Category: Posts

Python & Ruby webserver config – the great misunderstanding

Two months ago I ran a huge global scan for unintentionally exposed .git repositories. I was surprised to find many Python and Ruby applications with this issue. The total number wasn't very high - around two thousand, but when I normalized it according to the market share of these programming languages, the situation was worse … Continue reading Python & Ruby webserver config – the great misunderstanding

Open .git scan – the results

I published an artice about my latest security scan aimed to the exposed git repositories. The results: 230 000 000 domains checked (the list was build mainly from the Rapid 7 OpenData), 390 000 affected sites found, 90 000 alerts send. The most of affected sites use PHP: But after normalization the numbers according to the … Continue reading Open .git scan – the results

WP comments antispam

Akismet is fine, but I decided to write a simple WordPress comments antispam for research resons. There are some proven methods to fight against spammy comments: honeypot field "nick", it is hidden by CSS - only bots will fill it block comments with BB code [url=...] HTTPBL (DNSBL) from http://www.projecthoneypot.org - you need API key Block comment … Continue reading WP comments antispam

Useful WordPress mu-plugins

You can find few useful tiny mu-plugins in my example Nginx configuration for WP. Must-use plugins (a.k.a. mu-plugins) are plugins installed in a special directory inside the content folder and which are automatically enabled on all sites in the installation. Must-use plugins do not show in the default list of plugins on the Plugins page of wp-admin … Continue reading Useful WordPress mu-plugins