WordCamp EU – Q&A

https://www.slideshare.net/vsmitka/wordpress-through-the-bad-guys-glasses How do I know that my PHP or Apache version is vulnerable? You can find vulnerabilities for the particular version on CVE details. You should use the lastest versions of server components, currently: Apache 2.4.39 (major version 2.2 is out of suport now)Nginx 1.16 (stable) or 1.17 (mainline)PHP 7.3.6 or 7.2.19 Also keep in … Continue reading WordCamp EU – Q&A

Python & Ruby webserver config – the great misunderstanding

Two months ago I ran a huge global scan for unintentionally exposed .git repositories. I was surprised to find many Python and Ruby applications with this issue. The total number wasn't very high - around two thousand, but when I normalized it according to the market share of these programming languages, the situation was worse … Continue reading Python & Ruby webserver config – the great misunderstanding

Open .git scan – the results

I published an artice about my latest security scan aimed to the exposed git repositories. The results: 230 000 000 domains checked (the list was build mainly from the Rapid 7 OpenData), 390 000 affected sites found, 100 000 alerts send. The most of affected sites use PHP: But after normalization the numbers according to the … Continue reading Open .git scan – the results

WP comments antispam

Akismet is fine, but I decided to write a simple WordPress comments antispam for research resons. There are some proven methods to fight against spammy comments: honeypot field "nick", it is hidden by CSS - only bots will fill it block comments with BB code [url=...] HTTPBL (DNSBL) from http://www.projecthoneypot.org - you need API key Block comment … Continue reading WP comments antispam

Useful WordPress mu-plugins

You can find few useful tiny mu-plugins in my example Nginx configuration for WP. Must-use plugins (a.k.a. mu-plugins) are plugins installed in a special directory inside the content folder and which are automatically enabled on all sites in the installation. Must-use plugins do not show in the default list of plugins on the Plugins page of wp-admin … Continue reading Useful WordPress mu-plugins