WordPress installer attack race

"The Famous WordPress 5-Minute Install" was great. Unfortunately, today it can cause serious security problems. The typical scenario is to upload core files to your host, open the installer, and it is done in a few minutes. During these few minutes is your installer publicly available to everyone. If the attacker is speedy enough, he … Continue reading WordPress installer attack race

WordCamp EU – Q&A

https://www.slideshare.net/vsmitka/wordpress-through-the-bad-guys-glasses How do I know that my PHP or Apache version is vulnerable? You can find vulnerabilities for the particular version on CVE details. You should use the lastest versions of server components, currently: Apache 2.4.39 (major version 2.2 is out of suport now)Nginx 1.16 (stable) or 1.17 (mainline)PHP 7.3.6 or 7.2.19 Also keep in … Continue reading WordCamp EU – Q&A

Python & Ruby webserver config – the great misunderstanding

Two months ago I ran a huge global scan for unintentionally exposed .git repositories. I was surprised to find many Python and Ruby applications with this issue. The total number wasn't very high - around two thousand, but when I normalized it according to the market share of these programming languages, the situation was worse … Continue reading Python & Ruby webserver config – the great misunderstanding

Open .git scan – the results

I published an artice about my latest security scan aimed to the exposed git repositories. The results: 230 000 000 domains checked (the list was build mainly from the Rapid 7 OpenData), 390 000 affected sites found, 100 000 alerts send. The most of affected sites use PHP: But after normalization the numbers according to the … Continue reading Open .git scan – the results

WP comments antispam

Akismet is fine, but I decided to write a simple WordPress comments antispam for research resons. There are some proven methods to fight against spammy comments: honeypot field "nick", it is hidden by CSS - only bots will fill it block comments with BB code [url=...] HTTPBL (DNSBL) from http://www.projecthoneypot.org - you need API key Block comment … Continue reading WP comments antispam