both IIS and Apache. Protect your website easily with this PHP blocklist class. Create your own HTTP web blocklist filter.
MySQL Connector/NET 6.5 in partial trust
How to use MySQL Connector/NET 6.5 with MySqlClientPermission Class in partial (medium) trust
PHP on IIS: “No input file specified”
When you host your PHP website on Windows Server IIS, you may receive an "No input file specified" error message, when a HTTP request is made to non-existing .php files. When this happens you probably have no Request Restrictions configured in IIS PHP handler settings. Here is how to fix the "no input file specified error" with PHP and IIS.
![[HttpException (0x80004005): The length of the URL for this request exceeds the configured maxUrlLength value.]](https://cdn.saotn.org/wp-content/uploads/2025/06/Length_of_URL_for_request_exceeds_maxUrlLength_value-11-150x150.png)
