For the past week, I’ve been monitoring activity from a set of IP addresses involved with brute-force login attacks. Brute-force login attacks involve systematic guessing of passwords using various common usernames such as “admin” and “username”. So for example, an attack will target an array of sites, use “admin” as the username, and then make numerous attempts at “guessing” your password. And to obfuscate their malicious activity, the attack is executed from multiple IP addresses, either via [...] • Read more »
Perishable Press
WordPress, Web Design, Code & Tutorials
- Viewing page 2 of 3
- View newer posts →
- ← View older posts
- Visit the Archives
New Book!
I’m proud to announce the launch of my new book on .htaccess, titled .htaccess made easy. It’s a book I’ve been wanting to write for years, since first getting hooked on .htaccess way back in 2006. Since then, I’ve learned a lot about .htaccess, Apache, security, and web-design in general — with many articles on the topic published here at Perishable Press and elsewhere on the Web. Everyone kept inspiring me to bring it all together and [...] • Read more »
bbPress Theme Template Files
For those getting into bbPress for hosting your own forum, customizing your bbPress theme files can be difficult if you don’t know which page to load. Many of the bbPress theme template files contain enough clues to figure things out, but not every template file is used by default, or even at all depending on how you’ve configured bbPress. Themes may contain different template files, but the default “bbPress (Twenty Ten)” theme (included with version 2.1.1) may [...] • Read more »
Prevent Duplicate Content in cPanel
In this guest-post, Jon Brown shares a solution to the age-old problem of preventing duplicate content from addon-domains in cPanel. Jon explains the issue and shares his methodology in crafting an elegant solution applied via .htaccess. If you’re using cPanel and want to improve your SEO, this will definitely help. Here is the table of contents: • Read more »
Clean Markup Widget for WordPress
When adding content to your sidebar, it’s nice to be able to output clean, well-formatted markup. There are several ways to do this, including adding HTML directly in the theme template, installing a plugin, or simply using a widget. Widgets provide a great way of customizing sidebars and other widgetized areas, but as you may have seen in the source-code, the HTML is treated with all sorts of additional attributes, elements, and classes. Sometimes, you just need [...] • Read more »
Tale of a Hacked Website
I love a good story. Almost as much as I enjoy securing websites. Put them together and you’ve got suspense, intrigue, and plenty of encoded gibberish. But no happy ending this time, in this case the smartest decision was to “pull it” and rebuild. The site was just wasted — completely riddled with malicious code. Without current backup data, it would’ve been “game over” for the site, and possibly the business. • Read more »
3D Text with CSS3 text-shadow
Here’s a fun way to make text look 3D using CSS3. Using CSS whenever possible instead of images has several key advantages, including faster page-loads and better SEO I use the CSS text-shadow technique in a previous theme, and a few people had asked about it, so here it is: everything you need to create your own stunning 3D-text with CSS3.. • Read more »
Encoding & Decoding PHP Code
There are many ways to encode and decode PHP code. From the perspective of site security, there are three PHP functions — str_rot13(), base64_encode(), and gzinflate — that are frequently used to obfuscate malicious strings of PHP code. For those involved in the securing of websites, understanding how these functions are used to encode and decode encrypted chunks of PHP data is critical to accurate monitoring and expedient attack recovery. • Read more »
Ron Paul 2012 WordPress Plugin
Update (2012/11/08): Well the elections are over and Ron Paul was not elected to be the next president of the United States. Deeper implications aside, the Ron Paul 2012 plugin is now discontinued. If you’re looking for a WordPress plugin to display a banner, button, or badge on your website, check out my new plugin Show Support Ribbon. I wanted to show support for Ron Paul on my WordPress website with a simple badge or button. Surprised [...] • Read more »
Media Temple (dv) 4.0 Migration & Optimization
About a month ago, I received an email letting me know that my host, Media Temple, is discontinuing their (dv) Dedicated Virtual 3.0-3.5 servers. Everyone hosted on the old servers must migrate to the new (dv) 4.0 servers. The friendly (mt) email says: The migration is a fairly simple process and you’ll have until early summer to complete it. Having now perfromed the migration, I can assure you that solid preparation is required to make it a [...] • Read more »
15+ Collections of Minimalist Web Design
I always enjoy looking at good minimalist web design. Here are my 15+ favorite collections of articles featuring minimalist design, comprising nearly 650 examples: • Read more »
6G Beta
Since releasing the 5G Blacklist earlier this year, malicious server scans and bad requests have surged with more novel attacks than I’ve seen since first getting into this stuff six years ago. In other words, now is the time to beef up security and lock things down. If you’re into monitoring your server and knowing your traffic, you may be observing the same recent spike in malicious activity. In response to these attacks, I’ve been secretly working [...] • Read more »
Add Google+ Share Button to Any Site
g+ Share button Word on the streets is that the new Google+ Share button is the best way yet to benefit from Google’s myriad social-media services and all-important search-engine. And Google makes it SO easy to add the new Share button to your website. This article explains what it is, where it fits in with all the other social-Google stuff, and of course how to add the g+ Share button to any site. • Read more »
Blank Space / Whitespace Character for .htaccess
Working on the next version of the G-Series Blacklist, I needed a way to match a wide variety of UTF-8-encoded (hex) character strings. Those familiar with their site’s traffic will recognize this particular type of URI request string, which is typically associated with malicious server scanning, exploits, and other malicious behavior. As I explain in this post, pattern-matching and blocking the blank-space, or whitespace character in URL-requests is an effective way to improve the security of your [...] • Read more »
Case-Insensitive RedirectMatch
Cool trick that you may not have known about.. it’s possible to get case-insensitive matching with the powerful RedirectMatch directive. Normally, you would just write your redirect as something like this: • Read more »
WordPress Add-on for 5G Blacklist
Ill requests and malicious scans have been spiking recently, to the point where server performance was really taking a hit. One scan in particular hammered the server with thousands of bad requests in just a few minutes. There are people out there with strong scripts and small minds that are constantly scanning sites for vulnerabilities, and much of what I’ve seen is aimed primarily at WordPress. • Read more »