Security category archive

5G Blacklist 2013

By Jeff Starr • .htaccess, Security • Thursday, January 10, 2013

Following up on much feedback (and this post), here is an update for the 5G Blacklist for 2013. As explained in the 2012 article (and elsewhere), the 5G Blacklist helps reduce the number of malicious URL requests that hit your website. It’s one of many ways to improve the security of your site and protect against evil exploits, bad requests, and other nefarious garbage. If your site runs on Apache and you’re familiar with .htaccess, the 5G [...] • Read more »

Protection for WordPress Pingback Vulnerability

By Jeff Starr • .htaccess, Security, WordPress • Thursday, January 03, 2013

It was recently reported about a WordPress Pingback Vulnerability, whereby an attacker has four potential ways to cause harm via xmlrpc.php, which is the file included in WordPress for XML-RPC Support (e.g., “pingbacks”). In this post, I offer a simple .htaccess technique to lock things down and protect against any meddling via the xmlrpc.php file. Note: this technique is only recommended if you aren’t using XML-RPC for anything (e.g., pingbacks, Blogger, MovableType, etc.). Update: Check out the [...] • Read more »

(Please) Stop Using Unsafe Characters in URLs

By Jeff Starr • Security • Monday, December 31, 2012

Just as there are specifications for designing with CSS, HTML, and JavaScript, there are specifications for working with URIs/URLs. The Internet Engineering Task Force (IETF) clearly defines these specifications in numerous documents, including the following: • Read more »

Blacklist Candidate 2012-11-13: Evil Scanner Edition

By Jeff Starr • .htaccess, Security • Wednesday, November 14, 2012

It’s been awhile since I’ve posted one of my Blacklist Candidate series articles. It’s always fun for me to talk (or write) about security related issues, especially when a quick slab of .htaccess can be used to take care of business. And that’s exactly what we have in this edition of the series, where I’m pleased to bring you Blacklist Candidate Number 2012-11-13: the “evil” scanner. Instead of scanning your site, collecting data, and moving on, Mr. [...] • Read more »

BBQ: Protect Against Malicious URL Requests

By Jeff Starr • Security, WordPress • Friday, October 26, 2012

Block Bad Queries (BBQ) is a simple script that protects your website against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings. This is a simple yet solid solution that works great for sites where .htaccess is not available. The BBQ script is available as a plugin for WordPress or standalone script for any PHP-powered website. • Read more »

expose_php, Easter Eggs, and .htaccess

By Jeff Starr • .htaccess, Security • Monday, October 15, 2012

A reader recently brought to my attention a reported vulnerability on servers running PHP. It’s been known about for eons, but it’s new to me and it involves easter eggs in PHP so I thought it would be fun to share a quick post about what it is and how to prevent leakage of sensitive information about your server. • Read more »

Protect Against Brute-force/Proxy Login Attacks

By Jeff Starr • .htaccess, Security • Monday, October 01, 2012

For the past week, I’ve been monitoring activity from a set of IP addresses involved with brute-force login attacks. Brute-force login attacks involve systematic guessing of passwords using various common usernames such as “admin” and “username”. So for example, an attack will target an array of sites, use “admin” as the username, and then make numerous attempts at “guessing” your password. And to obfuscate their malicious activity, the attack is executed from multiple IP addresses, either via [...] • Read more »

Tale of a Hacked Website

By Jeff Starr • Security • Tuesday, June 12, 2012

I love a good story. Almost as much as I enjoy securing websites. Put them together and you’ve got suspense, intrigue, and plenty of encoded gibberish. But no happy ending this time, in this case the smartest decision was to “pull it” and rebuild. The site was just wasted — completely riddled with malicious code. Without current backup data, it would’ve been “game over” for the site, and possibly the business. • Read more »

Encoding & Decoding PHP Code

By Jeff Starr • PHP, Security • Friday, June 01, 2012

There are many ways to encode and decode PHP code. From the perspective of site security, there are three PHP functions — str_rot13(), base64_encode(), and gzinflate — that are frequently used to obfuscate malicious strings of PHP code. For those involved in the securing of websites, understanding how these functions are used to encode and decode encrypted chunks of PHP data is critical to accurate monitoring and expedient attack recovery. • Read more »

6G Beta

By Jeff Starr • .htaccess, Security • Monday, May 21, 2012

Since releasing the 5G Blacklist earlier this year, malicious server scans and bad requests have surged with more novel attacks than I’ve seen since first getting into this stuff six years ago. In other words, now is the time to beef up security and lock things down. If you’re into monitoring your server and knowing your traffic, you may be observing the same recent spike in malicious activity. In response to these attacks, I’ve been secretly working [...] • Read more »

Stream Video Player / swfobject Hack

By Jeff Starr • Security • Tuesday, March 13, 2012

During the recent redesign, I discovered that my newer WP installation (v3.3.1) had been hacked. I get this email first thing in the morning: • Read more »

PayPal Phishing Spam

By Jeff Starr • Security • Wednesday, January 25, 2012

Just a heads up to anyone else getting the occasional PayPal phishing spam.. Usually it’s pretty easy to spot one of those crafty phishing emails, just hover over any links before clicking to view the real URL in the status bar. You know, the link says something like, “click here to restore your PayPal account,” but you know that’s garbage and could easily prove it by checking the actual link URL, which is usually something completely bonkers, [...] • Read more »

5G Blacklist 2012

By Jeff Starr • .htaccess, Security • Wednesday, January 11, 2012

The 5G Blacklist helps reduce the number of malicious URL requests that hit your website. It’s one of many ways to improve the security of your site and protect against evil exploits, bad requests, and other nefarious garbage. After extensive beta testing, the 5G Blacklist/Firewall is solid and ready to help secure sites hosted on Apache servers. In addition to beta testing for the 5G, this is the 5th major update of my “G”-series blacklists. Here is [...] • Read more »

5G Blacklist for Microsoft IIS

By Jeff Starr • Security • Friday, November 25, 2011

By design the 5G Blacklist works on Apache servers, but thanks to Scott Stawarz, here is a version for Microsoft IIS: • Read more »

Building the 5G Blacklist

By Jeff Starr • .htaccess, Security • Friday, September 23, 2011

Protecting your website is more important than ever. There are a million ways to do it, and this is one of them. In fact, it’s what I use to protect Perishable Press and other key sites. It’s called the 5G Blacklist, and it’s something I’ve been working on for a long time. The idea is simple enough: analyze bad requests and block them using a firewall/blacklist via .htaccess. Now in its 5th generation, the 5G Blacklist has [...] • Read more »

Block Tough Proxies

By Jeff Starr • .htaccess, PHP, Security, WordPress • Monday, July 18, 2011

If you want to block tough proxies like hidemyass.com, my previously posted .htaccess methods won’t work. Those methods will block quite a bit of proxy visits to your site, but won’t work on the stealthier proxies. Fortunately, we can use a bit of PHP to keep them out. • Read more »

Key Pages

More Categories

News (104)
Random (27)
Web Design (15)
WordPress (219)
Blogging (42)
Graphics (28)
Tech (50)

Popular Tags